The deeper you get, the darker it gets!
The bit about purposes I agree with, but my concern stemmed from a
review of the security of the transmission of personal data. 'A'
contracts with 'B' to manage personal data. 'B' is a big company, and
is not going to be told by 'A' how to run it's business and therefore
makes decisions about its network security and how data is shipped
around. Because it makes those decisions it is a data controller,
because it's a data controller it is not obliged to act in accordance
with the wishes of the Data Protection Act 1998 as dictated by 'A' (data
processor and all that). So what is the point of having that bit in the
Act about data processors and written contracts? It has to be for every
body, or nobody. 'A's relationship with 'B' should be as tightly bound
as if it were a data controller - data processor relationship - surely?
Dog's breakfast again!
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: Friday, February 15, 2002 7:51 PM
To: [log in to unmask]
Subject: Re: Don't use data processors!
I spent some time pondering this one too.
The conclusion I came to was that if data controller 'A' was aware that
information they were legitimately supplying to data controller 'B' was
either being used by 'B' outside of the purpose it was provided, or for
a purpose which did not match the purpose(s) the data subject had been
advised of, then 'A' could not continue to disclose the data, without a
breach of principle occuring, unless some schedule 2 or 3 criteria could
be legitimately applied.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Duncan Smith
> Sent: 15 February 2002 15:55
> To: [log in to unmask]
> Subject: Don't use data processors!
>
>
> Is this just plain madness, or what?
>
> If, as a data controller, I ask someone to process personal data on my
> behalf, there appears to be three options for the relationship. The
> other party is either a data processor, a joint data controller, or a
> data controller in common.
>
> My reading of Data Protection Act 1998 indicates that only in the
> first situation, where the other party acts as a data processor, is
> there any
> 'protection' for the data subject. In this situation, the
> [first] data
> controller has an obligation under principle 7 to ensure that further
> down the line any data will be handled in accordance with the Act. If
> however the data is passed to another data controller, then the first
> data controller has NO obligation to ensure the safe processing of the
> data once outside their hands.
>
> Would there be joint & several liability in this instance, or could
> the first data controller simply pass all the blame onto data
> controllers 'down the line'?
>
>
> Duncan S Smith
> Principal Consultant
>
> e-mail: [log in to unmask]
> gsm: +44 (0)777 556 8180
>
> Company Profiles
> "The process of Improvement"
> ----------------------------------------------------------------
> The information transmitted is intended only for the person or entity
> to which it is addressed and may contain confidential and/or
> privileged material. Any review, retransmission, dissemination or
> other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you
> received this in error, please contact the sender and delete the
> material from any computer.
>
> This footnote confirms that this email message has been swept by
> Norton Antivirus software for the presence of computer viruses.
>
> Company Profiles Huntingdon UK +44(0)1480 461671
> -----------------------------------------------------------------
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|