Sally writes:
>Our alumni people have contracted with a US based company
>called IAC for design.managing and hosting our alumni db.
>Does anyone have experience or advice about this
>company. I am told they are aware of the DPA 1984 and have indemnity from
>any upgrading of that legislation?
>I assume provided all this is made quite clear in the application form
>to join the alumni then we can supply this personal data to the US without
>any any problem.
>Also has anyone heard of 'The New Safe Habour Principles likely to
>effect in the US by July 2000' ??
Transfer overseas to any country that has inadequate data protection law in
place will, for the time being, need the consent of each individual data
subject. Consent in this case should be informed consent (i.e. telling the
person it is going to a country with no data protection law) and it would be
best to get it in writing. A US company cannot indemnify itself against UK
legislation or any "upgrade" of that law. What they probably mean is "if we
do something with this data that you don't like, tough cookies - your law
can't touch us."
This is why we must only transfer data outside the EEA where protection is
guaranteed in law or the data subject is willing to take the risk. In recent
times, local authority staff have received begging letters from Indian data
processing staff who have seen the salary rates they have processed and
people from the Philipines have written asking UK employees to be their
penfriends. In the US they do not believe in data protection law, they feel
the matter should be trusted to market force - in other words if you don't
like what a company does, don't deal with them. On the issue you have
described, the data subject is not given that choice.
In respect of the "safe harbor" (sic) principles - in which US law will be
used against companies that breach European data protection principles - will
apply from Summer 2000 ONLY for electronic commerce, not transfer of
databases, etc., that issue has still to be resolved.
Ian Buckland
MD
Keep IT Legal Ltd
Please Note: The information contained in this e-mail does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|