In a world where corporations and businesses are trusted with people’s data, better data compliance is a must.
Check out these tips to improve it in your business:
1. Consent.
Gain consent before you acquire, use, or hold any personal data wherever possible. All Staffordshire University forms designed to collect personal data, whether web-based or paper should always have a statement that explains how the information is to be used and those it may be disclosed to.
2. Sensitive Data.
It is important to be especially careful with sensitive personal data (i.e. information that relates to sexuality, trade union membership, religious beliefs, mental or physical health, criminal offences, political opinion, race, etc.). Hold and use such information only where strictly necessary. Always gain the consent of the concerned individual and be sure to notify them of the possible use or uses of such data.
3. Individual Freedoms.
Be open with individuals regarding the information you are holding about them wherever possible. Compliance Professional River Cohen advises that if you are attaching notes to official documents or preparing reports, always remember that individuals are entitled to see any personal data and are thus entitled to read any ‘informal’ comments that are made about them. Remember that it also includes e-mails that contain personal data and therefore you should use the same caution when sending e-mails.
4. Reviewing Files.
Create and keep personal information only when absolutely necessary. Delete or dispose of securely all personal data that is irrelevant, out of date, or no longer required. Undertake regular file reviews and systematically get rid of obsolete or unnecessary data.
5. Records Disposal.
Treat paper records containing personal data confidentially when discarding them (i.e. shred the files as opposed to disposing them as waste paper). Similarly, delete any outdated or unnecessary electronic records. University computers must never be sold or given away unless Information Services are sure that all information contained in them has been deleted or removed.
6. Accuracy.
Always ensure that personal data is accurate and up to date. Keep track of any changes of address or other amendments. If in doubt of the accuracy of any personal data then avoid using it.
7. Security.
Keep any personal data as secure as possible (for example in rooms that are lockable when not in use or in lockable filing cabinets). Avoid leaving records that contain personal data unattended in areas accessible to the public or even offices. Make sure that personal data is not visible on computer screens to passers-by. Keep in mind that the security considerations still apply to any records taken away from the University e.g. for an external meeting or for work at home. You should also remember that email is not automatically secure or confidential and should thus not be used for any potentially sensitive communication.
8. Worldwide Transfer.
Always seek the concerned individual’s consent before you place information pertaining to them online (apart from perhaps basic office contact details) and before you send any personal data outside Norway, Lichtenstein, Iceland, or the European Union.
9. Third Party Processors.
Keep in mind that if you are using a third party data e.g. for database management or bulk mailings and are offering them access to personal data, you need to have a contract in writing with them to be sure that they will treat such data securely, confidentially, and in compliance with the 1998 Data Protection Act.
