JISCMail - DATA-PROTECTION Archives

Data Controllers are *responsible* - for the selection, implementation and operation of appropriate controls.  The issue revolves around accountability ... to the regulator and to Data Subjects.

In the past year I have advised on and dealt with several 'incidents' that led to complaints to the ICO, ranging from tens of thousands of inaccurate records caused by a systemic error (awaiting decision) to one about three letters erroneously inserted in a mailing where the only personal data were names and addresses ("non-compliant").

The determination and measure of an *incident* is not wholly within the Data Controller's control.

The determination and measure of a "breach" of the Act/Regulations (i.e., a "non-compliance) lies with the ICO.

Regards - Michael Bacon
Grimbaldus Limited

> On 30 Jan 2015, at 11:59, Jonathan Baines <[log in to unmask]> wrote:
> 
> You're adopting my "ad absurdum" argument ;-)
> 
> My theoretical rogue employee has had training, but has chosen to ignore it. He knows there is a policy requiring encryption of all portable hardware, and banning sending it in the post, but has chosen to ignore that too.
> 
> If data controllers were responsible for every data security incident because there mere fact an incident happened meant there had been a failure of controls, then DPP7 (and the interpretative guide in Part II of Sch.1) would be rendered absurd.
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>     If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
>              [log in to unmask]
>  Full help Desk - please email [log in to unmask] describing your needs
>        To receive these emails in HTML format send the command:
>         SET data-protection HTML to [log in to unmask]
>   (all commands go to [log in to unmask] not the list please)
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^