Protecting your Personal Data
Protecting your Personal Data
Do you really know what you’re doing?
In this fast moving and sometimes expensive world in which we live, it is no surprise that we do whatever we can to make life easier, more efficient and more cost effective for ourselves. We subscribe to online newspapers and magazines so we don’t have to take a trip down the road in the rain to buy one off the shelf. We fill our wallets with loyalty cards because ‘points make prizes’ (or savings on our weekly shop at least).
We fill in form after form to ensure we have the basic services of heat, power, water and communications. Occasionally, we might even take a chance at entering a competition, having been tempted by the holiday of a lifetime, or the latest techy gadget. All of these things, plus many more, we do every single day without much thought as to the consequences. Time is the one thing few of us have much of these days, and many of us will grumble when yet another form needs filling out. And because of that need to move swiftly on to the next chore, many of us will overlook some fundamental details before sending the completed form back, or clicking on the ‘submit’ button. Without even realising, you will have given lots of personal information about yourself to another organisation, or in many cases, lots of different associated companies.
Those fundamental details may consist of terms and conditions, contractual obligations, and other often long-winded legalistic clauses accompanied by a tick-box to confirm that you have read and understood them. I would argue that the majority of us tick the box without having read as much as the first paragraph. But it is this ‘small print’ that is vitally important in terms of Data Protection requirements, and more importantly in telling you the consumer what is going to happen to your personal information once you have freely given it to them. All companies who collect personal information from consumers have a legal obligation under the Data Protection (Jersey) Law 2005 to ensure that they collect and use that information fairly and lawfully, and in order to comply with those ‘fair processing’ requirements they should be telling you:
1. WHO is collecting the information?
It may be obvious, but they may be collecting your information on behalf of another company. If so, they need to tell you. Can you be sure you are dealing with the same company you have given your information to?
2. WHAT are they collecting the information for?
Companies must only use the information provided to them for specific and lawful purposes to which you have agreed. If they want to use it for something else then in most cases they must come and ask you first.
3. WHERE will the information go?
Sometimes companies may wish to share the information you have provided them with other ‘selected’ or ‘associated’ companies. It is their legal obligation to tell you who these additional companies are, and who else they may disclose your information to.
In addition, companies should be communicating this to you in a clear, easy to understand way. A basic fair processing statement should only be a few lines long, should be in plain English, with translations where necessary, and should be big enough for anyone to read. Our experience as a regulator has seen countless examples where the text has been so tiny it was impossible to read, or that the language used was too legalistic and complicated to understand, or simply too long to read. Some companies will even deliberately make their fair processing statements difficult to read so the consumer has no idea what they are agreeing to.
Why is this so important? Because in this digital age, personal information is a valuable asset and this is YOUR opportunity to opt out of having your information shared, or used for other purposes that you have not agreed to, such as marketing activities for example. It is also there so you can be left in no doubt as to what will happen to your personal information, and empower you to ask the questions should you have any doubts whatsoever.
So, in summary, read the small print before you submit that form. If you can’t read it or don’t understand it, ask the company how they are going to treat your information fairly and lawfully, or alternatively just don’t submit the form. Data Protection law is about putting you in control of your own information. Whilst companies have legal obligations to protect your information, consumers also have an equal responsibility to read the assurances the company gives you. If you choose not to read them, don’t be surprised when the next unsolicited marketing email arrives in your inbox from a company you’ve never heard of!
If you would like further information about how to protect yourself from misuse of your personal information, please visit the Office of the Information Commissioner’s
Deputy Information Commissioner