Dear All
I have a problem I'd really appreciate some help with. I'm new to the list
so please be gentle with me!
I am reviewing some Ts&Cs from our offsite archiving company and they have
added a Data Protection clause (new since the previous version of Ts&Cs we
signed up to) which says:
"The parties acknolwedge that the Company may have access to "Personal
Data" .. in providing the Services .. The Customer warrants that the
Personal Data is not Sensitive Personal Data .. and that it has all
necessary consents and authorisations for the Company to process Personal
Data in the manner and for the purposes ... in accordance with the terms of
this Agreement".
I have no doubt we will be archiving personal data and some of that
personal data may well be sensitive. I can't possibly allow my company to
warrant that it isn't. I know that archiving is "processing" under DPA.
But surely companies must be allowed to archive sensitive personal data
without having to obtain consent? Is the archive box even a "relevant
filing system"? Should I ask for a warranty from them that they won't look
in the boxes?!
I'm at a loss at to what to do about it and hope someone out there can give
me some guidance!
Thanks very much
Judith
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
