Nasty one Ian!
>When reviewing published privacy policies, do those responsible for DP
>within organisations match any changes back to any
>notifications/CoP/principles/data subjects?
We (okay I) used to do an Inventory exercise every year where all
departments were interviewed and a questionnaire completed. This would
inform us what personal information we had in the organisation. This was a
fun time of the year, where I needed to chat to 250+ departments!
In a fit of enthusiasm, I would summarise the information into our business
units and compare with our notifications. The notifications would then be
changed or renewed with no changes.
At the same time I would review the practices and ensure that they comply
with what our friends at the ICO (do you ever think of the old OIC! Those
were the days, when men were men ...) recommend.
This has changed to business as usual (what the heck does that mean?).
Where our learned folk in the business will chat to me if there are any
changes in their system. That is not working well, with so many people
rating this as slightly lower on their priority list as a kick in the
head! (New Years Resolution Time - I really must get back into Martial
Arts!)
>If proposed changes to a privacy policy would affect data already
collected,
>is reliance placed upon Schedule 1, Part 2, 2(1)(b) with the onus on the
>data subject to notice the policy changes, or are other means used?
>
>What criteria are used to determine the most appropriate route to take?
>
>What ethical considerations impinge on any deliberations?
In reality, our business does not change that much, especially with our
current contracts (insurance). Major changes are reflected in brand new
shiny consent wording, lots of excitment and long hours and an added
complication to tracking who has consented to their data in what way.
Privacy Policy's go down the same sort of route,
Les
AEGON UK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|