Questions about adhering to the data protection act
Discussion
I ask this due to a vulnerable situation I was involved in, at uni...
Can someone forge a letter and be granted details of someone else? I mean, under the DP act, this must be wrong but I am told that someone can get written consent from the data subject and get their details.
But this approach is prone to danger as people can forge signed notes and make requests, with no easy way of verifying the signature. A lot of people are at risk due to bad luck if people attempt these methods.
For example, I am told the exemption of providing personal data to a 3rd party is:
a. we have the consent of the person concerned, or
b. there is an exemption in the Data Protection Act that applies.
So what if someone meets a via a forged note (though illegal)? If someone attempts to get my details, even if they have a forged note from me, would I be notified under the act?
Thanks
Can someone forge a letter and be granted details of someone else? I mean, under the DP act, this must be wrong but I am told that someone can get written consent from the data subject and get their details.
But this approach is prone to danger as people can forge signed notes and make requests, with no easy way of verifying the signature. A lot of people are at risk due to bad luck if people attempt these methods.
For example, I am told the exemption of providing personal data to a 3rd party is:
a. we have the consent of the person concerned, or
b. there is an exemption in the Data Protection Act that applies.
So what if someone meets a via a forged note (though illegal)? If someone attempts to get my details, even if they have a forged note from me, would I be notified under the act?
Thanks
Edited by Z064life on Thursday 21st August 21:05
Quinny said:
When I requested data from Merseyside Police, I had to provide a copy of 2 forms of ID, and a copy of my car reg document, before they'ed enter into any correspondance.
Fair enough, but the police are probably stricter than a university.My concern is a friend acting as himself, but forging a signed not from me.
Boosted LS1 said:
Yep, a University could be conned if a bit slack. You could report them and if you suffered because of their breach you could probably sue them as well.
If you are worried about a breach happening in the future then write to them advising them to contact you if an unusual request was being made, say by an individual or non letterheaded stationary.
What I'm really interested in is the legality of somebody forging a signed note and then requesting data of that (other) person.If you are worried about a breach happening in the future then write to them advising them to contact you if an unusual request was being made, say by an individual or non letterheaded stationary.
Under the dp act, that must be illegal, right? Therefore, if it is, I don't expect such an event to have happened, concerning me. My uni says that proper authority would be required on such events, although I don't know if that means asking the information officer or just that the person making the disclosure has the authority.
Ive discussed things, and everything is ok.
I am however wondering just one thing:
-If someone does request my data, would the data controller (the uni in this case) need my consent by them personally asking me?
I am intrigued now as the dp act effecs my career/professional life.
I am however wondering just one thing:
-If someone does request my data, would the data controller (the uni in this case) need my consent by them personally asking me?
I am intrigued now as the dp act effecs my career/professional life.
Edited by Z064life on Saturday 23 August 00:26
Gassing Station | Business | Top of Page | What's New | My Stuff