I would welcome the group's views on a question that has just been put to me
by one of our systems managers.
We run a computer system for a customer. As well as holding all of the data
associated with the function it delivers, it also holds a log of when each
user logged-on and logged-off - this is associated with the system's audit
trail and facilitates linking events in the system with people who carried
them out.
We have been approached by one of the customer's managers who wants to know
the time of the last log-off of a particular user on a particular day; they
believe that this will be different to the time recorded on that person's
timesheet. The systems manager appears to be one of those rare individuals -
somebody who came to their Data protection training, listened, took it in
and remembered it! They were about to release the information when they
suddenly thought "First principle - this isn't the purpose the data was
gathered for" and rang me for advice.
I'm really not sure what to advise. I agree with the First Principle
argument, but is there a case for "prevention and detection of a crime"? Is
recording incorrect information on your timesheet - which will form the
basis of your pay - a crime? Fraud perhaps, or obtaining and advantage by
deception?
All views welcome.
Stuart
----------------------------------------------------------------------------
The information contained in this e-mail is confidential and is intended
only for the named recipient(s). If you are not the intended recipient you
must not copy, distribute, or take any action or reliance on it.
If you have received this e-mail in error, please notify the sender.
Any unauthorised disclosure of the information contained in this e-mail
is strictly prohibited.
----------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|