Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Does anyone know what the situation is regarding storing NI/CRB/List99 (mainly these three) numbers and personal information in a database? I know CRB numbers (also limited access) have to be destroyed after 6 months, any longer and you need permission/reason, but i'm not to sure about NI's. What about encryption of this data? From what i gather there is no legal requirement of storing any of this data encrypted, but i haven't read anything that is a definite yes/no.
Cheers in advanced 
|
Leighton
Member
Registered: 21st Feb 01
Location: Liverpool
User status: Offline
|
Ian will be allong shortly 
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
I think you have to be registered as a "data controller" with the ICO:
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/keeping_the_register.aspx
http://www.ico.gov.uk/for_organisations/data_protection.aspx
[Edited on 23-06-2011 by Sam]
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Sam
I think you have to be registered as a "data controller" with the ICO:
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/keeping_the_register.aspx
http://www.ico.gov.uk/for_organisations/data_protection.aspx
I didn't know that, but the company should already be registered as they deal with CRB/NI numbers in paper form.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Not sure if there's any specific requirement to encrypt but it's classed as more sensitive so the penalties are stricter for accidently disclosing it.
Also not an ICO issue but you're not really supposed to use NI numbers for purposes other than the HMRC ones - there's information on the site which I'll dig out when I'm back at a proper computer.
You also need legimate reasons to be storing the others, the ICO prefence is typically that you don't store unless it's necessary.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Cheers Ian.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
http://www.hmrc.gov.uk/manuals/nimmanual/NIM39120.htm
http://www.hmrc.gov.uk/manuals/nimmanual/NIM39125.htm
Worth following the links in those docs as well.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Ian
http://www.hmrc.gov.uk/manuals/nimmanual/NIM39120.htm
http://www.hmrc.gov.uk/manuals/nimmanual/NIM39125.htm
Worth following the links in those docs as well.
Tar!
So am I right to assume it is perfectly fine to store NI numbers as it is necessary for payroll etc? Although I’m not entirely sure the reason why they (company) need to be storing NI's on their computerised system as it'll only be for end of month payroll etc and they have that in paper form.
As for CRB's, further reading seems to suggest that you're right in that the data doesn't need to encrypted just secure from unauthorised access. Only issue I can see is retention of this data although I have read that data can be retained for as long as it is necessary - so in terms of a school etc, I assume they keep this for as long as the teacher/staff is working there?
Cheers again
|
