My understanding is that any Fair Collection Notice must include the
name and address of the "data controller". So I would refer back to
that....... This is one of the things that I think might actually have
been useful if available on the Data Protection Register. After all, a
specific person has to sign and notify on behalf of their organisation
(and one presumes that would be the person in charge of DP) so I think,
post FOI, that this information should also be made available...... Of
course, DP pigs might fly, oink, oink
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ekin Caglar
Sent: 17 February 2006 09:39
To: [log in to unmask]
Subject: Re: [data-protection] "Please may I speak to your Privacy
Officer?"
David Wyatt said:
> If any SAR's are not properly addresed to the specific controller
> within a group then simply based on the wording of the legislation its
> arguable a data controller is not obliged to respond.
This is what I have a problem with. It's not easy to find the "right
address" for these on web sites. As Tim's probably going to prove with
his new experiment (or as we've seen with the latest BT incident), it's
even harder to get the information from call centres.
So the more I think about it, the more it makes sense to mark the
envelope "REQUEST FOR INFORMATION". Though after your comments, I'm now
wondering if that is enough to get the request routed to the right
person.
What if we also add the word "LEGAL" in? Would that attract more
attention?
Ekin
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of David Wyatt
Sent: 17 February 2006 02:15
To: [log in to unmask]
Subject: Re: [data-protection] "Please may I speak to your Privacy
Officer?"
Re Tims comment
> I think the public sector is somewhat ahead of the private sector in
> doing this type of thing. I suspect this is because an officer of a
> public body is genuinely more accountable than a staff member of a
corporation.
Bit of a sweeping statement. Any reliable evidence to support this
opinion?
Id disagree, (guess which sector I'm in).
In the private sector management of communications is to my mind a
common sense requirement for a successful business particulary when
building or managing a brand. Management of communication has little to
do with DPA knowledge but more to do with understanding the various
communication mediums in use and the objective you wish to acheive. How
good an individual
employee is at acheiving this is more about the ability to focus on the
communication management objective and understanding how their
organisation
appears to the potential communicator. In my experience
'accountability'
and 'adminstrative skills' are not always found together.
Many private sector organisations are in fact multiple companies
(several individual data controllers) drawn together under a single
brand. ie Barclays, Norwich Union etc. In building their brand names
'Groups' have always had consider management of communications to ensure
communications from customers / regulators / claimants / Police etc get
routed to the appropriate company and dept within their Group. They also
have to consider communications targeted to the brand name only.
In this context managing DPA subject access receipt risks is relatively
easy
given that the legislation itself gives a let out : 'Section 7 (2) - A
data controller is not obliged to supply any information under
subsection (1) unless he has received' .....
To 'receive' an obligation exists on the data subject to send their
enquiry / SAR to the address of the data controller described in their
register entry or that in their fair obtaining notice. The Companies Act
applies in Private Sector and this also requires companies contact
address to be on their communications. Employees manning Post Rooms /
Switchboards and email
Postmasters have always required training to ensure the different types
of communications can be directed to appropriate locations.
If any SAR's are not properly addresed to the specfic controller within
a group then simply based on the wording of the legislation its arguable
a data controller is not obliged to respond.
Whether any data controller feels happy to use this argument is of
course a matter of judgement.
David Wyatt
----- Original Message -----
From: "Tim Trent" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, February 16, 2006 10:10 AM
Subject: Re: [data-protection] "Please may I speak to your Privacy
Officer?"
> Since 1999, back in the mists of time, when I became Gartner's Privacy
> Officer, I have preached the gospel of "Teach people how to recognise
a
> DPA
> request and to handle it by passing it at once to an expert."
>
> We implemented it then with a voice-mailbox that did not take messages
but
> repeated twice the instructions for an individual with a query, and a
> standing instruction to the switchboard to put all relevant calls
through
> to
> that number. We implemented a simple email: "privacy@" and we
implemented
> a
> mailbox in the post room labelled "privacy" where all requests could
be
> sent, including those from members of the public.
>
> I think the public sector is somewhat ahead of the private sector in
doing
> this type of thing. I suspect this is because an officer of a public
body
> is genuinely more accountable than a staff member of a corporation.
>
> The whole thing is the culture of (I was going to say "privacy" but
FoI is
> as important) accountability. It is important for those at the centre
to
> ensure that those at the coalface know (a) that this is not theirs to
deal
> with, (b) whose task it is to deal with it [team, not individual] and
(c)
> has a simple means of getting it there.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ekin Caglar
> Sent: 16 February 2006 09:59
> To: [log in to unmask]
> Subject: Re: [data-protection] "Please may I speak to your Privacy
> Officer?"
>
> After the BT hassle, we thought about starting a campaign to help all
of
> us
> with information requests: Any request for information under DPA or
FOIA
> could have some sort of an identifier, e.g. the message "FOI Request"
on
> the
> envelope/email subject/etc, and the staff trained to send anything
with
> that
> message straight to the Information Governance Manager or somebody in
an
> equivalent position.
>
> No call centre I have ever been in touch with knew anything about DPA,
and
> it is even worse for FOI (as requests can come in to ANY member of
staff).
>
> Ekin
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 15 February 2006 16:56
> To: [log in to unmask]
> Subject: [data-protection] "Please may I speak to your Privacy
Officer?"
>
> Over the past couple of days I and a co-researcher have been sampling
> FTSE100 corporations and the ability of their switchboards to handle a
> very
> simple enquiry from a member of the public.
>
> We asked: "Please may I speak to your Privacy Officer - the person who
> looks
> after Data Protection?" At that point, though we were friendly, we
> watched
> as we were put through to strange places in the organisations. One
> organisation put us through to Profit Protection (the anti shoplifting
> squad!).
>
> While we will be featuring the report in a newsletter shortly I wanted
to
> share it with all of you first. I have placed it on our website at a
> parlously long link, so I am using "tiny" to shorten it for ease of
> downloading <http://tinyurl.com/a9c3d> http://tinyurl.com/a9c3d It's
> about
> a 200KB pdf file
>
> As is our usual practice the report is free of charge in the
membership
> area
> of our site. You will be asked to enter your email address, and to
> register
> if you are not already a member. As you would expect you are also
free to
> unsubscribe at any time.
>
> I hope you find it useful. If you pass it on, please pass the link
rather
> than the document. But that is up to you entirely.
>
>
>
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> email: [log in to unmask]
> <blocked::mailto:[log in to unmask]>
> Marketing Improvement Limited, Abbey House, Grenville Place,
Bracknell,
> United Kingdom, RG12 1BP
<blocked::http://www.marketingimprovement.com/>
> http://www.marketingimprovement.com
>
>
>
>
>
> Important: This mail contains proprietary information some or all of
which
> may be legally privileged. It is for the intended recipient only. If
an
> addressing or transmission error has misdirected this email, please
notify
> the author by replying to this email. if you are not the intended
> recipient
> you must not use, disclose, distribute, copy, print or rely on this
email.
> If you are not the named recipient please notify us immediately. This
> email
> and any attachment(s) are believed to be virus-free, but it is the
> responsibility of the recipient to make all the necessary virus
checks.
> This
> email and any attachments to it are copyright of Marketing Improvement
> Limited unless otherwise stated. Their copying, transmission,
reproduction
> in whole or in part may only be undertaken with the express
permission, in
> writing, of Marketing Improvement Limited.
>
>
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and delete it.The British Council accepts no liability for loss or damage caused by software viruses and you are advised to carry out a virus check on any attachments contained in this message. Our purpose is to build mutually beneficial relationships between people in the UK and other countries and to increase appreciation of the UK's creative ideas and achievements. The British Council is registered in England as a charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|