Dear all,
Question on the Gender Recognition Act. What should we do if we receive
notice from one of our customers that they have swapped gender? How should
we go about capturing the information for that individual on our systems to
ensure compliance with the Gender Recognition Act and DPA? Should we:
Remove all reference to the individual's original gender from all our
computer systems?
Set up a new computer record for the individual, linked to the old one,
thereby ensuring there was an audit of trail of when genders changed?
Make a note on the system that the individual has changed gender, update
their new name and salutation but leave the underlying record unchanged?
The view here is that we should ensure that all our computer records show
the new acquired gender and name for the individual concerned. Their view
is that all records would need to be amended, rather than just putting a
note on the system. This is because it is always open to the individual to
make a SAR. If a SAR was made, we would need to disclose all information
about that person. If our records still showed the original name and
gender, even for audit trail purposes, this could be a breach of the Data
Protection Act for failing to ensure that we maintain accurate information
on our records.
I'm not sure I agree with this. As we are a Life Assurance company, I
would have thought it would be necessary and legitimate to keep some
historical record of the previous gender. I was wondering how others were
approaching this issue?
I'd be grateful for your views / comments / thoughts.
Many thanks in advance,
Emma
Emma Bothamley
Data Protection Consultant
01733 471226
[log in to unmask]
Pearl Group Ltd No.05282342 and Pearl Group Services Ltd No. 05549998. The following companies are subsidiary companies of Pearl Group Ltd and are authorised and regulated by the Financial Services Authority: Pearl Assurance plc No. 1419, Pearl Assurance (Unit Funds) Ltd No. 1027138, Pearl Assurance (Unit Linked Pensions) Ltd No. 1122485, Pearl ISA Ltd No. 3597973, London Life Ltd No. 1179800, London Life Linked Assurances Ltd No. 1396188, NPI Ltd No. 3725037, National Provident Life Ltd No. 3641947, UKLS Financial Services Ltd No. 3715118. All companies are registered in England at The Pearl Centre, Lynch Wood, Peterborough PE2 6FY. Tel. 01733 470470. We may record or monitor telephone calls to improve service and for our mutual protection.
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee and access to this e-mail by anyone else is unauthorised. Although this message and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by any of the companies of Pearl Group Limited for any loss or damage in any way arising from its use.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|