Being as its Friday....
Because the the Information Commissioner and his staff appear to be
reluctant to properly undertake their responsibilities, perhaps the
approach is to involve their paymasters.
As I understand it, he is directly responsible to Parliament. I
believe, though I may be wrong, this means that however competent or
otherwise he and his staff are, Parliament is the only body that can
wield the "necessary encouragement".
I have read a diatribe of inaction over basic DPA breaches, and
customer care issues such as an acknowledgement letter, that the
Commissioner's Office has ignored, but that it would, in its usual
"pleasant" fashion, instruct us how to rectify our failings.
The approach seems to be:
- registered, or whatever the current process is, letter to the ICO
detailing the situation;
- copy to MP (and Home Secretary, PM, press, whoever) for
them to
exploit as they wish); and
- if no answer within a reasonable period ( say 28 calendar days
as
this appears to be the ICO's recommendation when we cannot achieve
a
response to an SAR in 28 days), further letters to the copies above,
copied to the ICO "for his information".
Potentially heavy-handed I know, but...
While I accept this is a "conversation" site, I am tired of hearing
excuses about the ICO's workload from both them and their staff. We
are all busy, but still do our jobs. Please no excusists, unless you
feel it is absolutely necessary of course. I would hate to stiffle
fair and open debate!!
Have a good weekend all!
Ed
Date sent: Fri, 16 Jan 2004 14:01:47 +0000
Send reply to: Tony Bowden <[log in to unmask]>
From: Tony Bowden <[log in to unmask]>
Subject: Re: [data-protection] Stirring the pot
To: [log in to unmask]
> On Fri, Jan 16, 2004 at 01:41:33PM -0000, Ingrid Wilson wrote:
> > Surely, as DP practitioners, our reason for being is to work
> > within the spirit of the legislation. Certainly we need to
> > balance this with the organisation's interests, however shouldn't
> > it be part of our role to argue why the organisation should take a
> > more permissive view than Durant about what the person should
> > receive?
>
> Unfortunately my experience over the past 12 months has been the
> opposite.
>
> The marjority of private sector companies from whom I have made an
> SAR seem to see Data Protection as a hassle, and are keen to provide
> as little information as possible.
>
> I was not particularly surprised by the response from companies like
> Amazon, but I was hugely surprised by BT. Although I have been a BT
> customer for many years, have had services from them that are not
> exactly mainstream (I used to be on the list to receive the full BT
> price list in the days when it was supplied on paper, took two large
> lever-arch files to hold, and had 100+ page updates every couple of
> weeks), use their on-line services etc., their response to my SAR
> took 3 months, at which point they produced *two sheets* of A4 paper
> as my data, consistingly solely of billing records since March 2002,
> filled with wonderfully arcane abbreviations such as XDNC, EXCH,
> NIAMG03, ANIMXM86, LCJKC02, DIN, OCBD, ETOS, QBILLS, REM1/PCAL FUP,
> RCN, CM43 DESP and EACP. They provided no information whatsoever
> relating to calls made or received by myself, services subscribed
> to, charges incurred, previous addresses, credit checks made, faults
> reported, engineering work performed, offers made etc.
>
> It took a further 6 months, and a complaint to the OIC (as yet
> unacknowledged) before receiving any of this information.
>
> Sadly this is not an isolated case. I have made 10 SARs over the
> past year, and only two provided any information within the time
> limit, and only one provided what I believe to be sufficient
> information on the first response. Several have taken 3 or 4
> further enquiries before they actually provide obvious information.
>
> Many have provided unintelligible information (as with BT, above)
> and the standard response seems to be "tell us what you don't
> understand and we'll explain it", rather than the "best practice"
> (usually taken by Financial Institutions) of providing a booklet
> explaining all their abbreviations. One major financial institution
> even had to have some poor staff member go through all the sheets
> they had sent me and write on each what each part of the screenshot
> meant - hardly a scalable approach!
>
> Tony
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|