I agree with Collette. I often come across this from the voluntary
organisations' perspective. These kind of arrangements are increasing;
often funding is available only if services are being provided by a
consortium. It would be helpful if the OIC were to get more involved in
this.
I was recently contacted by a SureStart project which had been told by the
OIC that even if they registered as a separate limited company they would
still be covered by the contributing agencies' Data Protection
notifications. I don't see how this could possibly be the case in view of
the guidance on identifying the Data Controller in the Notification
handbook. It certainly adds to the confusion.
I think we should try to argue the case for partnerships of organisations to
be treated as Data Controllers in their own right, while recognising that if
there is no actual legal entity then enforcement action would, in the end,
have to be taken against individual members of the partnership. This is the
same approach that the OIC takes with unincorporated associations, where the
association is regarded de facto as the Data Controller, even though de jure
the individual trustees are likely to be ultimately responsible.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: Colette Healiss <[log in to unmask]>
To: <[log in to unmask]>
Sent: 20 March 2002 09:31
Subject: Re: Multi-Agency Partnerships
> Hi Ian
>
> Thanks for your reply. I don't think what you are saying is so different
> to what I was suggesting in my previous email .
>
> The thing is I'm not just talking about YoT, I'm trying to think my way
> through to a template for dealing with all the multi-agency partnerships
> including YoT, you know the Surestarts and the Crime and Disorder
> Partnerships etc..
>
> It seems to me that unless there is a serious windchange this is
> increasingly the way local initiatives will be undertaken and I feel it
> would be helpful to have a liitle more structure to the DP side of things
> rather than everyone approaching every new partnership on a case by case
> basis. I think it is reasonable to deduce that these partnerships share a
> number of basic characteristics and that analysis of these could form the
> basis for some kind of standard structure on the DP side. I'm not saying
> its possible just that its worth thinnking about.
>
> From trawling through the available wisdom and guidance there doesn't seem
> to have been much thought given to the DP implications of such things when
> they were initiated. There is guidance on data sharing in particular
> instances, mostly Crime and Disorder arrangements under C&D Act but no
> evidence of any kind of umbrella structure within which to operate.
>
> I would be interested in anyone's thoughts on this matter.
>
> Cheers
> Colette Healiss
> St Helens Council
>
>
>
>
> Ian Welton
> <[log in to unmask] To:
[log in to unmask]
> M> cc:
> Sent by: This list is Subject: Re:
Multi-Agency Partnerships
> for those interested
> in Data Protection
> issues
> <data-protection@JISCM
> AIL.AC.UK>
>
>
> 19/03/2002 23:16
> Please respond to Ian
> Welton
>
>
>
>
>
>
> Colette,
>
> It is simpler to work with if you consider the YOT's as data controllers
> and
> treat the data that is "shared" with them almost as a normal disclosure,
> but
> with documented restrictions which reflect the restrictions upon the data
> in
> its original environment (Not dissimilar to a data processor agreement).
> The YOT's are then fully responsible for that data and abiding by any
> restrictions upon it, much the same as if they had collected it themselves
> and were applying first and second principle issues.
>
> Ian W
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Colette Healiss
> Sent: 19 March 2002 09:36
> To: [log in to unmask]
> Subject: Multi-Agency Partnerships
>
> Dear All (and esp. Ian Buckland re your email today)
>
> I have had some advice that there is guidance on the status of YoTs (Youth
> Offending Teams) on the Youth Justice Board website at:
>
> http://www.youth-justice-board.gov.uk/policy/90722_info_sharing_v0.3.pdf
>
> This makes it pretty clear that YoTs at least should be notifying to OIC.
>
> What I've got a problem with is that the intricacies of the relationships
> involved in each type of partnership makes it enormously involved to work
> out the responosibilities for DP. I just wonder if it would be simpler
for
> all concerned if there was a standard approach to these arrangements. I
> was having a think about it yesterday and the best I could come up with
was
> as follows:
>
> Multi agency partnership registers as a data controller for the purposes
> which are specific to its remit.
> Member agencies of the partnership each contract with the partnership as
> data controllers in common (for the data which each member shares with the
> partnership)
> Member agencies contract with each other as joint data controllers (for
the
> data which they share with each other for partnership purposes)
>
> I'm sure someone will be able to let me know why what I am suggesting is
> patent nonsense. Would be glad of the feedback anyhow.
>
> Cheers
> Colette
> St Helens Council
>
>
***************************************************************************
> Disclaimer: This e-mail and any file transmitted with it are
confidential,
> subject to copyright and intended solely for the use of the individual
> or entity to whom they are addressed. It may contain privileged
> information.
> Any unauthorised review, use, disclosure, distribution or publication is
> prohibited.
> If you have received this e-mail in error please contact the sender by
> reply e-mail and destroy and delete the message and all copies from
> your computer.
>
***************************************************************************
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|