In message <[log in to unmask]>, at
11:11:34 on Tue, 12 Jun 2007, Lucy Fincham <[log in to unmask]>
writes
>We are considering buying some software from a company in the States which
>would hold personal data for us.
>
>The company doesn't seem to be registered with the Safe Harbor Arrangement,
>and anyway, even if it was, would the US Patriot Act over-ride this?
If your concern is that there's a law in the USA that would require
disclosure of data, then surely the situation would be the same as in
Europe - a lawful request over-rides any duty of confidentiality under
DPA.
(I once had occasion to chide a supplier whose T&C said that otherwise
confidential data would be released upon request from the police, and
pointed out that "lawful request" might be a more suitable position to
take. I only mention this as the list has from time to time explored the
characteristics of such requests, and what attributes would make them
lawful).
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|