Rank: Guest
|
Posted By Jimmy Our typist has be "told" to put all employees names and addresses and Nat Ins Nos on the computer server as an "Employee database". The database, as I have just found out(by stealth!) can be accessed by anybody. I am not up on the DPA but I'm certain that the ease of accessability to the data should be alot more secure than it will be. Any thoughts?
|
|
|
|
Rank: Guest
|
Posted By Jane Blunt There is some useful information on the Information Commissioner's webpages, including a guide for small businesses http://www.informationcommissioner.gov.uk/What is being proposed by your employer does not appear to conform to the basic principles - but read their literature and decide for yourself. Jane
|
|
|
|
Rank: Guest
|
Posted By David J Jones Jimmy, Another useful link - www.data-protection-act.co.ukThe easiest way I have found of looking at the DPA for everyday use is quite simply that any personal information, which includes names, D.O.B., NI number etc, should not be accessible to those who have no need to know. Principle 7 of the DPA requires that appropriate security measures are in place to safeguard against unauthorised or unlawful access/processing of personal data. I suspect that your organisation would have a hard time trying to convince a judge that their password protection of personal data was sufficient to prevent "unlawful access". Lets face it, these days most twelve year olds could probably crack 99% of the majority of companies' so-called computer security! David
|
|
|
|
Rank: Guest
|
Posted By John Murgatroyd You don't need to worry. First, the IC would have to be informed of the breach of DP principles. Then they'd have to investigate. After that, if there is a case, they'll issue an enforcement notice. If the breach still continues, they'll teach you how to do things right, and only after that will they consider a prosecution. It'll take about 2 to 3 years to get to a court, and they'll probably sort it out long before it gets there. Data protection, as with health and safety, is a long-winded name for "excellent career prospects with excellent pension arrangements" Things to remember: 1. Data protection is not about protecting data, or people. It's about power, career and power. 2. If the HSE put as much time and money into decent inspections and enforcement, the death rate for accidents wouldn't exist. It's about power, career and power.
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.