I do realise that a consensus here has no significance whatsoever, except to
show that people agree or not.
I have been having a discussion with a colleague over this and there are two
views. First the scenario:
A database of purely factual data (name, job, organisation, contact details,
information preferences, communications preferences) is held in a manner
that makes it publicly accessible via a website. The user has full edit
control of their own data by logging in with their registered email address.
The question is "Is a password required for protecting this class of data?"
Note, please that precisely no sensitive data is held, nor are there any
free text fields (unless some fool enters pejorative free text into the
contact details fields, of course)
My view is that a password is required in order to view and to edit (though
the system could generate it and send it to the user). My colleague holds
the view that this data is insufficiently "broad" to require a password
because the risks are small.
Neither of us is a data protection novice. We are each arguing our corner
with passion. And yes I know I can ask the UKIC.
For fun I have put a very black and white poll at
http://www.marketingimprovement.com/polls/
Tim Trent - Consultant
Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
email: [log in to unmask]
<blocked::mailto:[log in to unmask]>
Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
United Kingdom, RG12 1BP <blocked::http://www.marketingimprovement.com/>
http://www.marketingimprovement.com
Important: This mail contains proprietary information some or all of which
may be legally privileged. It is for the intended recipient only. If an
addressing or transmission error has misdirected this email, please notify
the author by replying to this email. if you are not the intended recipient
you must not use, disclose, distribute, copy, print or rely on this email.
If you are not the named recipient please notify us immediately. This email
and any attachment(s) are believed to be virus-free, but it is the
responsibility of the recipient to make all the necessary virus checks. This
email and any attachments to it are copyright of Marketing Improvement
Limited unless otherwise stated. Their copying, transmission, reproduction
in whole or in part may only be undertaken with the express permission, in
writing, of Marketing Improvement Limited.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|