Valuable Do's and don'ts on data protection from a UK IT magazine
ComputerWeekly.com:
Do's and don'ts in privacy protection
Organisations can minimise the risk of disclosing the individuals' personal information under their control if the follow these common sense guidelines, says the ICO.
• Do not be secretive or deceptive in how you handle people's personal data.
• Do not try to gain an advantage by using personal data in a way that people wouldn't expect or might object to.
• Do not collect unneeded personal data. This cost more and exposed firms to extra risk if there was a data loss.
• Do get the best affordable security. A big data loss or a loss of sensitive personal data could undermine public confidence in the firm cause great commercial damage.
• Do not assume that as a firm based in the UK you can ignore other countries' laws.
If you use equipment in another country or collect personal data about people outside the UK, you may need to comply with other countries' laws, the ICO said.
Firms must be able to justify the collection of information that identifies an individual.
Questions to ask were
Is it possible to achieve my aims without collecting information that identifies people?
If not, what sorts of identifiers do I need to collect; obvious ones, such as names and addresses, or less obvious ones, such as the IP addresses of the devices used to access my site?
Which data items do I really need? Do I really need individuals' dates of birth or just their contact details? [link]
posted by: gqpartner
Comments