Dear David
Presumably the Association hasn't got a membership department or an IT
Department. It is within the Association that the database should belong and
be stored. But maybe the honsec does all the Association work from the
University. Therefore it is more convenient for him/her to use University IT
kit.
I would say the University has no interest in this database and therefore,
as a data controller, it would be against the Act to collect the data.
However as the data would be stored on University premises and equipment the
Uni would be seen as a data processor. Data processors are not required to
register for the purposes for which they are data processors. It is the Data
Controller's (the Association in my view) responsibility to ensure that Data
Processor comply with the Act. Perhaps through a contract or similar.
Therein lies the problem. My assumption is that the Uni has no interest in
and is not contracted to hold the data. Yet the Uni would be required to
ensure data and system security.
So unless the Association is exempt they should notify the processing and
have an agreement with the University to comply with the Act.
Gil
Gil Richardson
Senior Information Manager
RCGP
email: [log in to unmask]
Website: www.rcgp.org.uk
Tel: 020 7581 3232 ext 231
Fax: 020 7584 1992
This email is confidential. It may not be disclosed to, or used by, anyone
other than the addressee. If you receive this message in error, please
advise the sender immediately.
-----Original Message-----
From: Data Protection Officer [mailto:[log in to unmask]]
Sent: 13 August 2001 11:26 am
To: [log in to unmask]
Subject: Professional Associations - Honorary Officers - Databases -
Whose is what?
Hi,
Background: An academic becomes the honarary secretary of a professional
Association. The academic wants to build up a database of members [including
potential members] of the Association. The database will be
installed/maintained on University equipment as long as the acedemic both
remains the honorary secretary and remains employed at the University -
after that, it will presumably be passed on to the next honorary secretary
or the next University.
Question(s):
1 Who in DP terms owns, and is responsible for, the data base? The
University, the Association, the academic, or both or all of them? My guess
is te Association.
2 Presumably the academic could be considered as the data controller?
Or is he the data processor?
3 Is the University, and the honorary secretary, just the data
processor with the Association as the data controller?
4 Is it the Association that registers the database?
Any advice/comments appreciated.
David.
----------------------------------------
David Fildes
Data Protection Officer
Room 650
Gilbert Scott Building
University of Glasgow
Glasgow
G12 8QQ
tel: (0141) 330 5146/3111
fax: (0141) 330 4920
<http://www.gla.ac.uk/dataprotection/>
----------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This e-mail is confidential. It may not be disclosed to, or used by, anyone other than the addressee. If you receive this message in error, please advise the sender immediately.
This email has been scanned for viruses but we strongly recommend you set up your own antivirus precautions.
College web site http://www.rcgp.org.uk/
JCPTGP web site http://www.jcptgp.org.uk/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|