JISCMail - DATA-PROTECTION Archives

Hi All,

 

Just a bit of a query. When you have a data processing contract in place with an organisation who is dealing with your personal information on your behalf, as well as identifying explicitly what the organisation can and cannot do with the information and what security measures they need to have in place; does anyone include (or think that you should include) a clause, that if the Data Processor has a security breach that they are responsible for (as it goes against the instructions in the agreement), that the Data Processor are then liable for the fine (if applicable) from the ICO? Because I know it is the Data Controller who is held responsible by the ICO not the Data Processor, but what happens if you have done everything in your power i.e. put the clauses in place and you audit them?

 

So I guess my query is, do people think that you need to/can you include a clause like this or would the ICO in this instance not hold you responsible?

 

Thanks for your help in advance. 

 

Kind Regards,

 

April Murphy

Information Governance Support Officer

 

Tel:  0151 443 4660 

Knowsley Council êComputer Centre êWestmorland  Road êHuyton êL36 9GL

 

P Save a tree . . . please do not print this e-mail unless you really need to.

 


 
This e-mail and any attachments are confidential. It may contain privileged information and is intended for the named recipient(s) only. It must not be distributed without consent. If you are not one of the intended recipients, please notify the sender immediately and do not disclose, distribute, or retain this email or any part of it and do not take any action based on it.
 
Unless expressly stated, opinions in this email are those of the individual sender, and not of Knowsley MBC. Legally binding obligations can only be created for, or be entered into on behalf of, Knowsley MBC by duly authorised officers or representatives.

Knowsley MBC excludes any liability whatsoever for any offence caused, any direct or consequential loss arising from the use, or reliance on, this e-mail or its contents. We believe but do not warrant that this e-mail and any attachments are virus free.  You must therefore take full responsibility for virus checking and no responsibility is accepted for loss or damage arising from viruses or changes made to this message after it was sent. Knowsley MBC reserves the right to monitor and/or record all e-mail communications through its network in accordance with relevant legislation.
 
 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^