A little flavour of what's in store...

Tuesday, August 21, 2007

Fabulous Photo Gifts and Data Protection - a checklist

Data protection checklist:

The Goverments Information Commissioner's Office (ICO) promote public access to official information and protection of your personal information and they have just issued a Data protection checklist. 10 items to help businesses and individuals comply with the Data Protection Act. This checklist will help you comply with the Data Protection Act. Being able to answer 'yes' to every question does not guarantee compliance, and you may need more advice in particular areas. But it should mean you are heading in the right direction.

Fabulous Photo Gifts endeavours to operate as transparently as possible so we wanted to take this opportunity to detail how we deal with the personal information we hold and answer each 'item' individually.

Do I really need this information about an individual? Do I know what I'm using it for?

The information Fabulous Photo Gifts collects about you when you visit our website is used to deliver photo gifts ordered, respond to orders or order queries by email, phone or post as appropriate.
Other information submitted may include specific contact information or in the case of certain photo gifts like t-shirts, size preferences.
Credit card and other payment details are collected by PayPal via a secure server connection.

Do the people whose information I hold know that I've got it, and are they likely to understand what it will be used for?

Fabulous Photo Gifts has a transparent privacy policy and terms and conditions page which sets out how we use information we may hold about you.

If I'm asked to pass on personal information, would the people whose information I hold expect me to do this?

We are obliged to pass on any information where requested by the authorities. Our privacy policy outlines data use by third parties acting on behalf of Fabulous Photo Gifts.

Am I satisfied the information is being held securely, whether it's on paper or on computer? And what about my website? Is it secure?

All personal information associated with orders is held both on Computer files (restricted access) and backup paper copies (restricted access). The Fabulous Photo Gifts website is protected and all customer payments are taken via a secure server connection.

Individual photographs uploaded for inclusion on photo gifts are held on a secure server, access is password protected.

Is access to personal information limited to those who absolutely need to know?

Yes!

Am I sure the personal information is accurate and up to date?

If we are unable to contact a customer on the email supplied, as a last resort, we will attempt to contact the customer by post. Customer records are updated on an 'as received' basis.

Do I delete or destroy personal information as soon as I have no more need for it?

Yes! We keep a copy of your original uploaded image for approximately 3 months on our secure server in case you wish to order again. Completed order images (where adjustments to red eye, tonal quality, contrast etc) are usually kept for a similar period, again in case of future orders.

Have I trained my staff in their responsibilities under the Data Protection Act? Are they fulfilling them in practice?

Yes! We also carry out daily system wide 'health checks' to ensure our website is operating correctly and that data collected is correctly handled.

Do I need to notify the Information Commissioner? If so, is my notification up to date?

Up to date.

You can get more information or advice on data protection and good information handling by visting www.ico.gov.uk or by phoning 08456 306060

*Fabulous Photo Gifts has no control over data collection and use of data collected, by other websites linked to or from Fabulous Photo Gifts and no liability for misuse or unauthorised use is accepted.

1 comment:

OOM said...

This is a good post, especially as you "interact" with this legal provision. It's like a dialogue. Very interesting indeed!