We have had a SAR and data has been found in a system that is 'owned' by
the Student Loan company, but we also access and update it. This is a
summary of the situation.
'Processing of student support applications are undertaken via a system
introduced by the Student loan Company called PROTOCOL
The system is accessed on line and "belongs" to the SLC
The mutual data protection agreement states that when the LA ( local
Authority) are processing the data we are the data controller but when the
SLC are processing the data they are the controller - we both deal with
different parts of the assessment but at the end of the day the assessment
is one application.'
Do we supply copies of the part that we access and process and tell the
data subject to make a SAR to PROTOCOL for the rest of the data ?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|