>Does anybody really have a relationship with a third party that makes
>NONE of their decisions about how data are, or are to processed. If
>there are, as data controller you must spend a lot of time in their IT&S
>meetings.
>
Hi all,
Surely this is only true if you view data processing & security as an ICT
issue? Anyway, doesn't the data controller decide the what & why of the
processing and the data processor may or may not decide the how?
The contracting out of services within local government (and presumably NHS
and other public bodies) means that we're often passing on personal data
about citizens to private or voluntary organisations providing the actual
service.
So we only want these other organisations to process our citizens' personal
data for the purpose of providing the contracted service. For this we need
a water-tight contract because as data controller we would carry the can if
the service provider / data processor breached DP principles or used the
data for a purpose other than specified by us.
Kirsty E Gray
Information Rights Officer
Gateshead Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|