In a message dated 01/06/04 12:39:00 GMT Daylight Time,
[log in to unmask] writes:
> The system would allow entry for individuals to certain buildings by use
> of a swipe card, this swipe would be logged and may be produced on a
> daily report showing who has entered which building when.
-----------
Assuming the cards are going to have unique identifiers, allocated to named
individuals, the DP Principles must be met.
Some organisations implement these types of systems using "group access" so
that a number of staff have the same level of access but the system does not
differentiate between them. Presumably you have made a business case and have
undertaken an impact assessment prior to implementation.
Your employees must be fully aware of all the likely purposes (security,
staff administration, flexitime monitoring, other surveillance) and must be
informed of the consequences of allowing someone else to use the card. Other
considerations include:
What happens during a power loss?
What happens during a fire alert?
What happens if someone forgets their card?
What will you do with the reports?
What will happen if a discrepancy is found (eg ten people have swiped in but
there are eleven in the room?)
Will the doors be quick enough to prevent "tailgating" without being so quick
they trap people?
If the cards only allow certain individuals into an area, why would you need
a report that shows that only certain people entered it?
Ian B
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information given above does not replace or negate the need
for proper legal advice and/or representation. It is essential that you do not
rely upon any advice given without contacting your solicitor. If you need
further explanation of any points raised please contact Keep I.T. Legal Ltd at
the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|