Teresa – the Duty Social Worker was asked to attend the interview with the Police – vulnerable adult. I was always of the view that a data controller who creates documents also determines the purpose for which it is used. I am just wondering about us employing companies who host services for us i.e. they hold our data on their servers – does that mean that they are also Data Controllers or if we have a contract in place, surely we must determine how the data is to be used?
Doreen
From: Gudge Teresa (AVON AND WILTSHIRE MENTAL HEALTH PARTNERSHIP NHS TRUST) [mailto:[log in to unmask]]
Sent: 28 November 2013 15:01
To: Broom, Doreen; [log in to unmask]
Subject: RE: Data Controller or Not
Doreen - why were you in possession of the report ? had it been given to you by the Police ? for what purpose ?
why would you feel it necessray to ask the Police if you could pass it on ? presumably because you believe it still belongs to the Police ? so under what basis did you have it ??
T
Teresa Gudge
IT Security Specialist
BCS-ISEB Certificate Information Security Manager
ISEB - Data Protection
Avon and Wiltshire Mental health Partnership NHS Trust
01225 731774 Mobile 0782 6953268
From: This list is for those interested in Data Protection issues [[log in to unmask]] On Behalf Of Broom, Doreen [[log in to unmask]]
Sent: 28 November 2013 14:42
To: [log in to unmask]
Subject: Re: [data-protection] Data Controller or Not
Lawrence – point noted. However, we have access to DWP data but that is certainly not our data and does not make us data controller….is it me or am I getting confused after all these years of DP!
Doreen
From: Lawrence Serewicz [mailto:[log in to unmask]]
Sent: 28 November 2013 14:31
To: Broom, Doreen; [log in to unmask]
Subject: RE: Data Controller or Not
Doreen,
I am with the ICO on this. Once you hold it for your purposes, you are the Data Controller.
Remember that you are only asking the other organisations their views. You are free to reject those views. A data processor would not be free to reject the view of the data controller.
Even a joint data controller would not work as they have disclosed the data to you for your purposes. They will need to do that aware of the purpose for which you will use it, which they are, but that does not make them joint data controllers because you have not set out the limits, a contract, of what will or will not be done with the data. You are not contractually obliged to consult or discuss how you will use data nor has the other party set out the limits of what will be done with the information.
I would recommend reading the Article 29 working group opinion on the data controller- data processing. They work through all the major points.
Best,
Lawrence
Principal Information Management Officer
Durham County Council
Room 4/143-148
County Hall
County Durham
DH1 5UF
03000 268038
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Broom, Doreen
Sent: 28 November 2013 14:22
To: [log in to unmask]
Subject: [data-protection] Data Controller or Not
Hi All
I am in correspondence with ICO. Anyway, they have phoned me up as we have refused to provide a full copy of a Police Report to an applicant. We telephoned the Police to ask if we could and they asked us to get the applicant to write to them and they would explain why they had redacted certain information as the individual had already written to them (SAR). We were sent a copy by the Police as they asked that a Social Worker be present at the interview with the Police and the individual.
ICO’s office has said that as we have a copy of the Police Report we are now the Data Controller – that is not my interpretation – data processor surely – anyway I have always referred them to other agencies to obtain their information. However, on occasions I have written to NHS to ask permission to disclose certain Consultants’ Reports. On this occasion we did approach the Police and they have asked us not to disclose.
What is your interpretation of this – I certainly have never taken the view that just because we hold information sent to us by another organisation that we would then be the DC.
Any thoughts greatly appreciated,
Regards,
Doreen
Doreen Broom
Data Compliance Officer
Scottish Borders Council
Resources Department - BTS
Tel: 01835 826516
e-mail: [log in to unmask]
"**********************************************************************This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************" All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
"**********************************************************************This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************" All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
********************************************************************************************************************
This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be accessed anywhere
********************************************************************************************************************
"********************************************************************** This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system. The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council. Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************"