cheers for that TTL

Im just trying to find out where I stand, becasue im really starting to get worried now, all I have done is pass on the name and address of the customer so that the item can be sent to them. am i right in thinking that this is publiicly available information through the phone book etc? Im being told that this is highly illegal, but im not sure, really hope its not though

It doesn't matter whether the information is available in a phone book or anywhere else. If you are taking and holding information on a customer, you must be registered.

Don't worry though - you're not gonna end up in prison for a breach - think of the stupid idiots that have lost all that personal data on millions of people stored on lost laptops.

Anyway, this is the ICO's checklist

• Do I really need this information about an individual? Do I know what I'm going to use it for?
• Do the people whose information I hold know that I've got it, and are they likely to understand what it will be used for?
• If I'm asked to pass on personal information, would the people about whom I hold information expect me to do this?
• Am I satisfied the information is being held securely, whether it's on paper or on computer? And what about my website? Is it secure?
• Is access to personal information limited to those with a strict need to know?
• Am I sure the personal information is accurate and up to date?
• Do I delete or destroy personal information as soon as I have no more need for it?
• Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
• Do I need to notify the Information Commissioner and if so is my notification up to date?

I hope this helps.

Don't worry if you have to register, as it's fairly easy. The only painful bit is paying for it, but £35 shouldn't break the bank

Quote:

Originally Posted by TTL

Don't worry though - you're not gonna end up in prison for a breach - think of the stupid idiots that have lost all that personal data on millions of people stored on lost laptops.

thats nice to hear at least, im just worried because I have never set out to try and upset anyone, its a long story as to what has gone on, but im just worried that im gonna end up with some punishment for something that at the time i didnt even know was wrong.

Just register - it's painless

https://forms.informationcommissione...oc?page=7.html

just have done, cheers,

Does doing this mean that i can pass on information to suppliers, is this correct? of have i read that wrong?

Well done - you can sleep easy tonight

I started another thread about this Data protection act and you.

I'm sure that there are quite a few small businesses on here that aren't aware of the obligation.

Hopefully!! Thanks a lot TTL for bringing this to my attention, just so i can hear it from someone else, reading through the form it sounds like I am permitted to share the customers details with a supplier. have i read this right?
Regards
Warren

My understanding is that you can do this, as long as it is made clear somewhere in your T&Cs or Privacy Statement that you may have to share information to fuilfil an order.

You don't have to get their express permission in writing, but you should make them aware of this somewhere - just to cover your back.

The other thing you should include is the option to opt-out of any marketing emails or mailings you may want to send. Even if you don't intend to do this now, you may in the future and a sentence along the lines of being able to opt-out of it by emailing "datacontrol @ XXXXXXX.co.uk" will cover this one. Once they have asked to be excluded, you will be breaching the DPA if you do contact them for this purpose.

oh ****, so im no better off really... but at least now i know about this needs to go in my T&C's

Yeah, just put something in your T&Cs or make a Privacy Statement to cover passing details to another company and an opt-out clause.

The option to unsubscribe is quite often overlooked. About a quarter of the emails from companies we do business with don't have the unsubscribe option. Even so, they would have to remove us from their mailing lists if requested.