If the sharing is a one-off, then I'd have thought no. If it's ongoing - i.e., A will supply B with updates to the data - then the necessity arises because A has a responsibility to ensure that the next batch of data will be processed properly, and the only way to do that (arguably) is by audit.
Ben
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 18 April 2018 13:08
To: [log in to unmask]
Subject: [data-protection] Auditing another controller
A is a controller for personal data. A agrees to share data with B for B's stated purposes. B becomes sole controller for the data he receives. Assume a fully valid legal basis, all fair and above board, and B has given appropriate assurances about use, security and retention.
To what extent, if any, having shared the data, is A justified in auditing B's use of the data (e.g. to satisfy himself there has been no function creep, security is in place and being maintained etc.) ? In general I have no objection, if the parties agree to that, but if such activities actually involved access to the data, for which B is now sole data controller where is the necessity? B is subject to the regulatory might of ICO and if the sharing was justified in the first place A faces no risk from any misfeasance by B.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
*******************************************************************************************************************************
This email has been received from an external party and has been swept for the presence of computer viruses.
*******************************************************************************************************************************
**********************************************************************
This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return.
Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government.
Tha am post-d seo (agus faidhle neo ceanglan còmhla ris) dhan neach neo luchd-ainmichte a-mhàin. Chan eil e ceadaichte a chleachdadh ann an dòigh sam bith, a’ toirt a-steach còraichean, foillseachadh neo sgaoileadh, gun chead. Ma ’s e is gun d’fhuair sibh seo gun fhiosd’, bu choir cur às dhan phost-d agus lethbhreac sam bith air an t-siostam agaibh agus fios a leigeil chun neach a sgaoil am post-d gun dàil.
Dh’fhaodadh gum bi teachdaireachd sam bith bho Riaghaltas na h-Alba air a chlàradh neo air a sgrùdadh airson dearbhadh gu bheil an siostam ag obair gu h-èifeachdach neo airson adhbhar laghail eile. Dh’fhaodadh nach eil beachdan anns a’ phost-d seo co-ionann ri beachdan Riaghaltas na h-Alba.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|