The new act demands or at least implies the need to keep track of data sources
(ignoring transition periods)
I would be interested in any opinions as to what obligation there may be to
retain older information once it has been updated as part of normal processing
eg. in an effort to keep data up-to-date
What if a data subject claims damage or distress over processing of inaccurate
data previously held where that data was likely obtained from another source
but evidence of this has now been overwritten ?
And is there any need to retain the Date that each piece of information was
obtained from each previous source ?
------------------------------------------------------------------------------
Unencrypted electronic mail is not secure and may not be authentic.
If you have any doubts as to the contents please telephone to confirm.
Privileged/Confidential Information may be contained in this message. If
you are not the addressee indicated in this message (or responsible for
delivery of the message to such person), you may not copy or deliver this
message to anyone. In such case, you should destroy this message, and
notify us immediately. If you or your employer does not consent to Internet
email messages of this kind, please advise us immediately. Opinions,
conclusions and other information expressed in this message are not given or
endorsed by my firm or employer unless otherwise indicated by an
authorized representative independent of this message.
John Hanson
Information Security
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|