** Reply to note from Adrian Tribe <[log in to unmask]> Fri, 12 Nov 1999 07:56:48 +0000
> >
> > > we did this and wrote to all staff and allowed them to opt out
> > > as opposed to opt in, I think we only got 4 who wanted to be ex-diretcory
> >
> >Hi Sally,
> >
> >4 wanting out is pretty good. But did the other xxx really reply? My
> >concern is if I did the same I will be lucky to get 20% response.
> >
> >Regards
> >Charles
>
> Charles makes an important point here, because you are
> not on safe ground by taking a failure to respond as
> being the same as a positive indication of either giving
> or withholding consent. This point was made at the DP
> update conference in London in May by the bloke from the
> Office of the DPR whose name I can't remember!
Can I clarify two points here (as I now see I misread Sally's comment).
First, I am under the understanding that up to Oct 1998 we could have set up
directories allowing staff to opt out (ie. everyone is in and then we simply
remove entries). We could therefore have taken (permitted by the DPR) non
replies as acceptance to be included. What I mean is we HAD such permission
but we did not implement a directory before Oct 1998.
Since 1998 I think it has been made clear (on more occasions than one) that
we must have explicit opt-in. For those who are making such directories
live since Oct 1998, it should be classed as new processing thus it has to
comply with the new Act.
Right/wrong?
The second problem is the following. If staff must opt-in, how do I get them
to reply whether they want in or out. I will get a very low reponse (that is
why I thought 4 wanting out was pretty good 'cause I assumed xxx explicitly
wanted in). I would have to go around selling the idea and I cannot do that
(too many other things to do). I would like to receive the replies on paper
and then enter them in a database (I know I could receive opt-ins opt-outs
via email but where is the electronic signature ? I have different
alternatives but they will all result in an even lower response). I have no
support for such an exercise.
The second problem above is an organisational management problem not
data-protection issue, albeit it is caused by the new Act.
Even if we were to be given persmission by the DPR now, to allow staff to
opt-out until when would it be valid? Oct 2001? By Oct 2001 we have to
comply with the new Act in full. In my view it is little point setting up a
directory now and then go back in less than two years and undo it.
The Act is straighforward in this respect (famous last words), we must have
explicit opt-in. The technology is simple, all that is needed is a flag in a
database and it would not be difficult for the users to change it themselves.
The real problem we all face is that in an opt-in policy we will get very few
responses thus very few opt-ins. Further, every organisation has staff whose
hair stands on end when they see a computer. We have staff who never check
their mail boxes (or know how to switch a PC on). What good is it asking
them to reply or even including them since I KNOW they never look at a PC.
Please, let us not make this into a discussion of how to bring people to the
21st Century. I have plenty of ideas of my own, napalm or nukes seem to be
my preferred options. What I personally need is practical solutions as to
how to get staff to respond In/Out. When I know how many want out I will
worry about the opt-out level.
Regards
Charles
==============================================
Charles Christacopoulos, Secretary's Office, University of Dundee,
Dundee DD1 4HN, (Scotland) United Kingdom.
Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
WebDad of http://somis.ais.dundee.ac.uk/
Home of the Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
Happily using OS2 Warp.
==============================================
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|