I have been slightly pre-occupied over the last few days, having had to attend and chair a conference. I heard some very interesting papers and discussions.
Anyway, returning to my usual blog, I came across a few press releases on data protection. The UK Information Commissioner has published some guidance on buying and selling a database. The guidance is clear in stating that it is not a breach of the UK Data Protection Act 1998 to sell a database containing customers' details. However, companies/organisations (who plan to do this) must meet certain conditions/requirements. This includes obtaining the customer's consent and making sure that the customer understands the purpose for which the data was originally collected.
Guidance in this area is long overdue. However, it is still unclear the extent to which these databases are sold to other companies and whether customers know that their data are being transferred. More research and awareness in this area is much needed.
Guidance can be found here (pdf).
No comments:
Post a Comment