We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

How's your data protection policy doing?


Forum Editor

Likes # 0

If your business is in the habit of collecting and processing personal data from customers, or potential customers, it's worth thinking about your responsibilities as a data processor.

Broadly speaking, the purpose of the Data Protection Act 1998 is to ensure that individuals and companies who/which process information about living, identified or identifiable individuals do so in a manner that properly safeguards that information from unlawful disclosure to third parties. The kind of personal information that is protected under the act is names and addresses, bank details, and opinions expressed about an individual - perhaps by a senior manager about an individual worker in an internal company assessment document.


There are eight guiding principles as far as Data protection is concerned, and they are that data is/are:

1. processed fairly and lawfully

2. processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose

3. adequate, relevant and not excessive


4. accurate and,where necessary, kept up to date

5. kept for no longer than is necessary for the purpose for which it is being used

6. processed in line with the rights of individuals

7. kept secure with appropriate technical and organisational measures taken to protect the information

8. not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred


Lots more about how to comply with the law here:

click here

Like this post
samc123

Likes # 0

Hi we are one of the largest photo printing companies in the UK.

Customers ring up to check on their order status, etc.

We want to know, if we comply with data protection regulations when we ask customers questions to confirm their identity?

We also want to know how many questions are we allowed to ask and what sort of questions are we allowed to ask?

At presenet we ask 3 security questions on all incoming and outgoing calls. These questions can consist of the following:

Order Number
name
postcode
First line of address
What the customer has ordered (Content of images)
Email Address
Telephone number
Items in order

Best regrads.

Like this post
Forum Editor

Likes # 0

Did you post this in the wrong place?

Like this post
computerboy1000

Likes # 0

have you protected the administrator account, i you use the welcome screen, press control alt delete and type administrator in, if it logs you in then project it with a password

Like this post
Simsy

Likes # 0

is the fact that the data doesn't have to be "electronic" for the data protection act to be relevant.

I suspect it's unlikely to apply anywhere in business nowadays; perhaps in clubs and the like, but records kept in "paper" form, i.e. not computerised, fall under the same rules.

Regards,

Simsy

Like this post
wildrover

Likes # 0

I have been meaning to address this for some time - your prompting was just what was needed.

Like this post
wee eddie

Likes # 0

but it must be fairly close

Like this post
Forum Editor

Likes # 0

Anything which can personally identify a living individual is classed as personal data. Your name, address, and telephone number are all personal data, as is your email address, and anything else which might identify you,or enable a third party to contact you at your home or place of work.

Like this post
wildrover

Likes # 0

I will need to notify because I do get personal information from clients, so thanks for bringing up this topic and to all have contributed above!

On a more general note, what exactly is 'personal information' - as I said, i do get info that will certainly be classed as personal and will therefore need to notify - but I also get what I would call 'professional' information, work addresses, numbers, etc. Does that class as 'personal information' here?

Like this post
Forum Editor

Likes # 0

I always advise clients to notify, even if there's a slight doubt. You lose nothing, other than the notification fee - which isn't much - and you have the peace of mind that comes from feeling covered.

Complying with the terms of data control legislation is easy.

Like this post
Chris the Ancient

Likes # 0

Good point.

But in my job, there is nothing can do in the way of promotion or advertising. It's a 'one off' industry. So I should be staying safe there (fingers crossed!).

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...