----- Original Message -----
From: Andrew Charlesworth <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, June 01, 2000 5:55 PM
Subject: CoP - Security
> Request for comments
>
Andrew,
There is no mention of any compliance with any data processor agreement the
institute may enter into with an outside body as part of their research
programme(s). It would seem a paragraph similar to:-
"Staff and Students must apply and abide by any relevant security
requirements contained in agreements with outside bodies who may furnish
personal data for university research purposes. "
would suit, thereby enabling both the data controller and the university
(data processor) to abide by the DPA 1998 provisions.
Ian
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|