The ICO has clear guidance with examples of what he considers to be serious enough to merit montary penalty : http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/ico_guidance_monetary_penalties.pdf
Does anyone do something similar internally ? e.g. clear guidance on what you would consider would merit :
* a quiet word
* an informal warning
* a disciplinary hearing alleging misconduct
* a disciplinary hearing alleging gross misconduct
* instant dismissal
or does your policy just say "breach may result in disciplinary sanction - a very broad 'may' ? If not how do you ensure consistency over time or between sections if your organisation is large ?
Would failure to have something in place be a breach of principle 7 - is it an appropriate organisational measure ?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|