Is this just plain madness, or what?
If, as a data controller, I ask someone to process personal data on my
behalf, there appears to be three options for the relationship. The
other party is either a data processor, a joint data controller, or a
data controller in common.
My reading of Data Protection Act 1998 indicates that only in the first
situation, where the other party acts as a data processor, is there any
'protection' for the data subject. In this situation, the [first] data
controller has an obligation under principle 7 to ensure that further
down the line any data will be handled in accordance with the Act. If
however the data is passed to another data controller, then the first
data controller has NO obligation to ensure the safe processing of the
data once outside their hands.
Would there be joint & several liability in this instance, or could the
first data controller simply pass all the blame onto data controllers
'down the line'?
Duncan S Smith
Principal Consultant
e-mail: [log in to unmask]
gsm: +44 (0)777 556 8180
Company Profiles
"The process of Improvement"
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
This footnote confirms that this email message has been swept by Norton
Antivirus software for the presence of computer viruses.
Company Profiles Huntingdon UK +44(0)1480 461671
-----------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|