boards.ie privacy policy (lack thereof)

faceman

padser wrote: »

AFAIK the data protection is very much affected by privacy policies and the like.

The DPA specifies what can and can not be done with 'private data'. Data such as IP addresses and e mail addresses (which are collected by boards) are MOST DEFINITELY private data.

If when you signed up to boards you the T&C stated that the e mail address you were giving was going to be used to send you adverts (or 'newsletters') then there is no reason why this would fall foul of the DPA. This is because (grossly simplified) the DPA states that you can only use information for its intended purpose - thus if I'm told I'm giving my information and it may be passed onto third parties for advertising purposes - then as far as the DPA is concerned there is no problem (makes sense if you think about it).

thats not correct, you must give your consent. Opt in by default is not allowed.

wrote:

For example if you read the T&C's of many large companies when you give them information they will often say that they can pass the info onto their subsideraries (terrible spelling). I remember reading one once which said we will pass it onto a dutch company - the reason was this dutch company compiled their customer database.

If the subsidiary is in the EU then thats fine but its still subject to DP law governing it's use, the passing of data and who the data is being passed to etc

wrote:

So then the question arises does boards.ie NEED a data policy. No. AFAIK it's not a requirement that you have a data policy. However it just really good practice. The chances of you being able to defend yourself against a complaint made against you increase drastically if you have a policy and can point to it, and say we followed it. For example you are only allowed to keep data for specified purposes. If you don't have a Data protection policy - its much harder for you to justify the fact that you kept the data - because you can't point to a specific purpose enumerated in the policy.

As people can and do post personal information including payment information for subscribers, then DP laws are still relevent and a privacy policy would be a good idea. Im sure the admins have procedures in place to avoid any breachs of DP in place.

Its funny, i was only thinking about DP and boards.ie last night and then i saw this thread. The reason i was thinking about it was in relation to users who dont post anymore. in normal transactions with companies for example, when someone cancels their account there are rules around removing all their detail from the system etc and I was wondering if it is as relevent to boards.ie.

Btw, good post Seamus.

padser

faceman wrote: »

thats not correct, you must give your consent. Opt in by default is not allowed.

True, in attempting to simplify it I did omit to mention that uses like this must be opt in rather then default. I was trying to make the point that the DPA doens't preclude your details from being passed on - it simply regulates how it happens.

faceman wrote: »

If the subsidiary is in the EU then thats fine but its still subject to DP law governing it's use, the passing of data and who the data is being passed to etc

Yup, your details being passed on doesn't suddenly lead to a free for all with them - they are still subject to the same restrictions. AFAIK they can also be transfered outside the EU (this would be important where head offices are located in USA) but additional restrictions apply (I think) to attempt to ensure the same standards of data protection apply.

faceman

padser wrote: »

True, in attempting to simplify it I did omit to mention that uses like this must be opt in rather then default. I was trying to make the point that the DPA doens't preclude your details from being passed on - it simply regulates how it happens.

oops sorry for my misinterpretation of your point. But yes it ultimately boils down to consent.

wrote:

Yup, your details being passed on doesn't suddenly lead to a free for all with them - they are still subject to the same restrictions. AFAIK they can also be transfered outside the EU (this would be important where head offices are located in USA) but additional restrictions apply (I think) to attempt to ensure the same standards of data protection apply.

There is a safe list of countries on the DP website, USA being one of them. Its the call centres in the third world countries Id worried about!! :eek:

Maybe DeV and his team will outsource the Helpdesk forum to India in the future??

seamus

faceman wrote: »

Maybe DeV and his team will outsource the Helpdesk forum to India in the future??

User: Hi, can I change my name to BIGMAN66 please?
Helpdesk guy: OK, what browser are you using please?

Outsourcing to India is the devil's idea.

faceman

seamus wrote: »

User: Hi, can I change my name to BIGMAN66 please?
Helpdesk guy: OK, what browser are you using please?

Outsourcing to India is the devil's idea.

Brilliant!

it could also go like this:

User: "Hi, can I change my name to BIGMAN66 please?"
Helpdesk guy: "have you tried rebooting your computer?"

Stark

Or at my company's helpdesk: "What make and model is your computer?"

regi

thanks for feedback, we'll make it go