I would say that information as soon as it is proved to have been illegally
collected should be removed. Regardless of whether it has been used in good
faith, it has been found to breach the DPA and so action should be taken.
The question I would ask if I was investigating this is what procedures do
you (did you) have in place to check the legality of information collected?
Good faith is all very well, but if at least basic checks have not been
performed on the origins of the data, then you are leaving yourself open to
an accusation of a lack of due diligence. At least deleting the data
immediately the error is discovered, shows a level of
understanding/responsibility.
If you have a contract for the supply of data then it should consider
actions to be taken if data passed across is not legal.
I would be interested to know who are the data controllers/processors in
this scenario.
Regards.
Simon Howarth.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Donald Henderson
Sent: 02 July 2004 09:06
To: [log in to unmask]
Subject: [data-protection] Information received in breach of the Act
Anyone got any thoughts about an organisation's position regarding
information which was received by it where the person passing the
information on was themselves in breach of the Act in doing so ? The
information received was neither life-critical nor related to prevention /
detection of a crime.
The information received was (and continues to be) useful to us, but we have
now (some time after the event) been informed that the Act was breached in
passing the information to us. How do we stand in relation to the
information ? I'm struggling to see if S55(2) will apply in this
instance.....
Thanks
Donald Henderson
Information Security Manager
Perth & Kinross Council
The information in this email is confidential and is meant solely for the
intended recipients. The information contained in this email may not be the
views of Perth & Kinross Council. It is possible for email to be falsified
and the sender cannot be held responsible for the integrity of the
information contained in it.
If you have received this email in error, any disclosure, copying, or
distribution of the information contained in it is strictly prohibited.
If you are not the intended recipient, please advise the sender immediately
and delete this email.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|