In message <002601c4c2c8$03c66d40$0500a8c0@DAD1>, at 23:42:58 on Thu, 4
Nov 2004, davidwyatt <[log in to unmask]> writes
>But such data will never come into a Data Controllers possession unless they
>intend to take action to make it happen.
This "such data" being one of these infamous CDs of email addresses?
>Company directors of a data controller can stipulate their organisatiions
>policy on such data collection.
>e.g give clear directions to their employees that such data must not be
>collected.
>
>Any collection would therefore be unauthorised by the Data Controller.
I agree that if the marketing department had bought the CD for use as
beermat [1], there's probably no DPA implication. But once they load it
onto the corporate IT systems and start *using* the data; aka
"processing it" and sending out illegal emails, then there is some
corporate culpability.
Perhaps the marketing individual had been on one of the internal
training courses I mention in note 1, at which point there's a
disciplinary offence, or maybe they are acting with the company's full
(but misguided) approval.
As it's Friday, anyone fancy drawing up a matrix of "who goes to jail"
in each combination of circumstances?
[1] Or indeed as a training aid "Look, if any of you buy one of *these*
then we'll get really cross".
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|