Alasdair
I have to disagree the Act doesn't say that. - Legal person can be an
individual or an organisation. I was analysing from a legal interpretation
in the Act only. Act states data controller is a person (any legal person).
In the drafting of the legislation those 'processing' personal data are
always 'data controllers' unless they are
a) not a 'legal person'(what are these?) or
b) a processor for a data controller.
As a legal person any individual can be a data controller if processing any
personal data. This is why exemptions such as processing for 'domestic
purposes' are required. Exemptions can only apply to those subject to the
Act.
David Wyatt
> -----Original Message-----
> From: Alasdair Warwood [mailto:[log in to unmask]]
> Sent: 26 March 2002 17:01
> To: Dave Wyatt
> Subject: Re: Re: Note to all connected with YOT
>
>
> Sorry David - wrong; The data controller is the organisation not
> the man! So
> you can sleep more easily.
>
> Alasdair
>
> ----- Original Message -----
> From: "Dave Wyatt" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Tuesday, March 26, 2002 9:33 AM
> Subject: Re: Note to all connected with YOT
>
>
> > As Ian points out. Few absolutes in DPA interpretation.
> >
> > Here lies the nub of many DPA challenges.
> >
> > Data controller - Person who controls both the manner and purpose of
> > processing. Person=Legal person. Control = empowerment to direct
> > processing. e.g. Delete data, Collect data and many claim this.
> >
> > Leaves the admin officer stuck with trying to get someone to
> confirm they
> > are in control or have sufficient empowerment to tell them they are in
> > control. Not the easiest of tasks.
> >
> > David
> >
> > > -----Original Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]]On Behalf Of [log in to unmask]
> > > Sent: 26 March 2002 07:37
> > > To: [log in to unmask]
> > > Subject: Re: Note to all connected with YOT
> > >
> > >
> > > In a message dated 25/03/2002 11:13:05 GMT Standard Time,
> > > [log in to unmask] writes:
> > >
> > > << I immediately spoke to Compliance on behalf of YOT manager
> asking for
> > > confirmation of my understanding that YOT were a partnership of Data
> > > Controllers each of whom should include YOT processing in their
> > > individual
> > > notifications.
> > >
> > > Compliance confirmed that YJB guidance on this issue was wrong &
> > > completely
> > > missed the point. YOT are not legal entities and do not need
> to notify
> in
> > > their own right. >>
> > > ----------
> > > Take care with this advice because as always, the OIC will cover
> > > themselves
> > > by saying "it depends" and in this case that definitely applies.
> > >
> > > Some YOTS operate outside the control of any and all of the
> > > individual data
> > > controller organisations and have complete control over the data they
> hold
> > > and process. In a few cases they have access to full systems (Social
> > > Services, Police, etc) and not just the young offenders data.
> > > This could be
> > > irrelevant and/or excessive data.
> > >
> > > The groups sometimes operate with autonomy and even though not a
> separate
> > > legal entity, they can still be a person under the Act and
> can still be
> a
> > > data controller. If the organisations control the activities of
> > > their reps
> > > on the group and the group always acts in full agreement with ALL the
> > > partners, then there should be no problem as they will all be
> > > jointly liable
> > > if something goes wrong.
> > >
> > > Where this is not the case - in other words the organisations
> > > have set up an
> > > independent group with complete control over their own actions -
> > > the YOT may
> > > well be a separate data controller.
> > >
> > > In either case, remember the second principle - the YOT data
> > > cannot be used
> > > for any other purpose by any of the partners. Remember also the
> > > majority of
> > > the data is sensitive and so Schedule 3 will be relevant.
> > >
> > >
> > > Ian Buckland
> > > MD
> > > Keep IT Legal Ltd
> > >
> > > Please Note: The information contained in this document does not
> > > replace or
> > > negate the need for proper legal advice and/or representation. It is
> > > essential that you do not rely upon any advice given without
> > > contacting your
> > > solicitor. If you need further explanation of any points
> raised please
> > > contact Keep I.T. Legal Ltd at the address below:
> > >
> > > 55 Curbar Curve
> > > Inkersall, Chesterfield
> > > Derbyshire S43 3HP
> > > (Reg 3822335)
> > > Tel: 01246 473999
> > > Fax: 01246 470742
> > > E-mail: [log in to unmask]
> > > Website: www.keepitlegal.co.uk
> > >
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > All archives of messages are stored permanently and are
> > > available to the world wide web community at large at
> > > http://www.jiscmail.ac.uk/lists/data-protection.html
> > > If you wish to leave this list please send the command
> > > leave data-protection to [log in to unmask]
> > > All user commands can be found at : -
> > > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > > (all commands go to [log in to unmask] not the list please)
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|