JISCMail - DATA-PROTECTION Archives

Worth looking at the ICO’s monetary penalty on the Crown Prosecution
Service from November 2015 for CPS mishandling of a similar situation.

-- 
Tim Turner


On 8 July 2016 at 11:38:55, Phil Bradshaw ([log in to unmask]) wrote:

Absolutely nothing wrong with this as long as you have a solid data
processing contract compliant with principle 7 ...

AND

have very careful regard to the other requirements of P7 in particular:
"choose a data processor providing sufficient guarantees in respect of the
technical and organisational security measures governing the processing to
be carried out, and take reasonable steps to ensure compliance with those
measures."

Signed confidentiality agreements is clearly not enough. Full due
diligence. Probably need verifiable DBS checks on all who have access.
Ensure contractor staff appropriately trained (including specific awareness
of potential criminal liabilty under s55 DPA and Computer Misuse Act) and
verify all of above by audit would be a minimum.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^