----- Original Message -----
From: "Graham Donelan" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, February 27, 2007 5:13 PM
Subject: [data-protection] National Student Survey
> This will be of particular interest to higher education institutions.
>
> On what basis does our release of student contact details to Ipsos-Mori
> to conduct the National Student Survey not breach the Data Protection
> Act?
>
The FAQ's website for the survey says:
"Who has access to students' contact details?
Higher educations institutions have passed contact details for eligible
final year students to Ipsos MORI, the research agency responsible for
carrying out the survey.
Ipsos MORI is a member of the Market Research Society and all details and
responses will be handled in full accordance with data protection
legislation.
Student personal data will be used only for the purposes of the NSS, and
contact details will be destroyed at the end of the survey."
http://www.thestudentsurvey.com/faq.asp#access
Then see "MRS & AURA Market research processes (client) & the Data
Protection Act 1998 January 2004
"1.4 Client Sourced Sample
It should be noted that any breach of the Act that occurs while personal
data is held by a market
research organisation, on the client's behalf, e.g. a list supplied by a
client for sampling purposes,
would result in the client being liable for the breach - unless a contract
has been agreed where
the agency accepts responsibility. In serious cases clients would have to
answer to the
Information Commissioner or the courts. In addition any compensation that
might have to be paid
to a data subject/respondent as a result of a breach of the Act by a
research organisation would
result in the owner of the data (the client) paying the compensation.
Therefore it is essential that
clients check that market research organisations have adequate security
processes to meet
clients' and the Acts needs.
If a client owned file or database of customers is to be used for sampling
purposes, then clients
need to consider the following:
§ The Notification covers market research and that appropriate safeguards
are in place within
the contract to cover security and prevent misuse by third parties (see
Appendix 2 for
Notification procedures).
§ If feedback is required (Categories 2/3/4), then this should be specified.
§ If it is a Category 6 project then the file will need to be screened as
described in the
guidelines.
§ In instances where a client has supplied their own database for sampling
the respondent has
the legal right to know the source of the data if it is requested.
If sub-contractors (e.g. fieldwork agencies, freelance recruiters, data
processors etc) are to be
used then only those contractors who can offer appropriate safeguards (for
security etc) must be
retained. This condition applies to all stages of the market research
process including
interviewing.
§ Market research organisations must offer sufficient assurances that they
have appropriate
technical and organisational measures in place to safeguard the personal
data passed to
them for processing.
§ Any agreement to send data from a client to a market research organisation
must be
evidenced in writing.
§ Clients need to consider how to respond if any respondents drawn from a
client supplied list
query the right to transfer their details to an agency to use for market
research purposes. The
client Notification covering the source must include market research."
http://www.mrs.org.uk/standards/downloads/revised/legal/mrprocesses.pdf
(Note I have given a continuous quote rather than cherry-picked).
Nick Landau
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|