Dear Charles (and list members),
Thanks for your reply.
You're certainly right to raise the issue of new processing post-
October 1998, but I was looking particularly into existing
uses and registrations, which can stand, as you say, until
October 2001.
A survey of 131 UK university Web sites that I have just carried
out shows that 124 of them reveal "personal data" of one form
or another to visitors from anywhere in the world on their Web
sites, either via searchable directories or on staff information
pages. Of these, 76 are either not registered to do so according
to the register entries available at http://www.dpr.gov.uk/, or
are only partly covered. In other words, 61% are disclosing
personal data that they are not registered to disclose.
Of the 48 that are correctly registered, 28 of these use the
model registration proforma found at the ftp site mentioned by
Andy Powell, either "as is" or with minor variations.
On Colin Work's point about the 1998 Act's restriction on the export
of personal data to countries outside the EEA which do not have
an "adequate" level of protection for data subjects (the 8th Data
Protection Principle), Schedule 4 of the 1998 Act allows for
exemption from the 8th principle if the Data Subject has given
consent for the transfer. As processing of personal data will
require a data subject's consent even if there is no transfer of
data outside the EEA anyway, getting explicit permission from data
subjects for the inclusion of their details in any on-line
directories or staff pages etc is going to be essential under the
new regime.
Best wishes,
Adrian
Adrian Tribe <[log in to unmask]>
College Web Editor
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|