I went to an AGM last night. It was an employee owned company. I wasn’t there representing anyone just observing but a DP issue cropped up. There was a roaming photographer taking pictures of all the attendees. Some naturally smiled and waved but when I asked the photographer
“What will you do with these pictures?”
the answer was staggering.
“I don’t know “.
It didn’t seem promising but I settled down and Googled the company. The Chief Executive meanwhile made a standard speech about how good they were, being an employee owned company, just like John Lewis he chortled (but not quite as big). The company secretary told us how the Employee Trust was being set up very soon and everything looked rosy.
It wasn’t looking good but I hit “Disclaimer and Copyright” just for fun. There it was. Halfway down the page was a Privacy Statement. Unfortunately it only had 216 words and 1,300 characters. It didn’t give any commitment to protecting personal data; It didn’t quote the Notification number; It didn’t reference the Data Protection Act 1998; It didn’t say the purpose for which data was processed. It didn’t outline the rights of data subjects. It didn’t talk about data sharing (and it was a heath and social care employee owned company) and it didn’t offer any contact details if anyone wanted to ask anything about the policy.
In fact it was poor specimen which didn’t meet current good practice. Of course when the General Data Protection Regulation (GDPR) comes into force the new rules on privacy notices will be much stricter.
Finally a quote from the policy.
“By continuing to use this site you are considered as understanding and agreeing to the contents of this statement.”
So they have no reference to Data Protection, the term isn’t searchable. You can find a Privacy Statement if you look under Disclaimer and Copyright button but it’s pretty poor missing out many things that the ICO code of practice recommends but whether you find it or not by continuing to use the site you understand and agree to their Privacy statement that is just 9 tweets long.
Act Now has a full programme of Data Protection workshops including “Data Protection and Social Media.” http://www.actnow.org.uk/courses/