corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » Data Protection - Storing NI/CRB/Personal Info


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author Data Protection - Storing NI/CRB/Personal Info
Dom
Member

Registered: 13th Sep 03
User status: Offline
23rd Jun 11 at 11:16   View User's Profile U2U Member Reply With Quote

Does anyone know what the situation is regarding storing NI/CRB/List99 (mainly these three) numbers and personal information in a database? I know CRB numbers (also limited access) have to be destroyed after 6 months, any longer and you need permission/reason, but i'm not to sure about NI's. What about encryption of this data? From what i gather there is no legal requirement of storing any of this data encrypted, but i haven't read anything that is a definite yes/no.

Cheers in advanced
Leighton
Member

Avatar

Registered: 21st Feb 01
Location: Liverpool
User status: Offline
23rd Jun 11 at 11:21   View Garage View User's Profile U2U Member Reply With Quote

Ian will be allong shortly
Sam
Moderator
Premium Member


Registered: 24th Dec 99
Location: West Midlands
User status: Offline
23rd Jun 11 at 11:27   View User's Profile U2U Member Reply With Quote

I think you have to be registered as a "data controller" with the ICO:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/keeping_the_register.aspx

http://www.ico.gov.uk/for_organisations/data_protection.aspx

[Edited on 23-06-2011 by Sam]
Dom
Member

Registered: 13th Sep 03
User status: Offline
23rd Jun 11 at 11:39   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Sam
I think you have to be registered as a "data controller" with the ICO:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/keeping_the_register.aspx

http://www.ico.gov.uk/for_organisations/data_protection.aspx



I didn't know that, but the company should already be registered as they deal with CRB/NI numbers in paper form.
Ian
Site Administrator

Avatar

Registered: 28th Aug 99
Location: Liverpool
User status: Offline
23rd Jun 11 at 16:59   View Garage View User's Profile U2U Member Reply With Quote

Not sure if there's any specific requirement to encrypt but it's classed as more sensitive so the penalties are stricter for accidently disclosing it.

Also not an ICO issue but you're not really supposed to use NI numbers for purposes other than the HMRC ones - there's information on the site which I'll dig out when I'm back at a proper computer.

You also need legimate reasons to be storing the others, the ICO prefence is typically that you don't store unless it's necessary.
Dom
Member

Registered: 13th Sep 03
User status: Offline
23rd Jun 11 at 19:42   View User's Profile U2U Member Reply With Quote

Cheers Ian.
Ian
Site Administrator

Avatar

Registered: 28th Aug 99
Location: Liverpool
User status: Offline
23rd Jun 11 at 21:03   View Garage View User's Profile U2U Member Reply With Quote

http://www.hmrc.gov.uk/manuals/nimmanual/NIM39120.htm

http://www.hmrc.gov.uk/manuals/nimmanual/NIM39125.htm

Worth following the links in those docs as well.
Dom
Member

Registered: 13th Sep 03
User status: Offline
23rd Jun 11 at 21:26   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Ian
http://www.hmrc.gov.uk/manuals/nimmanual/NIM39120.htm

http://www.hmrc.gov.uk/manuals/nimmanual/NIM39125.htm

Worth following the links in those docs as well.


Tar!

So am I right to assume it is perfectly fine to store NI numbers as it is necessary for payroll etc? Although I’m not entirely sure the reason why they (company) need to be storing NI's on their computerised system as it'll only be for end of month payroll etc and they have that in paper form.

As for CRB's, further reading seems to suggest that you're right in that the data doesn't need to encrypted just secure from unauthorised access. Only issue I can see is retention of this data although I have read that data can be retained for as long as it is necessary - so in terms of a school etc, I assume they keep this for as long as the teacher/staff is working there?

Cheers again

 
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
tracing a car???????? Lisa General Chat 14 246
14th Jan 04 at 20:36
by vibrio
 
The girlfriend picture again Ian General Chat 45 1492
18th Jun 04 at 22:03
by Marco The Corsa Man
 
Anyone clued up on Law? Need advice. mestonian General Chat 11 1008
27th Nov 05 at 18:52
by corsa_munky
 
MySQL Encryption and Storing Sensitive Information Dom Geek Day 8 174
10th Nov 10 at 12:56
by ENB
 
Anyone work for orange? ljames555 Geek Day 7 217
5th May 11 at 22:04
by AlunJ
 

Corsa Sport » Message Board » Off Day » Geek Day » Data Protection - Storing NI/CRB/Personal Info 29 database queries in 0.0234189 seconds