Jenny,
As well as costs incurred as a result of any enforcement action by the
ICO, you have to consider indirect costs. For example, in 2006 , Torbay
council had discs go missing which contained details of all employees bank
details, when this was made public a couple of months later, the council
offered to pay for each employee to carry out a credit reference check to
ensure that between the loss and the admission, no one had applied for
credit in their name. They also offered to pay for each employee to
register with a service which monitors the credit reference agencies for a
period of one year and alerts you if any applications are made in your
name.
The former cost £2 each and the later £11.95. May not seem much but
multiplied by thousands of employees!!!!!!!!! If you need more information
on the Torbay incident, contact me direct.
Don't forget there is also the intangible damage to the organisations
reputation.
Many Thanks
David Wilson
Data Protection Officer
01305 225175
"Godfrey, Jenny" <[log in to unmask]>
Sent by: This list is for those interested in Data Protection issues
<[log in to unmask]>
23/09/2008 16:49
Please respond to
"Godfrey, Jenny" <[log in to unmask]>
To
[log in to unmask]
cc
Subject
[data-protection] Cost/benefit analysis of the DPA
Hello,
I'm currently creating the cost/benefit analysis for the records retention
and diposal project we'll be undertaking shortly. One of the costs I'd
like to list is the "risk" cost we avert by improving our compliance with
the Data Protection Act. This is because implementation of a retention
policy aims to ensure that we do not store personal data for longer than
is necessary.
I know that Part V of the Act sets out the enforcement powers of the
Information Commissioner. However, I was wondering if someone could
clarify for me the cost penalties of not complying with the Act. I've
taken a look at the press releases on the ICO website and I can see that
some cost penalties for non-compliance have been applied, but these are
often not very much.
I'd also be interested to hear if anyone has undertaken any cost/benefit
analysis of complying with the DPA, and the results they came up with.
Many thanks,
Jenny
Jenny Godfrey
Head of Information Management
Office of Rail Regulation
One Kemble Street
London
WC2B 4AN
Tel: 020 7282 0114
The original of this email was scanned for viruses by the Government
Secure Intranet virus scanning service supplied by Cable&Wireless in
partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On
leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.
All archives of messages are stored permanently and are available to the
world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the
email if you are receiving emails in HTML format):
Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to
[log in to unmask]
To receive emails from this list in text format: send SET data-protection
NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection
HTML to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of
an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list
owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the
moderators, and all requests for technical help to [log in to unmask]
, the general office helpline)
Scanned by MailDefender - managed email security from intY -
www.maildefender.net
"Please note that the content of this message is confidential between the original sender and the intended recipient(s) of the message. If you are not an intended recipient and/or have received this message in error, kindly disregard the content of the message and return it to the original sender."
Scanned by MailDefender - managed email security from intY - www.maildefender.net
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|