Hi Chris
I can take a look and let the list know, it was a few years ago between a council and a resident who was blind. The council changed its security policy - post 2008 - and started sending letters only.
The resident used to receive correspondence by email and used browse-aloud type software to verbalise the content. She took them to Court and won on the grounds that she accepted the risk of transport but the council's refusal resulted in them breaching the resident's Human Rights as she was having to get a neighbour to read it which infringed on her right to a private life.
In a nutshell, she owns her own data and understood the risk associated with method of transfer (unsecure) and still requested / accepted the risk, which under the law is her right, the alternative 'forced' method was an unnecessary intrusion on her right to a private life. The resident won her case. It's the only case of its kind I have come across, it was such an unusual case I have never forgotten it.
The court ruled that provided you inform the customer of the risks, that you have clearly documented this as part of your risk assessment and you have evidence that the customer clearly understands the implications and consents / accepts responsibility, then as DC you have demonstrated a duty of care in relation to your obligations under the law(s) - therefore compliant.
It's not exactly the same as you put it "absolving from P7" cause actually you as DC are not doing provided you can evidence something similar to the above. I have done this in the past as a result of this case law.
Hope this helps. However, if anyone on the list is aware of any case law that has resulted in the opposite to this - happy to be corrected.
Sent on the move .....
Regards
Trish-louise Bailey (MSc)
Information Governance & Security Specialist
07545 445799
[log in to unmask]
On 5 Mar 2015, at 21:52, Chris Spray <[log in to unmask]> wrote:
Hi, can you cite the case law? I tend to assume that a DC can't absolve
itself from responsibility under Principle 7 just because a DS says "don't
send me xxx securely", but if that's wrong then great!
Kind regards
Chris
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Trish-louise Bailey
Sent: 05 March 2015 18:47
To: [log in to unmask]
Subject: Re: [data-protection] Friday comes early ...
So long as you explain the issues with certain delivery methods to the DS
and outline the risks associated with these, the DS takes the
responsibility, which removes it from the DC. There is case law on this.
Sent on the move .....
Regards
Trish-louise Bailey (MSc)
Information Governance & Security Specialist
07545 445799
[log in to unmask]
On 5 Mar 2015, at 10:22, Michael Bacon - Grimbaldus
<[log in to unmask]> wrote:
Following the Q on original ID, what would your course of action be if a DS
insisted on dealing electronically : SAR sent by email with scanned ID
attached, payment offered online (if fee taken), and data to be supplied
electronically either by (say) email, Cloud storage (e.g. Dropbox,
G00gleDrive, either joint, DS's or DC's), or by (S)FTP to the DS's own
repository?
Has anyone considered using G00gleDrive as a means of delivery? Would
anyone?
Regards - Michael Bacon
Grimbaldus Limited
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can
be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5751 / Virus Database: 4299/9234 - Release Date: 03/05/15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|