top stories

Share

Comments from the Association of Chartered Certified Accountants
November 2000

The Association of Chartered Certified Accountants (ACCA) prepared some brief comments on this consultation draft as follows.

1. We suggest that you rephrase the start of the paragraph to read "For the first data protection principle to be met, any processing operation must be necessary, inter alia, 'for the exercise of any functions conferred on a person by or under any enactment' or 'for the purposes of legitimate interest pursued by the data controller'. These conditions suggest that for the principle to be satisfied ..." The point being made is that not all the criteria in schedule 2 must be met for processing to be fit and lawful and comply with the first principle.
   
   
2. In discussing the DPA implications, the paper does not consider the legality of using data held elsewhere in the light of data protection principle 2: 'personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.' We would expect this issue to be covered in the DPC's guide.
   
   
3. As the prevention and detection of fraud rests with the management of audited bodies, we believe that data matching, as described in the document, is more relevant to the internal auditor. We believe that e- government should eventually facilitate economies of scale for data matching and improvements in communication processes.

Back to top