9 Tweets Long



I went to an AGM last night. It was an employee owned company. I wasn’t there representing anyone just observing but a DP issue cropped up. There was a roaming photographer taking pictures of all the attendees. Some naturally smiled and waved but when I asked the photographer

“What will you do with these pictures?”

the answer was staggering.

“I don’t know “.

It didn’t seem  promising but I settled down and Googled the company. The Chief Executive meanwhile made a standard speech about how good they were, being an employee owned company, just like John Lewis he chortled (but not quite as big). The company secretary told us how the Employee Trust was being set up very soon and everything looked rosy.

The results of the Google jury came in. It had a cookie policy on the front page. No privacy policy. I looked on the ICO website. They had notified so they knew something about DP. Back to their website I used their search facility and typed in Data Protection.  No results found.

It wasn’t looking good but I hit “Disclaimer and Copyright” just for fun. There it was. Halfway down the page was a Privacy Statement. Unfortunately it only had 216 words and 1,300 characters.  It didn’t give any commitment to protecting personal data; It didn’t quote the Notification number; It didn’t reference the Data Protection Act 1998; It didn’t say the purpose for which data was processed. It didn’t outline the rights of data subjects. It didn’t talk about data sharing (and it was a heath and social care employee owned company) and it didn’t offer any contact details if anyone wanted to ask anything about the policy.

In fact it was poor specimen which didn’t meet current good practice. Of course when the  General Data Protection Regulation (GDPR) comes into force the new rules on privacy notices will be much stricter.

Finally a quote from the policy.

“By continuing to use this site you are considered as understanding and agreeing to the contents of this statement.”

So they have no reference to Data Protection, the term isn’t searchable. You can find a Privacy Statement if you look under Disclaimer and Copyright button but it’s pretty poor missing out many things that the ICO code of practice recommends but whether you find it or not by continuing to use the site you understand and agree to their Privacy statement that is just 9 tweets long.

Act Now has a full programme of Data Protection workshops including “Data Protection and Social Media.” http://www.actnow.org.uk/courses/



About actnowtraining

Act Now Training Ltd specialise in information law. We have been providing training and consultancy services globally for over 16 years. We have an extensive GDPR and FOI course programme from live and recorded webinars, accredited foundation through to higher level certificate courses delivered throughout the country or at your premises.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s