Since you know your customer has a security problem endemic to the country, as a matter of good customer service you should create an alternate communications mode using the same identification requirements for opening an account. Not to be facetious, but if "official" letters get stolen, then don't send statements in "official" envelopes.
I guess your legal issue is what responsibility, and potential liability, do you have when you send personal data to the data subjct in accordance with your contract with him, when you know the method you have unilaterally chosen to employ is insecure. I gather the choice of mail is not negotiated? If it is one of several choices which you give a customer (increasingly common in e-com developed countries), then it seems to me the risk is his. I am dying to hear what the UK experts say about the first case, where the customer is given no choice.
[Message delivered by NotifyLink]
----------Original Message----------
From: Les Kingstone <[log in to unmask]>
Sent: Thu, July 28, 2005 3:37 AM
To: [log in to unmask]
Subject: [data-protection] A Principle 8 question
Dear all,
A question on Principle 8!
To date we have been concentrating on transfers of personal data from a
Data Controller to Data Controller / Processor viewpoint. To this end, we
use contracts to ensure that there are sufficient safeguards in place.
However, I have overlooked the 'small' problem of Data Controller to Data
Subject communication. If I can give you an example ...
I understand that the post office in Nigeria is possibly not as secure as
the UK's Royal Mail. I also understand that personnel there are not above
opening official looking envelopes. In this case, if statements are sent
then the individual's identity could be compromised and possibly stolen.
The $64M question (well lots really!) ..
. what would be the preferred method of communicating to such individuals
in such countries?
. how would you know that the person you are talking to (say eMail / fax /
phone) is the individual - they have lots of answers to the checks - in
some cases able to intercept other mail and forge their signatures?
. if they provide a UK address, again, how are you sure that this address
was provided by the individual?
Les
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
