Judith,
Storing data does count as processing; it might not be personal data in the
form it is stored, but let's assume that it is. In this case, surely it's
still your data, which makes them a Data Processor, and therefore your
compliance or not with the Principles is none of their business. The Data
Protection clause in the contract should be about their security
precautions, and their agreement that you can, indeed, satisfy yourself that
they won't look in the boxes (or provide an opportunity for their staff to
look in the boxes out of curiosity or malice).
For the actual wording of the Act see Schedule 1, part 2, paras 11 & 12 -
well hidden, and not where you would expect to find it.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Judith Oak" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, September 17, 2003 10:52 AM
Subject: Archiving Personal Data
> Dear All
>
> I have a problem I'd really appreciate some help with. I'm new to the
list
> so please be gentle with me!
>
> I am reviewing some Ts&Cs from our offsite archiving company and they have
> added a Data Protection clause (new since the previous version of Ts&Cs we
> signed up to) which says:
>
> "The parties acknolwedge that the Company may have access to "Personal
> Data" .. in providing the Services .. The Customer warrants that the
> Personal Data is not Sensitive Personal Data .. and that it has all
> necessary consents and authorisations for the Company to process Personal
> Data in the manner and for the purposes ... in accordance with the terms
of
> this Agreement".
>
> I have no doubt we will be archiving personal data and some of that
> personal data may well be sensitive. I can't possibly allow my company to
> warrant that it isn't. I know that archiving is "processing" under DPA.
> But surely companies must be allowed to archive sensitive personal data
> without having to obtain consent? Is the archive box even a "relevant
> filing system"? Should I ask for a warranty from them that they won't
look
> in the boxes?!
>
> I'm at a loss at to what to do about it and hope someone out there can
give
> me some guidance!
>
> Thanks very much
> Judith
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|