Page 314 - DMGT308_CUSTOMER_RELATIONSHIP_MANAGEMENT
P. 314

Unit 12: Customer Privacy




          6.   Processing of data in an automated manner must be avoided  when it affects the vital  Notes
               interests of the data subject. In some countries the subjects have the right to have knowledge
               of the logic of the automated processing and in others they may request the same to be
               supervised by a person.
          7.   Processing in a manner that provides unauthorised access of the data to persons other than
               the data subject is strictly prohibited.

          12.1.18 Data  Storage

          Data once collected needs to be stored and as larger  volumes of data enter  into public  and
          private databases, the need to legislate on appropriate storage regulations becomes important.
          No matter how carefully regulated collection and processing might  be, if data retention and
          storage regulations do not match up, there is a grave risk that this will prove to be the source of
          data violations. Most legislations around the world have regulations relating to the retention
          and storage of data. These include provisions such as:
          1.   The data once collected must be deleted after achieving the  purpose for which it was
               collected.

          2.   Data must not be stored in a form that allows data subject to be identified after achieving
               the purpose of collection.
          3.   Uniform personal identification numbers must  not be  used for  identification of data
               subjects. Some countries have prohibited linking of data and use of matching programs.
          4.   Laws of some countries mandate that data must be retained for a period after the use so
               that it can be accessed by the data subjects or by the state.

          5.   Some of the exceptions for deletion of data include keeping data for historical, scientific
               and statistical or research purposes.
          6.   The details of data collected to be published in register or in a website.

          7.   Access to the data must be blocked if the data cannot be deleted.
          8.   The data  controller must limit the time period  of the retention of information to  the
               minimum necessary.

          9.   The details of the time and date when the information is collected for storage must be
               noted.
          10.  Data subjects must be provided with a mechanism to withdraw the consent at any time,
               without undue delay, cost or gain to the data controller

          12.1.19 Data  Security

          The data  once collected, will need to be stored (even  if only  for a  little while), by the data
          controller. It is important that the proposed data protection legislation should impose adequate
          data security  obligations on the data controller for  the duration of such storage. Most  data
          protection legislations have provisions such as:
          1.   The data controller must ensure that the data is protected, by such security safeguards as it
               is reasonable in the circumstances to take, against loss, against unauthorised access, use,
               modification or disclosure, and against other misuse.
          2.   The integrity of personal information to be secured by taking appropriate technical and
               organisational measures.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   309
   309   310   311   312   313   314   315   316   317   318   319