We have stated that the DPA can be a complex act to process and can contain sensitive information and personnel information about individuals.
So can a paperless system assist this act?
I think the main question we have to ask ourselves is to what degree do we store or hold this type of information and for how long.
If you have read the post within this section you will know that there are eight key areas within this act.
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
I think the first four key areas are straight forward and are not really a key area to the paperless system although the process to achieve these areas must be given serious consideration when applying this information to a PC or to a system which has been developed for your organization or company.
One of the areas that sometime can be overlooked is that of first “input”, some system allow the person to do this electronically and this information is transferred automatically into the main data bank, but there are still a lot of paper information which has to be transferred manually into the electronic data system.
At this stage paper can cause a problem not only in the sense of a paperless environment but also transferring that information without paper and obtaining a secure transfer, this is a more to do with the Electronic Signature Regulations 2022 and the ESR Data protection which has been covered with an other section of the blog.
The next two areas: Not kept for longer than is necessary and processed in line with your rights, once again this will depend on the type of organization and company where these are used in the contents of there application.
The last two are certainly two of the main concerns within this act which have caused problems with the design and also its potential damage weather its long term or short term damage.
Secure can mean a lot of areas within this section, secure form hackers, secure loss of data, secure of storage, secure within a day to day usage. Secure of transferring and secure of non active viewing and usage.
One of the area that I am totally confused about is that, sometimes we read and see on the news, that a USB stick was left on a train or lost in a public place, its not the reason that the information was lost, unfortunately people are human and mistakes are made, but it’s the lack of protected procedures that companies introduce when applying this act, its knowing that these incidents happened not because of human or computer error but the procedures allowed this to happen.
How was the information transferred on the stick in the first place, you can say that its like a person working in a bank taking some of the money out of the bank, taking it home and saying that he or she has to count it while he or she is at home, it should not happen in the first place, it should not even entered the person mind, never mind carrying out the act
I think this act and the paperless system is difficult to separate, not because it is complex but it would be difficult to design a totally paperless system which is separate from the standard PC installation and keep it connected within the organizations computerized frame work.
We must also ask our selves do we want to separate this information, I think it can only be answered to the type of information you have in the first place, although storage and input and also day to day activities may benefit from totally paperless environment.
Once again this section is really dependant to the type of information and how the organization and company is using this information in the first place