Arguing for compliance with the DPA is often difficult where there are
costs involved - but that comes with the territory of the job. Personally I
have found BIP 0002 very useful in the past for drawing up a procedure to
be followed. When the validity of the procedure has been challenged I have
offered to pass any alternatives suggested to the ICO for comment - and
I've been totally unsurprised when I didn't receive any alternatives.
Once a procedure is in place then everyone is on notice that non-compliance
could have unwelcome consequences for them. If they then use personal data
(publicly available or not) inappropriately they do so knowing the risks
they take.
Graham
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|