Dear All I have a problem I'd really appreciate some help with. I'm new to the list so please be gentle with me! I am reviewing some Ts&Cs from our offsite archiving company and they have added a Data Protection clause (new since the previous version of Ts&Cs we signed up to) which says: "The parties acknolwedge that the Company may have access to "Personal Data" .. in providing the Services .. The Customer warrants that the Personal Data is not Sensitive Personal Data .. and that it has all necessary consents and authorisations for the Company to process Personal Data in the manner and for the purposes ... in accordance with the terms of this Agreement". I have no doubt we will be archiving personal data and some of that personal data may well be sensitive. I can't possibly allow my company to warrant that it isn't. I know that archiving is "processing" under DPA. But surely companies must be allowed to archive sensitive personal data without having to obtain consent? Is the archive box even a "relevant filing system"? Should I ask for a warranty from them that they won't look in the boxes?! I'm at a loss at to what to do about it and hope someone out there can give me some guidance! Thanks very much Judith ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^