Sally writes:

>Our alumni people have contracted with a US based company
>called IAC for design.managing and hosting our alumni db. 
>Does anyone have experience or advice about this
>company. I am told they are aware of the DPA 1984 and have indemnity from
>any upgrading of that legislation?

>I assume provided all this is made quite clear in the application form
>to join the alumni then we can supply this personal data to the US without
>any any problem.
 
>Also has anyone heard of 'The New Safe Habour Principles likely to 
>effect in the US by July 2000' ??



Transfer overseas to any country that has inadequate data protection law in 
place will, for the time being, need the consent of each individual data 
subject.  Consent in this case should be informed consent (i.e. telling the 
person it is going to a country with no data protection law) and it would be 
best to get it in writing.  A US company cannot indemnify itself against UK 
legislation or any "upgrade" of that law.  What they probably mean is "if we 
do something with this data that you don't like, tough cookies - your law 
can't touch us."

This is why we must only transfer data outside the EEA where protection is 
guaranteed in law or the data subject is willing to take the risk.  In recent 
times, local authority staff have received begging letters from Indian data 
processing staff who have seen the salary rates they have processed and 
people from the Philipines have written asking UK employees to be their 
penfriends.  In the US they do not believe in data protection law, they feel 
the matter should be trusted to market force - in other words if you don't 
like what a company does, don't deal with them.  On the issue you have 
described, the data subject is not given that choice.

In respect of the "safe harbor" (sic) principles - in which US law will be 
used against companies that breach European data protection principles - will 
apply from Summer 2000 ONLY for electronic commerce, not transfer of 
databases, etc., that issue has still to be resolved.

Ian Buckland
MD
Keep IT Legal Ltd

Please Note: The information contained in this e-mail does not replace or 
negate the need for proper legal advice and/or representation. It is 
essential that you do not rely upon any advice given without contacting your 
solicitor.  If you need further explanation of any points raised please 
contact Keep I.T. Legal Ltd at the address below:

55 Curbar Curve
Inkersall, Chesterfield
Derbyshire  S43 3HP 
(Reg 3822335)
Tel: 01246 473999 
Fax: 01246 470742
E-mail: [log in to unmask]


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%