I think this depends on whether you and the organisations you share with are
joint Data Controllers.
If you are, then a SAR to one is an SAR to all, and as long as someone deals
with it, that's fine. Your agreement should obviously clarify who actually
deals with it, to avoid gaps or duplication.
It's different if you are just the recipient of data disclosed to you by a
separate Data Controller. In that case, you are responsible for the data
you hold, and the only involvement of the other organisation would be as a
third party - the source of the data - whose consent you may (or may not)
require before disclosing.
Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: "Michelle Peel" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, June 27, 2011 3:31 PM
Subject: Data Subject Access Request for shared data
Hi,
I know it's only Monday and not Friday, but it's very hot and my brain is
fried!!!
I'm checking over a template Data Sharing Agreement and amking sure it's got
everything in that the ICO Code of Practice recommends, and am trying to get
my head round what happens in the case of a Data Subject Access Request to
an organisation which holds data which has been shared with them by the
original data controller!
The guidance states that "one staff member or organisation takes overall
responsibility for ensuring that the individual can gain access to all the
shared data easily". With the ContactPoint project, the Local Authority was
joint data controller with HM Government, and any data subject access
requests relating to ContactPoint were to be directed to the LA - is this
how the ICO intends any requests concerning shared data to be dealt with?
I'm doubting myself because if that were the case, surely the guidance would
state that all DSARs should be dealt with by the originating
organisation/original data controller?!
Any help would be gratefully appreciated by my addled brain!
Thanks,
Michelle Peel
CYPS Information Governance Officer
Trafford Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|