I don't see why they would need to disclose the actual data to a prospective
buyer. I assume that the supplier is a Data Processor. If the business is
transferred you would need a new contract with the new supplier, at which
point you would presumably transfer the data to them. I don't see how they
could sell the business as a going concern without at least giving you the
option to exercise your responsibilities as a Data Controller - see Schedule
1, Part II, s.11 & s.12, which say:
"11. Where processing of personal data is carried out by a data processor on
behalf of a data controller, the data controller must in order to comply
with the seventh principle-
(a) choose a data processor providing sufficient guarantees in respect of
the technical and organisational security measures governing the processing
to be carried out, and
(b) take reasonable steps to ensure compliance with those measures.
12. Where processing of personal data is carried out by a data processor on
behalf of a data controller, the data controller is not to be regarded as
complying with the seventh principle unless-
(a) the processing is carried out under a contract-
(i) which is made or evidenced in writing, and
(ii) under which the data processor is to act only on instructions from the
data controller, and
(b) the contract requires the data processor to comply with obligations
equivalent to those imposed on a data controller by the seventh principle."
The implication of s.11 is that you would have an obligation to satisfy
yourself that anyone taking over the business was competent - and it would
therefore be inappropriate for the personal data to be transferred to them
without your say-so.
You don't have to tell people their data is being handled by a Data
Processor (unless they are abroad) - because you (the Data Controller, not
you personally) are wholly responsible for any breach of data protection
they cause.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Julie Gibbs" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, January 22, 2007 11:12 AM
Subject: DP Clause in Contract Agreement
A bit of Monday morning advice please.
We are entering into an agreement with a supplier of personal security
devices for lone workers. One of the Data Protection clauses in the
agreement states that ".... will carry out the processing (as defined by
the Act) of personal data transmitted by or on behalf of the client only
to the extent necessary for the provision of the services and will not
divulge the whole or any part of the personal data to any person
except:...If ...... sells or buys any business or assets, in which case it
may disclose personal data to the prospective seller or buyer of such
business or assets."
Should we allow this clause? My own view is that it is ok provided the
data subjects are made aware of what might happen to their personal data
and that it will be used for the same purpose.
Thanks in advance.
Julie
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|