> Roland Perry on 12 August 2004 at 13:06 said:-
> I don't know what standards apply to that sort of audit trail.
>
> Is there a requirement for a similar audit trail every time an
> "internal" enquiry is made from the database?
1. I would have thought sufficient standards as would be necessary to
adequately protect the integrity of the data for the purpose(s), and manner,
in which that data is held. Surely anything less would be in breach of
principle seven.
2. How would you confirm the data is only utilised for the purpose it was
collected for if there are no audit trails of the enquiries made against it?
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Roland Perry
> Sent: 12 August 2004 13:06
> To: [log in to unmask]
> Subject: Re: Non Disclosures to Data Subjects - not advising them
>
>
> In message <000001c4805a$b1c5d1c0$6a3468d5@com>, at 11:54:03
> on Thu, 12
> Aug 2004, Ian Welton <[log in to unmask]> writes
> >How would electronic audit trails be dealt with? Would
> there be a need to
> >delete the enquiry entry which resulted from a s.29 request?
> If so how is
> >the integrity and evidential value of the audit trail maintained?
>
> I don't know what standards apply to that sort of audit trail.
>
> Is there a requirement for a similar audit trail every time an
> "internal" enquiry is made from the database?
> --
> Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
