A bit heavy for the end of the week I know, but someone has to do this
stuff! ...
An HE body (call them X) has a high profile course that it offers
successfully to many students. The overheads in managing all the
administration are however such that it forms an 'alliance' with another
training organisation (call them Y) to manage all of the student
enrolment process and a significant distance learning element. The
course is strongly branded under X's brand, whilst Y beavers away
quietly underneath.
The body managing the enrolment and distance learning processes, 'Y',
has all the processing responsibility to make them a data controller.
There are therefore two data controllers, X and Y, acting in common.
Information passes freely between X and Y, mostly for the right reasons,
but eventually Y decides to use the data for some extra curricula
marketing that gets right up the nose of student Z.
Z is successful in demonstrating a breach of the Act (unfair processing
breach of 1 and 2 ) and claims compensation from X (not Y) because he
knows nothing of the machinations that made his course progress so
smoothly!
As this is not a data controller/data processor arrangement, does Z
carry any liability?
Regards,
Duncan S Smith
Principal Consultant
Mailto:[log in to unmask]
M: +44 (0)777 556 8180
T: +44 (0)1480 461 671
CoProfiles
"The Process of Improvement"
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
The information contained in this correspondence is not intended as
legal advice or counsel, and is not represented as such by the sender.
Company Profiles makes no warranties or statements regarding the legal
acceptability of the information presented in this correspondence. Any
actions performed as a result of this information are of the recipient's
own choosing.
CoProfiles Huntingdon UK
-----------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|