I've been away, but I can't resist adding:
Procedures for issuing and - more importantly - rescinding passwords as
staff come and go
Ensuring that staff who change jobs get the correct access privileges for
the new job, not just those for the old job plus a few new ones
Procedures for getting authorisation to break into someone's e-mails and/or
folders in an emergency (e.g. prolonged unexpected absence)
Need to report concerns and gain authorisation for investigation (or handing
over to the police) not steam in and investigate off one's own bat
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Samantha Hill" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, March 21, 2007 2:03 PM
Subject: Re: Useful examples for training course
>I am extremely grateful to everyone who has provided me with suggestions
> both on and off list. What was an hour's slot is looking like I could
> justify a half day training event (with tea and biscuits!) with all your
> help. They'll be sorry they asked me to speak!
>
> Thanks again
>
> Samantha
>
> Samantha Hill
> Complaints & Information Disclosure Officer
> University of Portsmouth
> Tel: 02392 843642
>
>
>>>> datap <[log in to unmask]> 21/03/2007 13:57 >>>
> There was also the study done by the Universoty of Glamorgan which
> bought disk drives from computer fairs etc and found that on half
> attempts at wiping personal details off them had been unsuccessful
> http://www.vnunet.com/computing/news/2071523/confidential-left-old-pcs
>
>
> Tanya Holden
> Information Governance Manager
>
> Metropolitan Housing Partnerhsip
>
>
>>>> Tim Trent <[log in to unmask]> 21/03/2007 13:21:40
>>>>
>
> Additions:
>
> Data destruction. When that old PC is disposed of, what is done to
> the
> disk drive? One local authority drilled a hole through theirs
> believing
> it made it safe. Regrettably only the data with a hole in it was
> destroyed.
> Global CRM systems. Who can view what? And is any of that data in
> Spain? Are model contracts or BCRs in place? Safe Harbor is amusing,
> but insufficient
> Does the Business Continuity Plan have Data Privacy embedded inside
> it?
> A major fire is not a reason to erode individuals' rights, nor an
> excuse for doing so
>
> From: Nick Landau [mailto:[log in to unmask]]
> Sent: 21 March 2007 11:38
> To: Tim Trent
> Subject: Re: [data-protection] Useful examples for training course
>
>
>
> One to file!
>
> Thanks
>
> Nick
> ----- Original Message -----
> From: Tim Trent
> To: [log in to unmask]
> Sent: Wednesday, March 21, 2007 11:32 AM
> Subject: Re: [data-protection] Useful examples for training course
>
>
> Physical security of laptops - that Nationwide thing is relevant,
> though the fine is only really for FSA regulated orgs
> Personal trawls through data for own purposes are unlawful. Bank
> employees have lost their jobs over this, so have Police computer
> users
> Important to monitor free text fields for compliance. Remember Airbus
> Industrie and Clifford Chance? There was also a letter addressed to
> "Dear Black Bastard" by a gas company because the data had been
> altered
> to make that inevitable by a disaffected employee.
> Monitor conditional fields for correctness. My aunt, when 80, was
> told
> that she could not have a free TV licence because she was not yet
> whatever the age is. Yet they had her date of birth correct.
>
> Best I can do at short notice.
>
>
>
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> Personal blog: http://timtrent.blogspot.com/
> See also http://complianceandprivacy.com
> email: [log in to unmask]
> Marketing Improvement Limited, Abbey House, Grenville Place,
> Bracknell,
> United Kingdom, RG12 1BPhttp://www.marketingimprovement.com
>
> Important: This message is private and confidential. If you have
> received this message in error, please notify us and remove it from
> your
> system. This email and any attachment(s) are believed to be
> virus-free,
> but it is the responsibility of the recipient to make all the
> necessary
> virus checks. This email and any attachments to it are copyright of
> Marketing Improvement Limited unless otherwise stated. Their copying,
> transmission, reproduction in whole or in part may only be undertaken
> with the express permission, in writing, of Marketing Improvement
> Limited. Marketing Improvement Limited is registered in England No.
> 4283972. Registered Office: 643 Watford Way, London NW7 3JR and its
> VAT
> number is GB798 2065 86.
>
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Samantha Hill
> Sent: 21 March 2007 10:59
> To: [log in to unmask]
> Subject: [data-protection] Useful examples for training course
>
> All archives of messages are stored permanently and are available to
> the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):Leaving this
> list:
> send leave data-protection to [log in to unmask] Suspending
> emails
> from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
> To
> receive emails from this list in text format: send SET data-protection
> NOHTML to [log in to unmask] To receive emails from this list in
> HTML format: send SET data-protection HTML to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
> of an otherwise blank email to [log in to unmask]
> Any queries about sending or receiving messages please send to the
> list
> owner [log in to unmask]
> (Please send all commands to [log in to unmask] not the list or
> the moderators, and all requests for technical help to
> [log in to unmask], the general office helpline)All archives of
> messages are stored permanently and are available to the world wide
> web
> community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):Leaving this
> list:
> send leave data-protection to [log in to unmask] Suspending
> emails
> from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
> To
> receive emails from this list in text format: send SET data-protection
> NOHTML to [log in to unmask] To receive emails from this list in
> HTML format: send SET data-protection HTML to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
> of an otherwise blank email to [log in to unmask]
> Any queries about sending or receiving messages please send to the
> list
> owner [log in to unmask]
> (Please send all commands to [log in to unmask] not the list or
> the moderators, and all requests for technical help to
> [log in to unmask], the general office helpline)
> --------------------------------------------------------------------------------------------------------------------
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom
> they are addressed.
> If you have received this email in error please notify the
> originator of the message. This footer also confirms that this
> email message has been scanned for the presence of computer viruses.
>
> Any views expressed in this message are those of the individual
> sender, except where the sender specifies and with authority,
> states them to be the views of Metropolitan Housing Trust Ltd.
>
> Metropolitan Housing Trust Limited is Charitable, registered under the
> Industrial and Provident Societies Act 1965 No. 16337R.
>
> Metropolitan Home ownership is Charitable, registered under the
> Industrial and Provident Societies Act 1965 No. 16337R.
>
> Stepforward is Charitable, registered under the Industrial and
> Provident
> Societies Act 1965 No. 16337R.
>
> MHT Social Investment Foundation is Charitable, registered under the
> Industrial and Provident Societies Act 1965 No. 28795R.
>
> Refugee Housing Association Limited is Charitable, registered under
> the
> Industrial and Provident Societies Act 1965 No. 20735R.
>
> Rushcliffe Homes Limited is registered with the Charity
> Commission: No. 1095063.
>
> Scanning of this message and addition of this footer is performed
> by SurfControl E-mail Filter software in conjunction with
> virus detection software.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the
> list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
