JISCMail - DATA-PROTECTION Archives

Dear All

Can anyone offer me any guidance on the following scenario.

My University wants to send alumni data to an external company,
initially so they can provide a quote for data cleaning.  The data would
be encrypted and uploaded to the external company's FTP site and the
password would be provided by separate email or by phone.  The data
includes names, addresses, student IDs, names and addresses of work for
some, email addresses, telephone numbers and graduation details for
former students.  There are approximately 75,000 - 80,000 records that
would be transmitted and the company have signed a non-disclosure form.
The company does process data off-shore in North America but is a member
of the Safe Harbour scheme for ensuring adequate data protection to EU
standards and I see from section B8 of the ICO's new Guide to Data
Protection that the Commission considers that personal data sent to the
US under the scheme is adequately protected.

The reason for the data cleanse is that most of the data was collected
when students first enrolled and much of it is therefore now out of
date.  The company uses Raiser's Edge software to automatically update
the personal data from the information it holds, for example from the
Royal Mail re-direction service.  I am told that this company and its
software is used by other universities.  

I have been asked to consider the transmission from a data protection
viewpoint and so far my concerns are around the fact that this data
cleanse was not anticipated when the University originally collected the
personal data and therefore was not notified to students in a privacy
notice.  Should I be concerned about this? Are there other issues I
should be concerned about?

Many thanks


Ann-Marie Noble
Secretariat and Legal Services
University of Lincoln

Email: [log in to unmask]

 
The information in this e-mail and any attachments may be confidential. If you have received this email in error please notify the sender immediately and remove it from your system. Do not disclose the contents to another person or take copies.
 
Email is not secure and may contain viruses. The University of Lincoln makes every effort to ensure email is sent without viruses, but cannot guarantee this and recommends recipients take appropriate precautions.
 
The University may monitor email traffic data and content in accordance with its policies and English law. Further information can be found at: http://www.lincoln.ac.uk/legal.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^