Are you a Google Analytics enthusiast?
More SEO Content
Liability Of Client And Data Protection Act
Posted 16 April 2009 - 11:14 AM
It seems as though some of the data they want to store may break the Data Protection Act, although I'm no expert on this particular issue. I have told them my concern and they've said that these customers have asked them to store this info for convenience so they don't think it's a problem.
If I build the database as they want, do I have any liability if it turns out they are breaking the DPA? how could I find out if they're breaking the DPA without too much hassle? This is a small job and it doesn't justify hours of research, but obviously I don't want to shoot myself in the foot either.
Thanks in advance.
Posted 16 April 2009 - 11:25 AM
It identifies them as data custodians and that they will adhere the DPA 1984/1998 act and the data priciples.
Your obligations require you to store the data in a safe place, to ensure the acuracy of the data, to make the data avaiablable to the relevant person who the data relates to and allow them to alert you of inaccuracies and changes to the data held.
Just because you wrote the DB system, does not hold you liable for the use of the data nor does it make you in any way liable as data custodian.
That's like saying Smith & Western are responsible / liable for the people that get shot with their guns!
Also only the company needs to hold a DPA certificate NOT an individual!
However, if you keep electronic data records of your own clients, your company needs to hold a DPA certificate and adhere to the DPA principles of data security and integrity.
At the end of the day, it's about £25.00 per year, so for any profitable company, there is no reason to not just get one and be done with it.
for reference visit the Information Commisioners Office http://www.ico.gov.uk/
Posted 16 April 2009 - 12:02 PM
I entirely agree, but there are some people who really do think that. Considering that, plus logic doesn't always enter UK law, I just wanted to be sure before taking on a small job that ends up coming back to bite me.
Posted 17 April 2009 - 06:57 AM
1. Make darned sure you're storing and sending it in a secure manner while you're working on the project. eg I wouldn't under any circumstance email the db back and forth since email is notoriously UNsecure. Either deliver it via cd or upload it directly to a secure location on a server.
2. Once the project is done and over make sure you wipe out the personal data contained in the database from your computer.
FWIW, I'd treat it with kid gloves since technically the company who hired you should have included some sort of statement in your contract with them before they handed over the data. It doesn't sound like they did that, so I'd like you I'd want to make sure I took every step to protect myself. No need in getting caught up in someone elses mess.
Posted 17 April 2009 - 07:32 AM
I'll forgive you Randy as you may not be aware of the UK government balls up regarding data loss via cd's in the post... on more than one occasion
If you must send in post on CD, encrypt it, password protect it and send it recorded, special, it better bloody get there parcel force post!
Also if you are going to FTP , ensure you use sFTP just to be sure! or if like me you have an encrypted VPN connection to the server use that.
When it comes to DPA, it never hurts to cover your ass and then some!
Posted 17 April 2009 - 08:03 AM
Sorry, should have been more clear on that.
But in any case I'd password protect it to make sure the data didn't end up in the wrong hands via someone else's screw up. Before, during or after delivery. Not because some regulation might say you should, but because it's the right thing to do.
Posted 17 April 2009 - 08:37 AM
Sorry, should have been more clear on that.
But it's good we cleared that up
We have the technology to encrypt the data and store it on an SSL encrypted , password protected area of the website, I can then ring the recipient, and tell them the pword over the phone, once downloaded , delete the file from the server.
But no, my employer still emails an entire DB in spreadsheet format. There's no helping some peope!
Edited by NASA, 17 April 2009 - 08:53 AM.
Posted 17 April 2009 - 10:33 AM
I think (hope) the way it will work in practice is that I'll build the db at my office with a sample set of fake data and then will install the full set when I set it all up on their premises - but I'll be sure to move it manually on a CD if that's not possible for some reason. Their place is only a 2 minute drive from here so it's no problem.
Posted 17 April 2009 - 10:39 AM
crickey you could send it by pigeon!
Posted 18 April 2009 - 05:38 AM
now you're being ridiculous - I'm not going to use my carrier pigeons on any journey less that 10 miles!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users