I don't agree. So I have just asked the ICO and they state that "the Royal
Mail is not a data processor for the transit of information by post".
And yes, I got straight through - which is a first!
Simon.
-----Original Message-----
From: Duncan Smith [mailto:[log in to unmask]]
Sent: 09 March 2006 10:18
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
Simon,
"Putting information in the post does not make the RM a data processor does
it?"
As I read the definition of processing I would see Royal Mail as 'holding'
the physical data.
From DPA Basic Interpretations ... "processing", in relation to information
or data, means obtaining, recording or **holding** the information or data
or carrying out any operation or set of operations on the information or
data.
To place personal data in the hands of a 3rd party, but not have them
(someone) contractually and legally responsible for the security of the
data, would surely render 'great chunks' of the DPA useless.
I think they are a data processor.
Duncan Smith
iCompli Ltd.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth (RGC)
Interim Information Governance Manager
Sent: Thursday, March 09, 2006 9:42 AM
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
Duncan,
>From Doreens post I interpret that they merely sent out the payslips in
>the
post. Putting information in the post does not make the RM a data processor
does it? I would be surprised if it did. I don't think the RM being a data
processor is an issue in this case.
Interesting links though in NINO.
Simon Howarth.
-----Original Message-----
From: Duncan Smith [mailto:[log in to unmask]]
Sent: 09 March 2006 09:31
To: [log in to unmask]
Subject: Re: [data-protection] Missing Payslips
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
The information contained in this correspondence is not intended as legal
advice or counsel, and is not represented as such by the sender. iCompli
Ltd. makes no warranties or statements regarding the legal acceptability of
the information presented in this correspondence. Any actions performed as
a result of this information are of the recipient's own choosing.
-------------------------------------------------------------------
Doreen,
Has similarities with the Citibank/UPS saga in the States, albeit on a
smaller scale!
Although Royal Mail 'lost' the payslips, Scottish Borders Council are the
Data Controller, and you chose to subcontract an element of your data
processing to them as a data processor. Do you have a contract (evidenced
in writing) whereby RM agree to act in accordance with the DPA?? No, we
don't either, but we should according to P7 of the DPA. This is a major
problem when dealing with data processors who are much larger than the data
controller; it is generally their terms and conditions of sale that apply
and NOT you terms and conditions of purchase. Anyone want to take this up
in a new thread?
Is NINO Fraud a problem? Since 2001 the government have been concerned
enough to introduce SNAP (Secure NINO Allocation Process) so 'no smoke
without fire'!
Read this document
http://www.identitycards.gov.uk/library/id_fraud-report.pdf if you need a
'primer' into identity theft. In it you'll find many examples of why
loosing NINOs is a 'bad thing'
E.g.. "Individuals seeking a NINO (who will in almost all cases have arrived
from abroad) may, in particular, be trying to pass one of the hurdles on the
road to employment." Don't let the Daily Mail reporters get hold of this!
See also http://www.dsdni.gov.uk/fraud_sub_committee_fifth_report.pdf
What can you do now?
Can you identify all the NINOs that were mislaid? If so you might consider
advising DWP, or other 'agencies' that use NINOs, about the loss. From my
understanding, these agencies are still not sufficiently 'joined up' to do
much with this information, but it is a proactive step on your part.
Rgds.
Duncan Smith
Director
iCompli Limited Northampton UK
t: 08707 70 48 66 f: 08707 70 48 69 m: 07775 56 81 80
Mailto:[log in to unmask] Web: www.icompli.co.uk
"Compliance in your language"
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Broom, Doreen
Sent: Wednesday, March 08, 2006 12:05 PM
To: [log in to unmask]
Subject: [data-protection] Missing Payslips
All
We have lots of rural schools in Borders. Payslips are sent out via Royal
Mail. Anyway an envelope containing approx. 20 payslips has gone missing.
Royal Mail are looking into it. I have been asked for the Data Protection
issues surrounding this. The individuals are concerned as their NI Number,
Personnel Number - name etc. appear on these slips.
Their money has gone into the Bank but there are no Bank details on
payslips.
I know there are Identity Fraud implications but this is a very rural area
and would be very difficult to get away with this type of thing as everyone
knows everyone. Can anyone think of anything major that would be likely to
happen - really, what kind of advice can I give - especially afetr the horse
has bolted so to speak. We may never retrieve these payslips - are RM
libel?
Any thoughts would be helpful.
Thanks,
Doreen
Doreen Broom
Access to Information Officer
Scottish Borders Council
Tel: 01835 826516
Fax: 01835 825059
********************************************************************
* This email is privileged, confidential and subject to copyright. *
* Any unauthorised use or disclosure of its content is prohibited. *
* The views expressed in this communication may not necessarily *
* be the views held by Scottish Borders Council. *
* Please be aware that any email sent or received by the Council *
* may require to be disclosed by the Council under the provisions *
* of the Freedom of Information (Scotland) Act 2002. *
********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
__________ NOD32 1.1433 (20060307) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
__________ NOD32 1.1433 (20060307) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
