Samantha Are they actually 'third parties' in the legal sense of the term? If they are not, and instead are partners in the project you can share the information with them for the purpose of running the project itself. If they really are third parties, you can explain this in the data protection statement (fair processing notice) at the point of collection whether it be email or app form (e.g. we are collecting your data for the purpose(s) of....., we will also pass your data to X,Y,Z for the sole purposes of auditing and monitoring the project). You don't need consent in the same way as if you are disclosing to third parties for their marketing purposes. Hope this helps Paula -----Original Message----- From: Samantha Yalden [mailto:[log in to unmask]] Sent: 08 January 2004 11:32 To: [log in to unmask] Subject: Data Sharing Dear All I am new to the Data Protection Act and have recently been asked to advise our Careers Department on an issue with releasing clients' data to outside third parties. The parties are funding bodies and require the data for auditing and monitoring purposes. From my limited knowledge of the Act I know that the data subject must give their consent to the data sharing. For those that physically come into the department this will be done by a Data Protection statement on the registration form which they sign stating that they give their permission for the data to be shared with project partners. The difficulty comes with those clients where contact is exclusively by email. Is it enough for the University to have a statement on its correspondence notifying the client that their information will be shared, or should we seek to get the client's explicit written consent? thank you for your help Samantha Yalden Arrowsmith Administrative Officer Office of the University Secretary Tel 01484 472361 Fax 01484 430330 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This email and any files transmitted with it are confidential and intended solely for the use of the addressee. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately and delete the message from your system. The Energy Saving Trust cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network. If you suspect that the message may have been intercepted or amended please contact the sender. Any opinions expressed in this message are those of the sender and may not be binding on the Energy Saving Trust. Incoming and outgoing e-mail messages are routinely monitored for compliance with the Energy Saving Trust's policy on the acceptable use of electronic communications. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^