Paula,
Quite right.
I did not mention or address the security aspects coming out of this.
Determining the data controller seemed to be the main issue in question with
compliance with the principles then following from that. Clearly compliance
with all of the the principles is important.
Hope the link you provided at 3.07 pm helps resolve the problem fully for
Fiona.
Ian W.
----- Original Message -----
From: "Paula Leon" <[log in to unmask]>
To: <[log in to unmask]>; <[log in to unmask]>
Sent: Thursday, February 08, 2001 10:13 AM
Subject: Re: Our Golf proffessional
> Ian,
>
> is'nt the question here:-
>
> "why does this individual keep these records on his home P.C and what is
he doing with it"
>
> If he is holding the information on behalf of the council, e.g to maybe
work from home or keep a check on the accounts...then he is still a Data
Processor, processing this information on behalf of the council??. If this
is the case then I agree with your point that the council needs to have a
policy in place to inform Data Processor as to how they should be handling
their data and what they should be doing with it, and importantly is it
secure,as the information is being stored off site (presumably the data
includes names and contact, for "mailing" puposes) who has access to it?
>
> On the other hand......
> If he is using this information for other purposes, is it "fair and
lawful", i.e should not the council be informing members of this purpose
and seeking their consent????
>
> The question Fiona asked "who owns the data"..does this not depend on what
data the individual was employed to collect, if the data collected was
commision by Carlise City Council, would this not mean they own the data and
are the Data Controller.
>
> If the individual collected other additional information and was using it
for their own purposes then:
> a) they would need to obtain consent
> b) they would need to register as a Data controller , as well.
>
> Fiona, worth checking!
>
> Comments please.
>
>
>
>
> [mailto:[log in to unmask]]
>
> >>> Ian Welton <[log in to unmask]> 07/02/01 20:38:45 >>>
> Sounds at the moment, from your description and questions, that your are
> both data controllers and both need registering.
>
> >From the concept of the individual working for the council, under
contract
> to the council, it would appear that the council are the data controller
> with the contracted individual being the data processor.
>
> The bottom line is it is down to the council and the individual, in
> determining the appropriate method of working, on who the data
controller(s)
> are. Also ensure that all data subjects are aware of whom the data
> controller(s) is(are).
>
> Way ahead - Check the contract. Make sure the situation is clear in the
> contract and that a comprehensive data processor agreement is put in place
> identifying what the contractor can and cannot do with the personal data,
or
> that both the contractor and council have notificaitons in place.
>
> If there is any dispute about who is the data controller it might help to
> ask the contractor if they have notified their processing. If not, they
are
> committing a strict liability offence. On the other hand if the council
are
> the data controller - processing lawful under councils notificaiton - the
> way ahead is clear.
>
> Ian W.
> ----- Original Message -----
> From: "Data Protection Officer" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Wednesday, February 07, 2001 2:20 PM
> Subject: Our Golf proffessional
>
>
> > Carlisle City Council is responsible for the municipal golf course, and
> > employs the services of a golf proffessional. He is not a CCC employee,
> but
> > works part of the time on cotract to us, and the rest of the time he
self
> > employed. He runs golf tournaments on behalf of Carlisle City Council,
> > includes mailings, fee collection, publication of results, league table
> etc.
> > He has this information on a Carlisle City Council PC in the club shop,
> but
> > informs me, he keeps a copy on his PC at home.
> >
> > Is he a data processor? should he be registered in his own right? who
owns
> > the data, whose responsibility is it - if he is the data processor (to
us)
> > and a controller in his own right? is it up to us to stipluate how he
> takes
> > care of our data?????
> >
> > Fiona Campbell
> > IT Team Principal
> > IT Services (Ext. 7258)
> >
> >
> >
> > _____________________________________________________________________
> > This message has been checked for all known viruses by Star Internet
> delivered
> > through the MessageLabs Virus Control Centre. For further information
> visit
> > http://www.star.net.uk/stats.asp
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > all commands go to [log in to unmask] not the list please!
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> _____________________________________________________________________
> This message has been checked for all known viruses by UUNET delivered
> through the MessageLabs Virus Control Centre. For further information
visit
> http://www.uk.uu.net/products/security/virus/
>
> _____________________________________________________________________
> This message has been checked for all known viruses by UUNET delivered
> through the MessageLabs Virus Control Centre. For further information
visit
> http://www.uk.uu.net/products/security/virus/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|