Ian,
is'nt the question here:-
"why does this individual keep these records on his home P.C and what is he doing with it"
If he is holding the information on behalf of the council, e.g to maybe work from home or keep a check on the accounts...then he is still a Data Processor, processing this information on behalf of the council??. If this is the case then I agree with your point that the council needs to have a policy in place to inform Data Processor as to how they should be handling their data and what they should be doing with it, and importantly is it secure,as the information is being stored off site (presumably the data includes names and contact, for "mailing" puposes) who has access to it?
On the other hand......
If he is using this information for other purposes, is it "fair and lawful", i.e should not the council be informing members of this purpose and seeking their consent????
The question Fiona asked "who owns the data"..does this not depend on what data the individual was employed to collect, if the data collected was commision by Carlise City Council, would this not mean they own the data and are the Data Controller.
If the individual collected other additional information and was using it for their own purposes then:
a) they would need to obtain consent
b) they would need to register as a Data controller , as well.
Fiona, worth checking!
Comments please.
[mailto:[log in to unmask]]
>>> Ian Welton <[log in to unmask]> 07/02/01 20:38:45 >>>
Sounds at the moment, from your description and questions, that your are
both data controllers and both need registering.
From the concept of the individual working for the council, under contract
to the council, it would appear that the council are the data controller
with the contracted individual being the data processor.
The bottom line is it is down to the council and the individual, in
determining the appropriate method of working, on who the data controller(s)
are. Also ensure that all data subjects are aware of whom the data
controller(s) is(are).
Way ahead - Check the contract. Make sure the situation is clear in the
contract and that a comprehensive data processor agreement is put in place
identifying what the contractor can and cannot do with the personal data, or
that both the contractor and council have notificaitons in place.
If there is any dispute about who is the data controller it might help to
ask the contractor if they have notified their processing. If not, they are
committing a strict liability offence. On the other hand if the council are
the data controller - processing lawful under councils notificaiton - the
way ahead is clear.
Ian W.
----- Original Message -----
From: "Data Protection Officer" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, February 07, 2001 2:20 PM
Subject: Our Golf proffessional
> Carlisle City Council is responsible for the municipal golf course, and
> employs the services of a golf proffessional. He is not a CCC employee,
but
> works part of the time on cotract to us, and the rest of the time he self
> employed. He runs golf tournaments on behalf of Carlisle City Council,
> includes mailings, fee collection, publication of results, league table
etc.
> He has this information on a Carlisle City Council PC in the club shop,
but
> informs me, he keeps a copy on his PC at home.
>
> Is he a data processor? should he be registered in his own right? who owns
> the data, whose responsibility is it - if he is the data processor (to us)
> and a controller in his own right? is it up to us to stipluate how he
takes
> care of our data?????
>
> Fiona Campbell
> IT Team Principal
> IT Services (Ext. 7258)
>
>
>
> _____________________________________________________________________
> This message has been checked for all known viruses by Star Internet
delivered
> through the MessageLabs Virus Control Centre. For further information
visit
> http://www.star.net.uk/stats.asp
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/
_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|