In a message dated 14/11/2002 16:09:42 GMT Standard Time,
[log in to unmask] writes:
> Has anyone come across anything like this scenario:
>
> A data sharing partnership overseen by a management board. Officers are
> nominated in each partner agency to conduct the data sharing and are
> trained accordingly.
> Data is fed into the partnership computer system unfiltered from donating
> agencies' live systems (regular updates are done).
> The partnership computer system is accessed by the nominated officers in
> each agency who can query the system and view donated data directly.
> Each agency has an agreed level of access to the donated system data (ie.
> some agencies are allowed to see all donated systems, others will only have
> access to certain of the donated databases).
>
--------------
I have seen something similar to this but with only a couple of agencies
involved. With the recipient (non-originating) agency having access to the
full database, rather than just details of the data subjects with whom they
have contact, it beats me how either organisation can meet the requirements
of the first, second, third, fifth, sixth and seventh Principles.
Just to be flippant, they should be okay with P4 and P8 provided the
originating organisation checks any data added to the system by the recipient
agency and they do not transfer data overseas or put it on a web site.
Ian B
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information given above does not replace or negate the need
for proper legal advice and/or representation. It is essential that you do
not rely upon any advice given without contacting your solicitor. If you
need further explanation of any points raised please contact Keep I.T. Legal
Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|