It's also very important to ensure that people feel (and with good reason)
that they will be treated fairly if they are the cause of a breach.
In many cases the priority in the case of a breach is for the organisation
to know about it as soon as possible, so that it can take steps to limit any
damage and, if relevant, inform any affected Data Subjects. If staff feel
that they may be treated harshly, they are more likely to try to hide the
breach.
I'm not arguing that there should be no disciplinary sanctions; people
should have to take responsibility for their mistakes. I think it would be
better, though, if it was made clear that people will be given credit for
owning up straight away, and that disciplinary action will be appropriately
graded.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: "Tim Turner" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, September 23, 2010 3:04 PM
Subject: Re: Disciplinary Sanctions
Everywhere I have worked recently has gone along the lines of "may
result in disciplinary action". The reason for this is largely to avoid
fettering the discretion of the disciplinary process - it's difficult to
operate a fair system if an outcome automatically results from an
incident because every incident has different circumstances.
I think the faliure comes in not taking appropriate disciplinary action
when appropriate - in many circumstances, it's obvious that by not
considering disciplinary action, a data controller cannot argue that it
is taking the appropriate steps. However, blithely sacking someone to
stave off a monetary penalty without following a fair and balanced
disciplinary process is likely to create another set of difficulties
(e.g. unfair dismissal).
Tim Turner
NHS Manchester
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 23 September 2010 14:15
To: [log in to unmask]
Subject: [data-protection] Disciplinary Sanctions
The ICO has clear guidance with examples of what he considers to be
serious enough to merit montary penalty :
http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_
specialist_guides/ico_guidance_monetary_penalties.pdf
Does anyone do something similar internally ? e.g. clear guidance on
what you would consider would merit :
* a quiet word
* an informal warning
* a disciplinary hearing alleging misconduct
* a disciplinary hearing alleging gross misconduct
* instant dismissal
or does your policy just say "breach may result in disciplinary
sanction - a very broad 'may' ? If not how do you ensure consistency
over time or between sections if your organisation is large ?
Would failure to have something in place be a breach of principle 7 - is
it an appropriate organisational measure ?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Any requests under the Freedom of Information Act should be directed to
[log in to unmask]
Please notify the sender immediately if this email appears to have been sent
to you by mistake;
Respect the confidentiality of any information you receive from us;
Remember that emails sent or received by our staff may be disclosed under
the Freedom of Information Act;
Let us know straight away if you suspect this email is infected with a virus
by ringing 0161 7654700 [if outside the UK +44 161 7654700].
(We take all possible steps to ensure that our systems are virus-free but no
system is completely secure.)
Please note that the contents of incoming and outgoing emails are
automatically scanned for inappropriate content.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
