JISCMail - DATA-PROTECTION Archives

It depends on who is the Data Controller.

If you are the Data Controller for the bits you process and the SLC is the 
Data Controller for the rest, then the Data Subject has to make two 
requests.

If you and the SLC are joint Data Controllers for the whole data set, then 
the Data Subject can make a SAR to either, and would get access to all the 
data regardless of which organisation actually enters or uses it.

If you and the SLC are Data Controllers in common for all or part of the 
data set, I haven't the foggiest, as I have never understood the difference 
between being joint Data Controllers and Data Controllers in common.

If you are a Data Processor for the SLC then the Data Subject cannot make 
the SAR to you, but only to the SLC.


Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB

I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.


----- Original Message ----- 
From: "Brenda Scourfield" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, January 12, 2006 11:22 AM
Subject: Shared data and SARs


> We have had a SAR and data has been found in a system that is 'owned' by
> the Student Loan company, but we also access and update it.  This is a
> summary of the situation.
>
> 'Processing of student support applications are undertaken via a system
> introduced by the Student loan Company called PROTOCOL
>
> The system is accessed on line and "belongs" to the SLC
>
> The mutual data protection agreement states that when the LA ( local
> Authority) are processing the data we are the data controller but when the
> SLC are processing the data they are the controller - we both deal with
> different parts of the assessment but at the end of the day the assessment
> is one application.'
>
> Do we supply copies of the part that we access and process and tell the
> data subject to make a SAR to PROTOCOL for the rest of the data ?
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>       All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask]
>            All user commands can be found at : -
>        http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list 
> owner
>              [log in to unmask]
>  (all commands go to [log in to unmask] not the list please)
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^