Except there is a reported percentage of mail that doesn't make it to
the intended recipient. That should inform your risk assessment....
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Antoinette Carter
Sent: 09 March 2006 11:48
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
But the Royal Mail operates under it's own specific legislation - to
intercept or tamper with mail that is not addressed to you is a criminal
offence, so I would argue that the ordinary mail is sufficiently secure.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Iain Harrison
Sent: 09 March 2006 11:08
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
I wonder how TICO would handle a complaint from an aggrieved employee
concerning the loss of their personal data? Would they apportion blame
to the data controller for not taking appropriate technical and
organisational measures etc? If so.......?
Iain Harrison
Information Management Consultant
Information Management & Contracts
Leicester City Council
0116 252 7606
>>> Duncan Smith <[log in to unmask]> 03/09/06 10:58 am >>>
Mmm,
So on that basis, would any agency or courier I use to physically
transfer personal data from point A to point B, be exempt from the 7th
principle requirements, or is it just Royal Mail?
If it is just the Royal Mail - why do they have special privileges, and
if not, how is the 'chain of trust' maintained in the processing of
personal data when the responsibility for its security is passed to a
3rd party.
Duncan Smith
iCompli Ltd.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth (RGC)
Interim Information Governance Manager
Sent: Thursday, March 09, 2006 10:29 AM
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
I don't agree. So I have just asked the ICO and they state that "the
Royal Mail is not a data processor for the transit of information by
post".
And yes, I got straight through - which is a first!
Simon.
-----Original Message-----
From: Duncan Smith [mailto:[log in to unmask]]
Sent: 09 March 2006 10:18
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
Simon,
"Putting information in the post does not make the RM a data processor
does it?"
As I read the definition of processing I would see Royal Mail as
'holding' the physical data.
>From DPA Basic Interpretations ... "processing", in relation to
>information
or data, means obtaining, recording or **holding** the information or
data or carrying out any operation or set of operations on the
information or data.
To place personal data in the hands of a 3rd party, but not have them
(someone) contractually and legally responsible for the security of the
data, would surely render 'great chunks' of the DPA useless.
I think they are a data processor.
Duncan Smith
iCompli Ltd.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth (RGC)
Interim Information Governance Manager
Sent: Thursday, March 09, 2006 9:42 AM
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
Duncan,
>From Doreens post I interpret that they merely sent out the payslips in
>the
post. Putting information in the post does not make the RM a data
processor does it? I would be surprised if it did. I don't think the RM
being a data processor is an issue in this case.
Interesting links though in NINO.
Simon Howarth.
-----Original Message-----
From: Duncan Smith [mailto:[log in to unmask]]
Sent: 09 March 2006 09:31
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer. The information contained in this
correspondence is not intended as legal advice or counsel, and is not
represented as such by the sender. iCompli Ltd. makes no warranties or
statements regarding the legal acceptability of the information
presented in this correspondence. Any actions performed as a result of
this information are of the recipient's own choosing.
-------------------------------------------------------------------
Doreen,
Has similarities with the Citibank/UPS saga in the States, albeit on a
smaller scale!
Although Royal Mail 'lost' the payslips, Scottish Borders Council are
the Data Controller, and you chose to subcontract an element of your
data processing to them as a data processor. Do you have a contract
(evidenced in writing) whereby RM agree to act in accordance with the
DPA?? No, we don't either, but we should according to P7 of the DPA.
This is a major problem when dealing with data processors who are much
larger than the data controller; it is generally their terms and
conditions of sale that apply and NOT you terms and conditions of
purchase. Anyone want to take this up in a new thread?
Is NINO Fraud a problem? Since 2001 the government have been concerned
enough to introduce SNAP (Secure NINO Allocation Process) so 'no smoke
without fire'!
Read this document
http://www.identitycards.gov.uk/library/id_fraud-report.pdf if you need
a 'primer' into identity theft. In it you'll find many examples of why
loosing NINOs is a 'bad thing'
E.g.. "Individuals seeking a NINO (who will in almost all cases have
arrived from abroad) may, in particular, be trying to pass one of the
hurdles on the road to employment." Don't let the Daily Mail reporters
get hold of this!
See also http://www.dsdni.gov.uk/fraud_sub_committee_fifth_report.pdf
What can you do now?
Can you identify all the NINOs that were mislaid? If so you might
consider advising DWP, or other 'agencies' that use NINOs, about the
loss. From my understanding, these agencies are still not sufficiently
'joined up' to do much with this information, but it is a proactive step
on your part.
Rgds.
Duncan Smith
Director
iCompli Limited Northampton UK
t: 08707 70 48 66 f: 08707 70 48 69 m: 07775 56 81 80
Mailto:[log in to unmask] Web: www.icompli.co.uk
"Compliance in your language"
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Broom, Doreen
Sent: Wednesday, March 08, 2006 12:05 PM
To: [log in to unmask]
Subject: [data-protection] Missing Payslips
All
We have lots of rural schools in Borders. Payslips are sent out via
Royal Mail. Anyway an envelope containing approx. 20 payslips has gone
missing. Royal Mail are looking into it. I have been asked for the Data
Protection issues surrounding this. The individuals are concerned as
their NI Number, Personnel Number - name etc. appear on these slips.
Their money has gone into the Bank but there are no Bank details on
payslips.
I know there are Identity Fraud implications but this is a very rural
area and would be very difficult to get away with this type of thing as
everyone knows everyone. Can anyone think of anything major that would
be likely to happen - really, what kind of advice can I give -
especially afetr the horse has bolted so to speak. We may never
retrieve these payslips - are RM libel?
Any thoughts would be helpful.
Thanks,
Doreen
Doreen Broom
Access to Information Officer
Scottish Borders Council
Tel: 01835 826516
Fax: 01835 825059
********************************************************************
* This email is privileged, confidential and subject to copyright. *
* Any unauthorised use or disclosure of its content is prohibited. *
* The views expressed in this communication may not necessarily *
* be the views held by Scottish Borders Council. *
* Please be aware that any email sent or received by the Council *
* may require to be disclosed by the Council under the provisions *
* of the Freedom of Information (Scotland) Act 2002. *
********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
__________ NOD32 1.1433 (20060307) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
__________ NOD32 1.1433 (20060307) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage
caused by software viruses and you are advised to carry out a virus
check on any attachments contained in this message. Our purpose is to
build mutually beneficial relationships between people in the UK and
other countries and to increase appreciation of the UK's creative ideas
and achievements. The British Council is registered in England as a
charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The information in this email is solely for the intended recipients.
If you are not an intended recipient, you must not disclose, copy, or
distribute its contents or use them in any way: please advise the
sender immediately and delete this email.
Perth & Kinross Council does not warrant that this email or any
attachments are virus-free and does not accept any liability for any
loss or damage resulting from any virus infection. Perth & Kinross
Council may monitor or examine any emails received by its email
system.
The information contained in this email may not be the views of Perth
& Kinross Council. It is possible for email to be falsified and the
sender cannot be held responsible for the integrity of the
information
contained in it.
Requests to Perth & Kinross Council under the Freedom of Information
(Scotland) Act should be directed to the Freedom of Information Team -
email: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|