9 Tweets Long


I went to an AGM last night. It was an employee owned company. I wasn’t there representing anyone just observing but a DP issue cropped up. There was a roaming photographer taking pictures of all the attendees. Some naturally smiled and waved but when I asked the photographer

“What will you do with these pictures?”

the answer was staggering.

“I don’t know “.

It didn’t seem  promising but I settled down and Googled the company. The Chief Executive meanwhile made a standard speech about how good they were, being an employee owned company, just like John Lewis he chortled (but not quite as big). The company secretary told us how the Employee Trust was being set up very soon and everything looked rosy.

The results of the Google jury came in. It had a cookie policy on the front page. No privacy policy. I looked on the ICO website. They had notified so they knew something about DP. Back to their website I used their search facility and typed in Data Protection.  No results found.

It wasn’t looking good but I hit “Disclaimer and Copyright” just for fun. There it was. Halfway down the page was a Privacy Statement. Unfortunately it only had 216 words and 1,300 characters.  It didn’t give any commitment to protecting personal data; It didn’t quote the Notification number; It didn’t reference the Data Protection Act 1998; It didn’t say the purpose for which data was processed. It didn’t outline the rights of data subjects. It didn’t talk about data sharing (and it was a heath and social care employee owned company) and it didn’t offer any contact details if anyone wanted to ask anything about the policy.

In fact it was poor specimen which didn’t meet current good practice. Of course when the  General Data Protection Regulation (GDPR) comes into force the new rules on privacy notices will be much stricter.

Finally a quote from the policy.

“By continuing to use this site you are considered as understanding and agreeing to the contents of this statement.”

So they have no reference to Data Protection, the term isn’t searchable. You can find a Privacy Statement if you look under Disclaimer and Copyright button but it’s pretty poor missing out many things that the ICO code of practice recommends but whether you find it or not by continuing to use the site you understand and agree to their Privacy statement that is just 9 tweets long.

Act Now has a full programme of Data Protection workshops including “Data Protection and Social Media.” http://www.actnow.org.uk/courses/



Author: actnowtraining

Act Now Training is Europe's leading provider of information governance training, serving government agencies, multinational corporations, financial institutions, and corporate law firms. Our associates have decades of information governance experience. We pride ourselves on delivering high quality training that is practical and makes the complex simple. Our extensive programme ranges from short webinars and one day workshops through to higher level practitioner certificate courses delivered online or in the classroom.

Leave a ReplyCancel reply

Exit mobile version