The gift of personal information

Throughout the year we gift organisations, clubs, businesses and charities our personal information in return for a product or service. We often take time to carefully select the best gift for a loved one or friend, however we sometimes give the gift of our personal information to others without such consideration.

Jersey’s Data Protection Law is in place to help ensure that when it comes to our personal information, all of us are provided with appropriate legal protections and remedies in today’s highly digitised world. Every time you click on a Google search result, like a Facebook status or order an item on Amazon, you are generating data; such data is arguably one of the most important assets in our modern age.

The team from the Jersey Office of the Information Commissioner (JOIC) sends seasonal wishes and a small gift: The 12 Information Crackers

 

  1. Data Protection is a positive concept which holds to account, those entrusted with our personal information to look after it correctly.
  2. ‘Oh we can’t tell you that…it’s against data protection! …’ The data protection law is frequently used as a barrier by organisations to hide behind. This is often as a result of a lack of understanding of the law, or a fear of getting it wrong and facing the wrath of the regulator. This inadvertently leads to organisations telling you they can’t do something when actually they can.
  3. ‘I didn’t give you consent to share my information…’ There are a number of ‘conditions for processing’ that can be relied upon by organisations depending upon the type of information and the circumstances in which it is to be used. For example, another law might require an organisation to share your information with another authority, meaning there is a legal obligation compelling the organisation to disclose it. In those circumstances, they wouldn’t need to obtain your consent first.
  4. Tip; check out the small print / privacy policy. Is your information being shared? If so, with whom? And for what purpose? All too often we are only partially aware of how our information is collected, used, and shared. Ask questions
  5. The JOIC team recommend that you turn off ‘auto-complete’ for email addresses. How many times have you sent the ‘innocent’ email to the wrong person?
  6. Use the BCC (Blind Carbon Copy) for emails to more than one recipient. Stay safe and avoid the risk of sharing personal information that you shouldn’t.
  7. Treat all personal data with the same respect and security as you would wish your own information cared for.
  8. Don’t throw your paperwork in the bin –
  9. When processing children’s personal information you must take extra care.
  10. Only process what you really need – information minimisation reduces risk
  11. Train, train, train. Data protection training and awareness for all staff, volunteers and executives is fundamental.
  12. Don’t panic! Our jolly team at the Office of the Information Commissioner are on hand to answer your questions. See our contact details below.

If you’re not sure about something, or need some advice on how the law applies to you, please do not hesitate to contact us.

The Data Protection Law should be seen as an enabling piece of legislation, not a dis-abler. Successful businesses are those that can harness the power of the digital footprint AND ensure that they respect customer data.