Questions about adhering to the data protection act
Discussion
I ask this due to a vulnerable situation I was involved in, at uni...
Can someone forge a letter and be granted details of someone else? I mean, under the DP act, this must be wrong but I am told that someone can get written consent from the data subject and get their details.
But this approach is prone to danger as people can forge signed notes and make requests, with no easy way of verifying the signature. A lot of people are at risk due to bad luck if people attempt these methods.
For example, I am told the exemption of providing personal data to a 3rd party is:
a. we have the consent of the person concerned, or
b. there is an exemption in the Data Protection Act that applies.
So what if someone meets a via a forged note (though illegal)? If someone attempts to get my details, even if they have a forged note from me, would I be notified under the act?
Thanks
Can someone forge a letter and be granted details of someone else? I mean, under the DP act, this must be wrong but I am told that someone can get written consent from the data subject and get their details.
But this approach is prone to danger as people can forge signed notes and make requests, with no easy way of verifying the signature. A lot of people are at risk due to bad luck if people attempt these methods.
For example, I am told the exemption of providing personal data to a 3rd party is:
a. we have the consent of the person concerned, or
b. there is an exemption in the Data Protection Act that applies.
So what if someone meets a via a forged note (though illegal)? If someone attempts to get my details, even if they have a forged note from me, would I be notified under the act?
Thanks
Edited by Z064life on Thursday 21st August 21:05
Quinny said:
When I requested data from Merseyside Police, I had to provide a copy of 2 forms of ID, and a copy of my car reg document, before they'ed enter into any correspondance.
Fair enough, but the police are probably stricter than a university.My concern is a friend acting as himself, but forging a signed not from me.
Yep, a University could be conned if a bit slack. You could report them and if you suffered because of their breach you could probably sue them as well.
If you are worried about a breach happening in the future then write to them advising them to contact you if an unusual request was being made, say by an individual or non letterheaded stationary.
If you are worried about a breach happening in the future then write to them advising them to contact you if an unusual request was being made, say by an individual or non letterheaded stationary.
Boosted LS1 said:
Yep, a University could be conned if a bit slack. You could report them and if you suffered because of their breach you could probably sue them as well.
If you are worried about a breach happening in the future then write to them advising them to contact you if an unusual request was being made, say by an individual or non letterheaded stationary.
What I'm really interested in is the legality of somebody forging a signed note and then requesting data of that (other) person.If you are worried about a breach happening in the future then write to them advising them to contact you if an unusual request was being made, say by an individual or non letterheaded stationary.
Under the dp act, that must be illegal, right? Therefore, if it is, I don't expect such an event to have happened, concerning me. My uni says that proper authority would be required on such events, although I don't know if that means asking the information officer or just that the person making the disclosure has the authority.
Your going round in circles. A forgery is a forgery no less and the document is proof. Once the information is gained though it's a bit late to prevent it happening or being passed on. Heck, in a past life I used to get personal information over the telephone. Once I had it the clock couldn't be turned back and nobody could say who it was that obtained the information.
So, if you have any concerns act now.
So, if you have any concerns act now.
Ive discussed things, and everything is ok.
I am however wondering just one thing:
-If someone does request my data, would the data controller (the uni in this case) need my consent by them personally asking me?
I am intrigued now as the dp act effecs my career/professional life.
I am however wondering just one thing:
-If someone does request my data, would the data controller (the uni in this case) need my consent by them personally asking me?
I am intrigued now as the dp act effecs my career/professional life.
Edited by Z064life on Saturday 23 August 00:26
The data controller would be expected to take reasonable steps to ensure that any request for data is actually from the data subject (ie you). I dont think the DPA law specifies what steps to take but the data controller is required to develop a policy on security matters such as this and maybe you can request a copy of their policy statement? For example, at my employer (a pension administration company), if we receive a letter from a pension scheme member we check the signature against our records but only release data in writing, not over the phone, by posting to their last known address. (The risk of someone forging a change of address letter can be dealt with by sending confirmation of the change to their "old" address.) Suggest you ask your Uni for confirmation of their dpa policies, and how they go about identification of the data subject in particular.
Gassing Station | Business | Top of Page | What's New | My Stuff