Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error
Personnel Data--help please
Options
Go to last post Go to first unread
Previous Topic Next Topic
Admin  
#1 Posted : 22 June 2004 12:58:00(UTC)
Rank: Guest
Admin
Posted By Jimmy
Our typist has be "told" to put all employees names and addresses and Nat Ins Nos on the computer server as an "Employee database". The database, as I have just found out(by stealth!) can be accessed by anybody. I am not up on the DPA but I'm certain that the ease of accessability to the data should be alot more secure than it will be.
Any thoughts?
Back to top
Admin  
#2 Posted : 23 June 2004 11:57:00(UTC)
Rank: Guest
Admin
Posted By Jane Blunt
There is some useful information on the Information Commissioner's webpages, including a guide for small businesses

http://www.informationcommissioner.gov.uk/

What is being proposed by your employer does not appear to conform to the basic principles - but read their literature and decide for yourself.

Jane
Back to top
Admin  
#3 Posted : 23 June 2004 12:51:00(UTC)
Rank: Guest
Admin
Posted By David J Jones
Jimmy,

Another useful link -
www.data-protection-act.co.uk

The easiest way I have found of looking at the DPA for everyday use is quite simply that any personal information, which includes names, D.O.B., NI number etc, should not be accessible to those who have no need to know.

Principle 7 of the DPA requires that appropriate security measures are in place to safeguard against unauthorised or unlawful access/processing of personal data.

I suspect that your organisation would have a hard time trying to convince a judge that their password protection of personal data was sufficient to prevent "unlawful access".

Lets face it, these days most twelve year olds could probably crack 99% of the majority of companies' so-called computer security!

David
Back to top
Admin  
#4 Posted : 23 June 2004 19:18:00(UTC)
Rank: Guest
Admin
Posted By John Murgatroyd
You don't need to worry.
First, the IC would have to be informed of the breach of DP principles.
Then they'd have to investigate.
After that, if there is a case, they'll issue an enforcement notice.
If the breach still continues, they'll teach you how to do things right, and only after that will they consider a prosecution.
It'll take about 2 to 3 years to get to a court, and they'll probably sort it out long before it gets there.
Data protection, as with health and safety, is a long-winded name for "excellent career prospects with excellent pension arrangements"
Things to remember:
1. Data protection is not about protecting data, or people. It's about power, career and power.
2. If the HSE put as much time and money into decent inspections and enforcement, the death rate for accidents wouldn't exist. It's about power, career and power.
Back to top
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET