Hi All,
Just a bit of a query. When you have a data processing
contract in place with an organisation who is dealing with your personal
information on your behalf, as well as identifying explicitly what the
organisation can and cannot do with the information and what security measures
they need to have in place; does anyone include (or think that you should
include) a clause, that if the Data Processor has a security breach that they
are responsible for (as it goes against the instructions in the agreement), that
the Data Processor are then liable for the fine (if applicable) from the ICO?
Because I know it is the Data Controller who is held responsible by the ICO not
the Data Processor, but what happens if you have done everything in your power
i.e. put the clauses in place and you audit them?
So I guess my query is, do people think that you need to/can
you include a clause like this or would the ICO in this instance not hold you
responsible?
Thanks for your help in advance.
Kind Regards,
April Murphy
Information Governance Support Officer
Tel: 0151 443 4660
Knowsley Council êComputer
Centre êWestmorland
Road êHuyton êL36 9GL
P Save
a tree . . . please do not print this e-mail unless you really need to.
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)