Non technical question

[Guest]

I am about to create a database that will list large volumes of personnal
information regarding our customers. Information such as name, address,
telephone number etc...

I am not sure whether in the UK you need to get a license or register this
type of database as it may also contain some medical information about the
customers as we are a medial supplier.

Could someone please inform me of my legal responsibilities in order to
comply with British data protection laws. I know this is a little off topic
for the discussion group but any help would be great.

Regards

Christopher Buxton

 

[Jamie Collins]

Could someone please inform me of my legal responsibilities in order to
comply with British data protection laws.

http://www.ico.gov.uk/

Jamie.

--

 

[Arvin Meyer [MVP]]

Irrespective of the law, there is the question of protection of individual
privacy. I would urge you to collect and store only the minimal amount of
information necessary to run your business. Access security is relative.
Being a file server type of database, its security can be breached by
someone who is determined. I would urge you to maintain the data in an MSDE
engine on a server instead of using JET.

Here in the US, medical information is required to be protected, by law. I
would assume that that protection level is even higher in Europe and the UK.
--
Arvin Meyer, MCP, MVP
Microsoft Access
Free Access downloads
http://www.datastrat.com
http://www.mvps.org/access

 

[Guest]

The US laws referred to by Arvin are called HIPAA, which not only ecompasses
protecting data but also releasing it. Having worked on State contracts for
Medicaid and CHIP, I can tell you the laws are stringent. If this is an
important part your business I would urge you to seek legal advice from a
lawyer rather then the message boards.