Thank you all – well they do say you learn something new every day and I certainly have….
Regards,
Doreen
From: Lawrence Serewicz [mailto:[log in to unmask]]
Sent: 28 November 2013 15:44
To: Broom, Doreen; [log in to unmask]
Subject: RE: Data Controller or Not
Having access does not make you the controller. A reader has access to my book but that access does not make the a controller.
You need a contractual relationship to be one or the other. To the extent your access is controlled by legislation rather than contract you cannot be a data controller.
The dwp through the law determines the purposes of processing.
To the extent you down load and control the data, spreadsheet ot screen shot, you become a data controller, but it stops being dwp info once you take ownership in that way. In much the same way that a police report in your possession for your purposes makes you a data controller.
The dwp will have strict controls over what can and cannot be done with their data in a way the police cannot do with what they have disclosed, by giving you for your purposes, the report.
Is dwp data being used for any other purpose but dwp purposes per principle 2? Therein the distinction begins to emerge.
Best
Lawrence
Sent from my Windows Phone
________________________________
From: Broom, Doreen<mailto:[log in to unmask]>
Sent: ý28/ý11/ý2013 14:42
To: Lawrence Serewicz<mailto:[log in to unmask]>; [log in to unmask]<mailto:[log in to unmask]>
Subject: RE: Data Controller or Not
Lawrence – point noted. However, we have access to DWP data but that is certainly not our data and does not make us data controller….is it me or am I getting confused after all these years of DP!
Doreen
From: Lawrence Serewicz [mailto:[log in to unmask]]
Sent: 28 November 2013 14:31
To: Broom, Doreen; [log in to unmask]<mailto:[log in to unmask]>
Subject: RE: Data Controller or Not
Doreen,
I am with the ICO on this. Once you hold it for your purposes, you are the Data Controller.
Remember that you are only asking the other organisations their views. You are free to reject those views. A data processor would not be free to reject the view of the data controller.
Even a joint data controller would not work as they have disclosed the data to you for your purposes. They will need to do that aware of the purpose for which you will use it, which they are, but that does not make them joint data controllers because you have not set out the limits, a contract, of what will or will not be done with the data. You are not contractually obliged to consult or discuss how you will use data nor has the other party set out the limits of what will be done with the information.
I would recommend reading the Article 29 working group opinion on the data controller- data processing. They work through all the major points.
Best,
Lawrence
Principal Information Management Officer
Durham County Council
Room 4/143-148
County Hall
County Durham
DH1 5UF
03000 268038
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Broom, Doreen
Sent: 28 November 2013 14:22
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: [data-protection] Data Controller or Not
Hi All
I am in correspondence with ICO. Anyway, they have phoned me up as we have refused to provide a full copy of a Police Report to an applicant. We telephoned the Police to ask if we could and they asked us to get the applicant to write to them and they would explain why they had redacted certain information as the individual had already written to them (SAR). We were sent a copy by the Police as they asked that a Social Worker be present at the interview with the Police and the individual.
ICO’s office has said that as we have a copy of the Police Report we are now the Data Controller – that is not my interpretation – data processor surely – anyway I have always referred them to other agencies to obtain their information. However, on occasions I have written to NHS to ask permission to disclose certain Consultants’ Reports. On this occasion we did approach the Police and they have asked us not to disclose.
What is your interpretation of this – I certainly have never taken the view that just because we hold information sent to us by another organisation that we would then be the DC.
Any thoughts greatly appreciated,
Regards,
Doreen
Doreen Broom
Data Compliance Officer
Scottish Borders Council
Resources Department - BTS
Tel: 01835 826516
e-mail: [log in to unmask]<mailto:[log in to unmask]>
"**********************************************************************
This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************"
________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>
Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>
(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)
________________________________
________________________________
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
"**********************************************************************
This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************"
________________________________
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
"**********************************************************************
This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
