Your firm and the Data Protection Act

1. Do we need to bother about the data protection legislation? What impact could it have on us?
2. What does registering ('notifying') involve?
3. What are the penalties likely to be, if we haven't notified when we should have done?
4. How do the authorities decide who gets 'assessed'?
5. We hear there are scams involving notification. How can we tell if the correspondence we have received is genuine?
6. Someone working for one of our sub-contractors now wants copies of all the information we have in which his name appears. Do we have to provide it?
7. Most of our customer records are still held in paper form. Are they covered by the Data Protection Act?
8. Do we really have to get our customers to agree that we can send them marketing information?
9. Do we have to get our customers to agree if we want to sell our mailing lists or disclose customer details to third parties?
10. What do we have to do, if we want to use a third party to do payroll processing or direct mail marketing for us?
11. If we conduct our direct mail marketing through a foreign firm, what do we have to do to stay on the right side of the law?
12. If I take notes at a recruitment interview, can I be forced to show them to the interviewee?
13. Is there any problem over us monitoring our employees' use of office phones, Internet access or email system?
14. Do we have to provide employees (or customers) with copies of the information we hold on them?
15. Do we have to provide former employees with copies of the references that we have given about them to third parties?
16. We are thinking of installing CCTV. Will we land ourselves with any data protection obligations if we do?
17. Do we need to tell customers if we operate a CCTV system?
18. We put up CCTV cameras to deter break-ins, and caught one of our staff stealing. Can we use the tapes for disciplinary or court proceedings?
19. What sort of penalties might we suffer for breaching the Data Protection Act?