[thelist] Data Protection Act - Online Data Storage
Lee kowalkowski
lee.kowalkowski at googlemail.com
Mon Jan 29 05:30:11 CST 2007
On 29/01/07, Dawson Costelloe <costelloe at gmail.com> wrote:
> Example being, they want to hold user's passport details in the CRM.
>
> Can anyone recommend a good dumbed-down resource online which outlines
> what information you legally can and cannot hold online in a date
> store?
I don't think there's any restriction, but it must be accurate,
up-to-date, relevant (you must be able to justify your reason for
storing it), you must not share it without owner's knowledge and
consent and keep it secure, or keep it for longer than necessary, and
individuals have the right to access all data held about them.
http://www.legislation.org.uk/intro.htm
http://www.ico.gov.uk
I personally think an organisation making data like that available to
a significant number of employees may be undertaking a massive duty of
care. They would be required to demonstrate how they keep that
information safe, how they vet employees and access to data, etc...
As it's on a leased server, can they demonstrate that?
Not inferring you're untrustworthy of course, but you see how it could escalate.
--
Lee
More information about the thelist
mailing list