The whole question of access to financial, and other information,
on IT systems highlights the widespread difficulty that still
exists in getting systems suppliers to recognise that they need
to take the DPA into account in developing systems.
I am seeing greater recognition of the need for DPA functionality
in order to meet Subject Access Requests but ask about DPA
compliancy in other aspects and blank looks still come to the
fore!
Those involved in specifying IT systems need to be clear that the
DPA must be complied with. It is not always easy, as data
protection officer, to get the level of involvement that one
would like at the specification stage - nor to get one's views
accepted if they cause complications for the project (in cost
and/or time).
Too many systems still give too wide an access to too much data
simply because there are no practical means provided of limiting
that access.
John Hitches
John Hitches
General Administrative Manager
Kingston University
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|