So here are the basics, a collection notice must tell the person providing their information:
(a) who the organisation collecting the information is
(b) what the information provided will be used for
(c) how the information will be stored and for how long
(d) whether the information will be shared with another organisation or organisations
The wording does not have to be formal, you can just write in plain english the information required.
Collection notices should be provided on both paper and electronic forms. Frequently individuals do not remmebr signing up for something or when they gave information so to ensure that you stay off the ICO's naughty step you should record when the information was collected and this should be retained for the life of your relationship with the individual. Additionally, if it is a paper form you either need to hold the hard copy or have a scanned copy for your records. This will all help with proving that you are protecting the individuals privacy should you need to.
The wording does not have to be formal, you can just write in plain english the information required.
Collection notices should be provided on both paper and electronic forms. Frequently individuals do not remmebr signing up for something or when they gave information so to ensure that you stay off the ICO's naughty step you should record when the information was collected and this should be retained for the life of your relationship with the individual. Additionally, if it is a paper form you either need to hold the hard copy or have a scanned copy for your records. This will all help with proving that you are protecting the individuals privacy should you need to.
Remember that regardless of whether you are registered with the ICO you have to comply with the Data Protection Act so any forms that you use for the collection of information MUST have a data collection notice on it. Without a valid collection notice you are breaking the law!
No comments:
Post a Comment