ABSOLUTELY OUTRAGEOUS stand for a "commissioned" supplier
Simon
ABSOLUTELY OUTRAGEOUS stand for a "commissioned" supplier to take - what
do they think they are going to do with the "redundant" information -
sell it! I sincerely hope not.
They will have been commissioned by the NHS to design a technical system
to hold NHS-owned information, that is it is NHS data NHS is the data
controller of that data set and they stipulate what is done with the
data set including "getting it back" when the contract ends.
I would strongly suggest that NHS obtain their data set in whatever
format (ensuring no copies are left with the supplier) and the NHS
decide after it is secured, the most cost effective way to manage this
data i.e. ongoing access is needed. If the supplier wishes to charge to
"extract" the information that is one route for consideration if that is
not cost effective to the tax payer they must make it accessible for the
Data Controller's IT staff to extract the data themselves.
"proprietary" issues is the system related rights (patents and all on
the technical system) that the company developed NOT on the information
that sits on the system. - not as far as I concerned (otherwise we
definitely would not be outsourcing for solutions we would be developing
everything in house because of the huge risks involved from the
information point of view).
This is just my opinion! - I think this leans more towards lack of "end
of contract" co-operation rather than "its ours" syndrome.
Many thanks
Trish
Trish-louise Bailey (MSc)
Information Governance (IG)
(Information Sharing & Confidentiality, Informtaion Security,
Information Assurance, Data Protection & Privacy, Freedom of
Information, Records & Information Management)
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 09 February 2010 18:02
To: [log in to unmask]
Subject: The right of a data processor to withhold information...
I wonder if I may have the benefit of the considerable experience on
this
forum.
Mentioning no names...
An organization (NHS) has used a system developed initially by a
consultant
(medical) who then set up a business supplying the system and is no
longer a
consultant - this part is fine. The system has been in use for a few
years
with only very basic terms and conditions in force. When renewal of the
licences became due the organization decided not to go ahead on cost
grounds
- a very significant increase was tabled.
On requesting the information held in the database (medical details and
images) to be released so that it could be imported into something else,
the
company concerned refused, and stated that the database is "proprietary"
and
export of the information will cost a significant amount of money.
The information is not critical, but might be needed for case review
purposes.
I wonder what people's views are on:
1. The right to charge for access to the data controller's own data
2. The refusal to allow access to medical information and the issues
that
may bring.
Any views would be most welcome. For what it is worth I feel that there
is
no right to refuse access to the data and at the very least the
proprietary
data should be made available so that in-house developers can get at it.
As
they are a data processor, they have no rights to hold the information
in
any form, beyond that which the controller authorized.
Thanks in advance.
Simon Howarth.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error
please notify the originator of the message.
Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Telford & Wrekin Council.
The content of this email has been automatically checked in
conjunction with the relevant policies of Telford & Wrekin Council.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|