The militates for correct and regular audits held by a mixture of external and internal practitioners to determine that documentation exists and to verify its existence. This is starting to be part of the set of benefits our own clients see from engaging a specialist like my own organisation and others on this list to conduct such an audit. Frankly it doesn't matter WHO does it. It matters THAT it is done. Tim Trent - Consultant Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618 email: [log in to unmask] <mailto:[log in to unmask]> Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell, United Kingdom, RG12 1BP http://www.marketingimprovement.com <http://www.marketingimprovement.com> This message is for the intended addressee's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Ian Welton Sent: Wednesday, February 18, 2004 1:45 PM To: [log in to unmask] Subject: Re: [data-protection] Where next? Broom, Doreen on Wednesday, February 18, 2004 at 11:04 AM said:- > She should make a SAR....I would have thought it wrong for the > boyfriend to make the check coming from the point of view that just > because he may have easy access to such a database > - perhaps the Police have to make declarations of any associations and > any check is carried out by a named officer ........but there > again....Perhaps one of our police colleagues can clarify.......... I would not necessarily agree that she should make a SAR. If people did that on every occasion they had any doubt about anything, trust could no longer exist. Determining if a SAR is necessary will be an item for the individual to determine and will be affected to many personal factors. Strangely enough, Shelagh Gaskill appeared in an item on the TV news the other night (TV makeup and all), relating to the Soham case. The news item in many ways, related to the retention of information and vetting as well as discussing a national police intelligence system and access to that by the CRB. I guess that in areas where problems are more likely to arise, people prefer to remove the human variable, and create a more static and rigid framework which may then be reviewed and changed when something goes wrong. After all an individual does not lose any credibility if an error is caused by a system (the new red tape), as personal judgement may be divorced from the problem. Trust in the system is damaged, but I do not suppose that is perceived as a personal thing and so is of little immediate consequence. Perhaps people can also be less careful when making those types of decisions, as they may be forgotten unless they are reviewed following any error and then the framework is tightened up. That situation may be visible to DP practitioners when attempting to have system operating procedures or internal codes of practice reviewed or/and identifying the current system owner/manager for high risk systems. Much ducking and weaving - leaving the system to cope and answer any questions. DP is really in for some trying times where an error is perceived as systemic. Rather than enquiries about those decisions being directed to the individual(s) making them there will probably be a tendency to ask DP. After all DP are responsible for all of the system retention schedules because of the principles are they not! Or is it that the relevant system managers are responsible and merely use DP as a shield in order to remain untainted? Elements of trust intruding in reverse! The only protection possible for DP seems to be to ensure the relevant documentation contains all the necessary information and is reviewed at appropriate intervals. Ian W ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^