Many thanks for your comments on dealing with mis-directed DPA/FoIA
requests. The response was pretty much unanimous: all staff need to be
actively trained to recognise requests that aren't within their remit to
answer, and now where to forward them, promptly. This should probably be
formalised as a process/protocol that applies to all staff.
There were some interesting suggestions, which I hope I have summarised
correctly in the following:
* carry out 'mystery shopper' exercises to find out what your own
organisation actually does, rather than what it says it does;
* ensure that mail to DPA/FoIA addresses isn't deleted by anti-spam
filters;
* think about what happens when staff are on leave/off-sick (my own
preference for this is to always use functional e-mail addresses rather
than personal ones as it's much easier to extract those from a mailbox
without disturbing the privacy of any other mails that may be in there).
Thanks for yet another useful discussion on this list
Andrew
--------------------
Andrew Cormack
Chief Security Advisor
UKERNA, Atlas Centre, Chilton, Didcot, Ox11 0QS, UK
Phone: +44 (0)1235 822302
Fax: +44 (0)1235 822399
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|