JISCMail - DATA-PROTECTION Archives

The militates for correct and regular audits held by a mixture of external
and internal practitioners to determine that documentation exists and to
verify its existence.

This is starting to be part of the set of benefits our own clients see from
engaging a specialist like my own organisation and others on this list to
conduct such an audit.  Frankly it doesn't matter WHO does it.  It matters
THAT it is done.


Tim Trent - Consultant
Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
email: [log in to unmask]
<mailto:[log in to unmask]>
Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
United Kingdom, RG12 1BP
http://www.marketingimprovement.com <http://www.marketingimprovement.com>



This message is for the intended addressee's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mis-transmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is
authorised to state them to be the views of any such entity.



-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: Wednesday, February 18, 2004 1:45 PM
To: [log in to unmask]
Subject: Re: [data-protection] Where next?

Broom, Doreen on Wednesday, February 18, 2004 at 11:04 AM said:-

> She should make a SAR....I would have thought it wrong for the
> boyfriend to make the check coming from the point of view that just
> because he may have easy access to such a database
> - perhaps the Police have to make declarations of any associations and
> any check is carried out by a named officer ........but there
> again....Perhaps one of our police colleagues can clarify..........


I would not necessarily agree that she should make a SAR.  If people did
that on every occasion they had any doubt about anything, trust could no
longer exist.  Determining if a SAR is necessary will be an item for the
individual to determine and will be affected to many personal factors.

Strangely enough, Shelagh Gaskill appeared in an item on the TV news the
other night (TV makeup and all), relating to the Soham case. The news item
in many ways, related to the retention of information and vetting as well as
discussing a national police intelligence system and access to that by the
CRB.

I guess that in areas where problems are more likely to arise, people prefer
to remove the human variable, and create a more static and rigid framework
which may then be reviewed and changed when something goes wrong.  After all
an individual does not lose any credibility if an error is caused by a
system (the new red tape), as personal judgement may be divorced from the
problem.  Trust in the system is damaged, but I do not suppose that is
perceived as a personal thing and so is of little immediate consequence.
Perhaps people can also be less careful when making those types of
decisions, as they may be forgotten unless they are reviewed following any
error and then the framework is tightened up.  That situation may be visible
to DP practitioners when attempting to have system operating procedures or
internal codes of practice reviewed or/and identifying the current system
owner/manager for high risk systems.  Much ducking and weaving - leaving the
system to cope and answer any questions.

DP is really in for some trying times where an error is perceived as
systemic. Rather than enquiries about those decisions being directed to the
individual(s) making them there will probably be a tendency to ask DP.
After all DP are responsible for all of the system retention schedules
because of  the principles are they not! Or is it that the relevant system
managers are responsible and merely use DP as a shield in order to remain
untainted?  Elements of trust intruding in reverse!

The only protection possible for DP seems to be to ensure the relevant
documentation contains all the necessary information and is reviewed at
appropriate intervals.

Ian W

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^