The parties to a data sharing protocol are - as Ian says - bound to be Data
Controllers in their own right, and almost bound to have to Register, though
it's possible to come up with a hypothetical situation in which one or more
might be exempt.
In addition, though, you have to work out which of the following applies:
* The data sharing agreement is just that, with each Data Controller
making disclosures to others as and when required.
* The data sharing involves some pooling of data - a common set of
core data, for example - which might make all the partners joint Data
Controllers of the pooled data, and jointly liable for compliance. The
organisation hosting the pooled data might then be a Data Processor as well.
(Two or more organisations can also be Data Controllers in common, but
someone else will have to explain what that means.)
* The data sharing arrangement is run on behalf of the partners by
some central organisation which has enough of an independent existence to
make it a Data Controller in its own right.
That's how I understand the theory, anyway. Other people may be able to
give more useful practical examples.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 26, 2005 9:14 AM
Subject: Re: Data Sharing Protocols
> 1) Yes, all parties to a data sharing protocol must be registered data
> controllers and you should make that a condition of membership. The
signing-up form
> should require the parties to state their notification number.
Incidentally,
> data processors have no legal obligations under the DPA.
>
> 2) Except in cases involving children at risk and maybe some vulnerable
> adults, I would suggest that the basis of the data sharing should be
consent. How
> that consent is obtained and at what stage is something you should
establish
> prior to the partnership operating. As the data is likely to be classed
as
> sensitive personal data, I would think the consent should be in writing.
>
> Ian B
>
>
> Ian Buckland
> Managing Director
> Keep IT Legal Ltd
>
> Please Note: The information given above does not replace or negate the
need
> for proper legal advice and/or representation. It is essential that you do
not
> rely upon any advice given without contacting your solicitor. If you need
> further explanation of any points raised please contact Keep I.T. Legal
Ltd at
> the address below:
>
> 55 Curbar Curve
> Inkersall, Chesterfield
> Derbyshire S43 3HP
> (Reg 3822335)
> Tel: 01246 473999
> Fax: 01246 470742
> E-mail: [log in to unmask]
> Website: www.keepitlegal.co.uk
>
> -----
> In a message dated 25/01/05 08:29:29 GMT Standard Time,
> [log in to unmask] writes:
>
>
> > 1> Do all Data sharing parties need to be registered as independant Data
> > Controllers or do we just register the interests as DP processors with
> > the IC?
> >
> > 2> I understand te fair-processing code needs to reflect data-sharing
> > activity - however can we use the Health & SS exemptions to process /
> > share information?
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|