David Wyatt said:
> If any SAR's are not properly addresed to the specific
> controller within a group then simply based on the wording
> of the legislation its arguable a data controller is not
> obliged to respond.
This is what I have a problem with. It's not easy to find the "right
address" for these on web sites. As Tim's probably going to prove with his
new experiment (or as we've seen with the latest BT incident), it's even
harder to get the information from call centres.
So the more I think about it, the more it makes sense to mark the envelope
"REQUEST FOR INFORMATION". Though after your comments, I'm now wondering if
that is enough to get the request routed to the right person.
What if we also add the word "LEGAL" in? Would that attract more attention?
Ekin
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of David Wyatt
Sent: 17 February 2006 02:15
To: [log in to unmask]
Subject: Re: [data-protection] "Please may I speak to your Privacy Officer?"
Re Tims comment
> I think the public sector is somewhat ahead of the private sector in doing
> this type of thing. I suspect this is because an officer of a public body
> is genuinely more accountable than a staff member of a corporation.
Bit of a sweeping statement. Any reliable evidence to support this opinion?
Id disagree, (guess which sector I'm in).
In the private sector management of communications is to my mind a common
sense requirement for a successful business particulary when building or
managing a brand. Management of communication has little to do with DPA
knowledge but more to do with understanding the various communication
mediums in use and the objective you wish to acheive. How good an individual
employee is at acheiving this is more about the ability to focus on the
communication management objective and understanding how their organisation
appears to the potential communicator. In my experience 'accountability'
and 'adminstrative skills' are not always found together.
Many private sector organisations are in fact multiple companies (several
individual data controllers) drawn together under a single brand. ie
Barclays, Norwich Union etc. In building their brand names 'Groups' have
always had consider management of communications to ensure communications
from customers / regulators / claimants / Police etc get routed to the
appropriate company and dept within their Group. They also have to consider
communications targeted to the brand name only.
In this context managing DPA subject access receipt risks is relatively easy
given that the legislation itself gives a let out : 'Section 7 (2) - A data
controller is not obliged to supply any information under subsection (1)
unless he has received' .....
To 'receive' an obligation exists on the data subject to send their enquiry
/ SAR to the address of the data controller described in their register
entry or that in their fair obtaining notice. The Companies Act applies in
Private Sector and this also requires companies contact address to be on
their communications. Employees manning Post Rooms / Switchboards and email
Postmasters have always required training to ensure the different types of
communications can be directed to appropriate locations.
If any SAR's are not properly addresed to the specfic controller within a
group then simply based on the wording of the legislation its arguable a
data controller is not obliged to respond.
Whether any data controller feels happy to use this argument is of course a
matter of judgement.
David Wyatt
----- Original Message -----
From: "Tim Trent" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, February 16, 2006 10:10 AM
Subject: Re: [data-protection] "Please may I speak to your Privacy Officer?"
> Since 1999, back in the mists of time, when I became Gartner's Privacy
> Officer, I have preached the gospel of "Teach people how to recognise a
> DPA
> request and to handle it by passing it at once to an expert."
>
> We implemented it then with a voice-mailbox that did not take messages but
> repeated twice the instructions for an individual with a query, and a
> standing instruction to the switchboard to put all relevant calls through
> to
> that number. We implemented a simple email: "privacy@" and we implemented
> a
> mailbox in the post room labelled "privacy" where all requests could be
> sent, including those from members of the public.
>
> I think the public sector is somewhat ahead of the private sector in doing
> this type of thing. I suspect this is because an officer of a public body
> is genuinely more accountable than a staff member of a corporation.
>
> The whole thing is the culture of (I was going to say "privacy" but FoI is
> as important) accountability. It is important for those at the centre to
> ensure that those at the coalface know (a) that this is not theirs to deal
> with, (b) whose task it is to deal with it [team, not individual] and (c)
> has a simple means of getting it there.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ekin Caglar
> Sent: 16 February 2006 09:59
> To: [log in to unmask]
> Subject: Re: [data-protection] "Please may I speak to your Privacy
> Officer?"
>
> After the BT hassle, we thought about starting a campaign to help all of
> us
> with information requests: Any request for information under DPA or FOIA
> could have some sort of an identifier, e.g. the message "FOI Request" on
> the
> envelope/email subject/etc, and the staff trained to send anything with
> that
> message straight to the Information Governance Manager or somebody in an
> equivalent position.
>
> No call centre I have ever been in touch with knew anything about DPA, and
> it is even worse for FOI (as requests can come in to ANY member of staff).
>
> Ekin
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 15 February 2006 16:56
> To: [log in to unmask]
> Subject: [data-protection] "Please may I speak to your Privacy Officer?"
>
> Over the past couple of days I and a co-researcher have been sampling
> FTSE100 corporations and the ability of their switchboards to handle a
> very
> simple enquiry from a member of the public.
>
> We asked: "Please may I speak to your Privacy Officer - the person who
> looks
> after Data Protection?" At that point, though we were friendly, we
> watched
> as we were put through to strange places in the organisations. One
> organisation put us through to Profit Protection (the anti shoplifting
> squad!).
>
> While we will be featuring the report in a newsletter shortly I wanted to
> share it with all of you first. I have placed it on our website at a
> parlously long link, so I am using "tiny" to shorten it for ease of
> downloading <http://tinyurl.com/a9c3d> http://tinyurl.com/a9c3d It's
> about
> a 200KB pdf file
>
> As is our usual practice the report is free of charge in the membership
> area
> of our site. You will be asked to enter your email address, and to
> register
> if you are not already a member. As you would expect you are also free to
> unsubscribe at any time.
>
> I hope you find it useful. If you pass it on, please pass the link rather
> than the document. But that is up to you entirely.
>
>
>
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> email: [log in to unmask]
> <blocked::mailto:[log in to unmask]>
> Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
> United Kingdom, RG12 1BP <blocked::http://www.marketingimprovement.com/>
> http://www.marketingimprovement.com
>
>
>
>
>
> Important: This mail contains proprietary information some or all of which
> may be legally privileged. It is for the intended recipient only. If an
> addressing or transmission error has misdirected this email, please notify
> the author by replying to this email. if you are not the intended
> recipient
> you must not use, disclose, distribute, copy, print or rely on this email.
> If you are not the named recipient please notify us immediately. This
> email
> and any attachment(s) are believed to be virus-free, but it is the
> responsibility of the recipient to make all the necessary virus checks.
> This
> email and any attachments to it are copyright of Marketing Improvement
> Limited unless otherwise stated. Their copying, transmission, reproduction
> in whole or in part may only be undertaken with the express permission, in
> writing, of Marketing Improvement Limited.
>
>
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|