They are acting as a contractor to you and this technically are processing
data on your behalf, despite being uninterested in the data and only
processing it "by the way". But when they access your system they do access
the data and process it
A data processor contract with full confidentiality is what is needed here.
And yes, it sounds like overkill
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Hilary Lawrenson
Sent: 01 December 2005 16:34
To: [log in to unmask]
Subject: [data-protection] Is it a data processor?
A software company provides us with the software and technical support for
our HR records systems. We do all our inputting, so it isn't outsourced. The
software company do however log into our systems sometimes (via a modem or
in our office) to rectify faults, make changes to how it works, etc, and in
the course of doing so will see and have an effect on the information about
our employees. Does that make them a data processor?
I think not, but it's left me wondering what our relationship with them is
in DP terms, other than satisfying the 7th principle.
This started out with a request for me to write an information-sharing
agreement to go with the contract, but I came to a halt when I couldn't
actually think of any information that we are sharing. Do I need to do
anything other than agreeing a confidentiality clause to cover what they
might incidentally see?
Hilary Lawrenson, Data Protection Officer National Probation Service - South
Yorkshire Head Office
45 Division Street
Sheffield, S1 4GE
Tel 0114 276 6911
Fax 0114 276 1967
********************************************************
This email & any files transmitted with it are private & intended solely for
the use of the individual or entity to whom they are addressed. If you are
not the intended recipient, the e-mail & any attachments have been
transmitted to you in error & any copying, distribution or use of the
information contained in them is strictly prohibited.
The National Probation Service may monitor the content of the e-mails sent &
received via its network for the purposes of ensuring compliance with its
policies & procedures.
Any views or opinions presented are only those of the author & not those of
the National Probation Service.
*********************************************************
This message has been checked for all email viruses by the Energis
NetscanCentral solution.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|