This may sound paranoid and/or over cautious and/or unhelpful but if your company and/or your customer needs to rely on something being legal then you should probably be doing more than just googling for the information e.g. talk to a lawyer, the customer's data protection person etc.
However, as it is Friday afternoon, I shall do exactly what I have just said you shouldn't, and look at the act and, not being a lawyer, make a bizarre and arbitrary and probably inaccurate summise that the most relevant bit is Schedule II Section 4 (d) does not involve disclosure of the personal data to a third party without the consent of the data subject.
You could perhaps argue that not using SSL could potentially cause this to be contravened, and that by using SSL you are at least trying, though obviously the Act does not have any helpful exemptions for holes in the operating system etc. etc. :-)
I hope the above is taken in the spirit in which it is meant i.e. I am trying to be vaguely helpful, not sarcastic...
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
chiming
no subject
Date: August 6th, 2004 08:35 am (UTC)From:However, as it is Friday afternoon, I shall do exactly what I have just said you shouldn't, and look at the act and, not being a lawyer, make a bizarre and arbitrary and probably inaccurate summise that the most relevant bit is Schedule II Section 4 (d) does not involve disclosure of the personal data to a third party without the consent of the data subject.
You could perhaps argue that not using SSL could potentially cause this to be contravened, and that by using SSL you are at least trying, though obviously the Act does not have any helpful exemptions for holes in the operating system etc. etc. :-)
I hope the above is taken in the spirit in which it is meant i.e. I am trying to be vaguely helpful, not sarcastic...