When you take on a post in an HR department there is a responsibility that
comes with it not to look at information on an unofficial basis, or for
personal gain, etc. I'd like to put a statement of responsibility together
to be signed by "outsiders" who will unavoidable have access to our data.
Does anyone have a standard statement I could base it on to save reinventing
the wheel?
In anticipation,
Stewart.
PS. If anyone has any thoughts on the email retrieval question I posted last
week I'd love to hear them, I never had any replies:
I am expecting to receive a SAR for a series of emails passed between
two
individuals which mention the Data Subject. The SAR is likely to ask me
to
retrieve any deleted emails from backup tapes, can anyone fill me in on
the
latest guidance? I seem to remember hearing in the past that it was
necessary to attempt to recover deleted emails, but I'm sure I have also
heard the contrary!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|