Wherever
possible obtain consent before acquiring, holding or using personal data. Any forms,
whether paper or web-based, which are designed to gather personal data should
contain a statement explaining what the information is to be used for and who
it may be disclosed to.
Be
particularly careful with sensitive personal data (i.e. information relating to
race, political opinion, physical or mental health, religious belief, trade
union membership, sexuality, criminal offences etc). Such information should only be held and used
where strictly necessary. Always obtain
the consent of the individual concerned and notify them of their likely use(s)
of such data.
Wherever
possible, be open with individuals concerning the information being held about
them. When preparing reports or appending notes to official documents, bear in
mind that individuals have the right to see all personal data and could
therefore read any 'informal' comments made about them. Also be aware that this includes e-mails
containing personal data and so the same caution should be used when sending
e-mails.
Only
create and retain personal data where absolutely necessary. Securely dispose of
or delete any personal data which is out of date, irrelevant or no longer
required. Hold regular reviews of files
and discard unnecessary or obsolete data systematically.
When
discarding paper records that contain personal data treat them confidentially
(i.e. shred such files rather than disposing of them as waste paper). Similarly
any unnecessary or out-of-date electronic records should be deleted. Computers should not be given away or sold
unless you have ensured that all information stored on it has been removed or
deleted.
Keep
all personal data up to date and accurate. Note any changes of address and
other amendments. If there is any doubt
about the accuracy of personal data then it should not be used.
Keep
all personal data as secure as possible (e.g. in lockable filing cabinets or in
rooms that can be locked when unoccupied). Do not leave records containing personal data
unattended in offices or areas accessible to the members of the public. Ensure
that personal data is not displayed on computers screens visible to passers-by.
Be aware that these security
considerations also apply to records taken away from the University e.g. for
work at home or for an external meeting. Also bear in mind that e-mail is not
necessarily confidential or secure so should not be used for potentially
sensitive communications.
Never
reveal personal data to third parties without the consent of the individual
concerned or without reasonable justification. This includes parents, guardians, relatives
and friends of the data subject who have no right to access information without
the data subject's consent. Personal
data can only be legitimately disclosed to third parties for purposes connected
with the purpose for which the information is kept or to meet statutory
requirements but only where you are satisfied to the enquirers' identity and
the legitimacy of the request.
Requests
for personal information are received from time to time from organisations such
as the police or the Valuation Department of the Ministry of Finance for real
property tax purposes. You should endeavour to co-operate with these organizations,
but steps should first be taken to ensure that requests are genuine and
legitimate.
Always
obtain consent from the individual’s concerned before placing information about
them on the Internet and before sending any personal data outside of your
jurisdiction.
Be
aware that if you are using a third party data processor e.g. for bulk mailings
or database management and are giving them access to personal data, then you
must have a written contract in place with them to ensure that they treat such
information confidentially, securely and in compliance with the Data Protection
Act 2003.
This post is for your
information only and nothing contained in this post is intended to constitute a
legal opinion. If you require any
detailed advice you should contact a Bahamian e-commerce attorney. You can contact a Bahamian attorney specializingin Bahamian e-commerce law by clicking here.
No comments:
Post a Comment