Maybe the new Commissioner will be our "Rottweiler!"  We can hope!

 

 

 

I do agree that the crematorium has been made to think.  However I met the clerk to the board.  I won't publish my opinion, it might be construed as fair regarding the thought processes.

I don't "not like it".  The score was always going to be "little man Nil, corporation 1", and I recognise that I am sitting in Don Quixote's horse wielding his lance at a massive windmill.  :)      I'm just a little saddened that there is no humanity in the UKIC's processes.  I am thinking Information Chihuahua again and we need the Rottweiler.

I also know that I am on a list that I am sure the UKIC has of "frequent complainers" or "Oh no, it's that sod again!"  I have been known to complain when the wrong thing hits my phone or email inbox.  One thing that I've noticed, apart fomr the extreme slowness of response, is that they miss things in the complaint.

Griffiths, Ian wrote:

Proportionate meaning just do what you think will make a difference.

I know you won't like this Tim but have you considered that it is very unlikely indeed that they're going to do it again after fourteen months of badgering!  And I mean that with the greatest of respect.  I would consider this case to have very much opened the eyes of this business and perhaps many other businesses with whom they interact.

And it's made great reading.

And it's in the archive forever.

And if they're highlighted as bad practice because of your experience in a seminar or lesson at some point in the future you have a story that will live on in teaching and dissemination.

It can't be said that nothing has been achieved.

Ian

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tim Trent

Sent: 03 February 2009 11:44

To: [log in to unmask]

Subject: [data-protection] Does anyone still remember the Crematorium?

You know, nor do I, not really.  But I thought you would all like to know the ultimate and eventual inevitable outcome with the UKIC.

I have used their entire process.  I have complained, appealed, and asked for the appeal to be reviewed.  And the final closure of the case happened this morning.

There is no case to answer.  Or at least there might have been, but the chose to notify, despite processing data unlawfully all the way until notification (about a year ago), and, because they notified they are deemed to be pointless to pursue.

BEGINS

It is your view that the lack of enforcement action against an organisation that commits the non-notification offence makes the law look 'ridiculous'. It means that the DPA is not enforced and the role of the Information Commissioner pointless.

I do not agree. In our 'Strategy for data protection regulatory action' (which is available from our website) we explain that any regulatory action we take will be will be consistent with the five Principles of Good Regulation established by the Better Regulation Task Force.

One of these is that regulatory action should be proportionate. In accordance with this we make clear that we will not resort to formal action where we are satisfied that the matter can be addressed by negotiation or other less formal means.

ENDS

That response was to my assertion that lack of enforcement action against an organisation proven to have been processing data unlawfully made the law ridiculous.

It also doesn't  matter to them where a signature is located on a Fair Processing Notice (if a paper document) because that signature makes the entire document valid:

BEGINS

You again reiterated your view that in a contract, any material fact agreed to must be above a signature.  If it is not then it does not form a part of the contract.

As we have previously explained, the first principle of the DPA says (amongst other things) that personal data should be processed fairly. Generally speaking, this means that personal data should be processed in accordance with the broad expectations of the subject of the data. Therefore, where personal data are obtained from data subjects, the data controller must ensure, so far as is practicable, that they make them aware of any non-obvious uses they intend to make of their data. The important point, as far as the DPA is concerned, is that the information is clear and prominent, not whether it is above or below a signature.

ENDS

I could have a whole rant, here.  And some of you will agree with me and others disagree.  And we've heard it all before.  But the really interesting thing is the inordinate length of time the entire process has taken.  My initial complaint was lodged on 5 November 2007.

Whether my complaint was valid or not, surely we rather hope for an efficient regulator?  This could and should have been dealt with, start to finish in well under six months.  What we have is fourteen!

 

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

• Leaving this list: send leave data-protection to [log in to unmask]
• Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
• To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
• To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)