>The new act demands or at least implies the need to keep track of data
sources
>(ignoring transition periods)
I'm not sure I agree with this. Part II Para 7 (1) (c) (ii) of the Act
mentions "any information available to the data controller as to the
source"
It could be argued that if the source of the data is not relevant to the
purpose for which the data is processed, it is excessive and should not be
kept. In which case the information would not be available. I can't see any
other relevant reference to data source in the legislation (other than
disclosure which may identify a third party).
>I would be interested in any opinions as to what obligation there may be
to
>retain older information once it has been updated as part of normal
processing
>eg. in an effort to keep data up-to-date
I would suggest no obligation required by the DPA. However other
considerations may prevail, eg audit trail.
>What if a data subject claims damage or distress over processing of
inaccurate
>data previously held where that data was likely obtained from another
source
>but evidence of this has now been overwritten ?
I don't see how the source is relevant here; the fact that the data being
processed is inaccurate should be sufficient to get it corrected. Obviously
if information relating to the source is not available or self-evident, the
correction cannot be cascaded, but I can't see an instant solution to that.
Any other thoughts from the list?
>And is there any need to retain the Date that each piece of information
was
>obtained from each previous source ?
Again, I don't see any legal requirement. However there may be an implied
one here. If (eg) marketing information is collected at a specific date,
and the business decides that for that purpose data is kept for (eg) 2
years, then the original acquisition date becomes relevant in deciding the
deletion date.
Tim Wright
Data Protection Officer
Virgin Direct
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|