Dear All Can anyone offer me any guidance on the following scenario. My University wants to send alumni data to an external company, initially so they can provide a quote for data cleaning. The data would be encrypted and uploaded to the external company's FTP site and the password would be provided by separate email or by phone. The data includes names, addresses, student IDs, names and addresses of work for some, email addresses, telephone numbers and graduation details for former students. There are approximately 75,000 - 80,000 records that would be transmitted and the company have signed a non-disclosure form. The company does process data off-shore in North America but is a member of the Safe Harbour scheme for ensuring adequate data protection to EU standards and I see from section B8 of the ICO's new Guide to Data Protection that the Commission considers that personal data sent to the US under the scheme is adequately protected. The reason for the data cleanse is that most of the data was collected when students first enrolled and much of it is therefore now out of date. The company uses Raiser's Edge software to automatically update the personal data from the information it holds, for example from the Royal Mail re-direction service. I am told that this company and its software is used by other universities. I have been asked to consider the transmission from a data protection viewpoint and so far my concerns are around the fact that this data cleanse was not anticipated when the University originally collected the personal data and therefore was not notified to students in a privacy notice. Should I be concerned about this? Are there other issues I should be concerned about? Many thanks Ann-Marie Noble Secretariat and Legal Services University of Lincoln Email: [log in to unmask] The information in this e-mail and any attachments may be confidential. If you have received this email in error please notify the sender immediately and remove it from your system. Do not disclose the contents to another person or take copies. Email is not secure and may contain viruses. The University of Lincoln makes every effort to ensure email is sent without viruses, but cannot guarantee this and recommends recipients take appropriate precautions. The University may monitor email traffic data and content in accordance with its policies and English law. Further information can be found at: http://www.lincoln.ac.uk/legal. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^