Para 2 (1) a of Schedule 1 part II doesn't require a Fair Processing Notice.
It says that you have to provide one 'so far as practicable', and that the
requirement is met if the Data Subject has 'made readily available to (him)'
the relevant information.
There are a number of options. These include:
1) a prominent notice at the point where the person gives the
information (if they do it in person)
2) information attached to the publicity for the service, indicating
the fraud detection element and saying where the FPN can be found
3) a brief mention in the script when the data is obtained by phone,
'by the way we do share data for fraud prevention and can give you the FPN
if you want it ...'
This can then be backed up with a more detailed FPN at the point where the
service is provided.
That seems to me perfectly fair.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: "Phil Bradshaw" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, September 15, 2010 12:57 PM
Subject: Fair Processing
We provide a service. In the interests of efficiency we did away with
application forms. Customer simply turns up with proof of entitlement
(personal data) which we record on our database and provide the service.
We disclose the database (legal requirement) as part of the National Fraud
Initiative.
I have advised the service that this is a DPA breach as there is no FPN.
They accept this and say they will issue my approved FPN with the service.
I advise that I do not think this is good enough - it should be given
earlier as otherwise customer has no reasonable choice. Difficult without a
form.
Does anyone :
(a) agree with my stance
(b) disagree as para 2(1)(a) of schedule 1 part 2 is silent as to timing
save that the FPN must precede the actual processing by disclosure as para
2(3)(c) refers to "... intended to be processed" and this is satisfied by
giving the FPN with the service ?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|