Has anybody found anything particularly useful or advisible to enforce the right to have a password changed for IT security reasons from a data processor / data controller? I have found defective procedures exist on a number of websites including for instance Transport for London Procurement platform. If anything wrong happens, as everybody knows, data controllers tend to transfer responsibilities to data processors and viceversa - whereas the main point should be assuring compliance and auditing of a records management procedure, no matter who is in charge of hardware / software systems. Thanks for suggestions / experiences Brunella Longo http://www.brunellalongo.co.uk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^