|
|
Short Answers to Everyday Privacy Questions
NB. All references to the “DPA” relate to the Data Protection (Privacy of Personal Information) Act 2003.
1. Question: Why do organizations always seem to ask for my date of birth when I ring them to discuss my business?
 Answer
2. Question: Why won’t an organization tell me how much is owing on an account? (The account is my spouse’s name but I always pay the bills.)
 Answer
This will depend on whose personal information the organization is holding in the account record. If your name is not on the account the organization is bound to keep the information it holds secure. Access can be gained with your spouse’s permission in writing. However, Banks will readily accept deposits into an account if you already have a name and/or account number.
3. Question: Do I always have to give my name and other personal information when I am doing business with an organization?
Answer
If the transaction is in cash there is no legal reason for you to give out your personal information except when dealing with a financial institution which has an obligation to “know your customer.” However, it will not always be practical or legal to remain anonymous in all circumstances. For example, when you apply for a loan, or a utility service, such as the telephone (where you are going to be billed later), you will be asked to provide specific types of identification.
When an organization collects your personal information it should take reasonable steps to tell you the purpose or reason. If they don’t tell you why, ask them.
4. Question: Can I get access to the personal information an organization holds about me?
Answer
Yes, you have a general right to access all the personal information an organization holds about you. Access is governed by Section 8 of the DPA.
An organization can also refuse to give you access for other reasons, for example, a threat to your health and safety of someone else or where access is prevented by another law. Even then, an organization must consider giving you limited access to the information through an intermediary.
Exceptions to access are detailed in Section 9 of the DPA.
5. Question: Can I get access to my referee reports?
Answer
If you are applying for a job but have not yet taken it or were not successful, generally you should be able to get access to those reports.
To make sure they get the best person for the job organizations want referees to provide accurate reports. An inaccurate referee’s report could affect your employment opportunities. As far as possible, the information an organization collects about you should be accurate, complete and up to date. In most circumstances, the DPA gives you a right to access and correct all the personal information an organization holds about you. This would include a referee’s report.
In all cases, consideration must also be given to the rules of confidentially vs. the organization’s responsibility under the DPA.
6. Question: What should an organization tell me when it is collecting personal information about me?
Answer
Organizations might collect personal information from you in a number of ways, such as in person, over the phone or over the internet. Whatever method is used to collect the information, the organization needs to take reasonable steps, at the time, or as soon as practicable afterwards, to make you aware of a number of things including:
- its name and how can you contact them;
- why they are collecting the information;
- any consequences if you do not provide the information;
- what other organization your information might usually be given to; and
- that you can access personal information held about you by the organization.
If this information is on the form that is given to you to complete and you do so, then consent is assumed.
7. Question: Can an organization keep the personal information it has collected about me forever?
Answer
NO. However, the DPA does not set a specific time period for the destruction of personal information. The DPA simply states that the information “shall not be kept for longer than is necessary for that purpose or those purposes except in the case for historical, statistical or research purposes.” Good security measures must also be taken against unauthorized access to, or alteration disclosure or destruction of the data and against their accidental loss or destruction.
8. Question: Can I authorize someone to act on my behalf when dealing with a business?
Answer
Generally yes, the DPA does not prevent businesses from dealing with someone you have authorized to act on your behalf.
However, different organizations may have slightly different procedures to ensure that they have your authorization to deal with someone else on your behalf. The usual risks apply in such circumstances.
9. Question: Can couples get access to information about each other’s bank accounts?
Answer
Yes, if the bank account is held by the couple in their names jointly, and either of the couple can operate it.
If an account is held in the name of only one of the couple, the couple may not be able to get access to information about each other’s account unless they have made arrangements to allow it. Also see item (2) above.
10. Question: The Bahamas Department of Statistics has asked me to complete a survey. Do I have to answer the questions in the survey?
Short Answer
In the first instance, The Department of Statistics always seeks your willing cooperation in answering the questions included in official surveys. If you don’t provide the information requested, however, then legislation allows the Department to direct you, in writing, to provide it. If this occurs, you are obliged to provide the information.
|