I would say yes, public authority is data controller and third party is thus a processor......and....if that is what they need to do a demo, I would not touch it with a bargepole!
Iain Harrison
Information Governance Advisor
T: 01926 883040
E: [log in to unmask]<mailto:[log in to unmask]>
www.wrighthassall.co.uk<http://www.wrighthassall.co.uk/>
________________________________
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Amy Jaines
Sent: 05 August 2014 13:37
To: [log in to unmask]
Subject: [data-protection] Use of Personal Data for Product Demonstrations
Hello,
I would appreciate any thoughts that the list may have on the following scenario.
The scenario is as follows:
Public authority has been approached by a third party in relation to a product they offer. Public authority is interested in the product and would like a demonstration. Third party state that in order to provide a demonstration they will need access to a large amount of historical personal data held by the authority to run through their system. Third party has offered a 'Mutual Confidentiality Agreement' but this does not mention DPA obligations.
Public authority, as far as I understand, remains data controller for the data as in these circumstances they have determined the purpose for which the data is to be processed and the third party is merely offering a product that will achieve that purpose, thereby third party is a data processor.
My view is that even for the purposes of a demonstration, if personal data is going to be passed to the third party a contractual arrangement must be in place that satisfies the requirements of Principle 7 although am happy to receive any views to the contrary if I am mistaken.
Many thanks in advance.
Kind regards,
Amy Jaines
________________________________
Note: We are a Microsoft Office site. Our base version is 2010. Please make sure that files you send can be read in this format. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail is strictly prohibited save unless expressly authorised by the sender. The information contained in this message is intended for the named recipients only. It may contain privileged and confidential information and if you are not the addressee or the person responsible for delivering this to the addressee, you may not copy, distribute or take action in reliance on it. If you have received this message in error, please notify the sender(s) immediately by telephone. Please also destroy and delete as soon as possible the message from your computer. ********************************************************************************* *********************************************************************************
________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>
Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>
(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)
________________________________
Disclaimer
Please consider the environment before printing this email.
This message and any files transmitted with it is intended for the addressee only and may contain information that is confidential or privileged. If you are not the addressee, please advise us of its receipt immediately and delete it.
Unauthorised use is strictly prohibited and may be unlawful. If you are not the addressee, you should not read, copy, disclose or otherwise use this message, except for the purpose of delivery to the addressee.
Wright Hassall LLP is a Limited Liability Partnership - Registered in England & Wales No. OC315843
Registered Office: Olympus Avenue, Leamington Spa, Warwickshire CV34 6BF England
Authorised and regulated by the Solicitors Regulation Authority under number 427848. The rules of the Solicitors' Regulation Authority can be accessed at www.sra.org.uk/solicitors/code-of-conduct.page
Authorised and regulated by the Financial Conduct Authority to carry out debt collection and debt administration activities in respect of agreements regulated by the Consumer Credit Act 1974 (amended 2006).
A reference to a partner of Wright Hassall LLP means a member or an employee, with partner status, of Wright Hassall LLP or Wright Hassall Leamington Limited. A list of partners is available for inspection at the Registered Office.
Wright Hassall LLP
Olympus Avenue, Leamington Spa, Warwickshire CV34 6BF England
Telephone: 01926 886688
Website: www.wrighthassall.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
