Any statutory requirement involved?
Ben Heathcote
Information Security Officer (Compliance)
Information Security & Governance Team
IT Service
Newcastle University
NE1 7RU
Telephone: 0191 208 6950
Email: [log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 18 April 2018 13:08
To: [log in to unmask]
Subject: [data-protection] Auditing another controller
A is a controller for personal data. A agrees to share data with B for B's stated purposes. B becomes sole controller for the data he receives. Assume a fully valid legal basis, all fair and above board, and B has given appropriate assurances about use, security and retention.
To what extent, if any, having shared the data, is A justified in auditing B's use of the data (e.g. to satisfy himself there has been no function creep, security is in place and being maintained etc.) ? In general I have no objection, if the parties agree to that, but if such activities actually involved access to the data, for which B is now sole data controller where is the necessity? B is subject to the regulatory might of ICO and if the sharing was justified in the first place A faces no risk from any misfeasance by B.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|