JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for DATA-PROTECTION Archives


DATA-PROTECTION Archives

DATA-PROTECTION Archives


data-protection@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

DATA-PROTECTION Home

DATA-PROTECTION Home

DATA-PROTECTION  September 2012

DATA-PROTECTION September 2012

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: Outsourcing

From:

Paul Ticher <[log in to unmask]>

Reply-To:

Paul Ticher <[log in to unmask]>

Date:

Mon, 17 Sep 2012 12:20:20 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (223 lines)

Alternatively, assume that passing data to a Data Processor does fall within 
the definition of processing (the simplest option) and agree with the 
Information Commissioner that there are so many bits missing from Schedule 3 
+ SI2000 no.417 that the provisions for sensitive data are effectively a 
dead letter.


Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB

For continuous priority support on Data Protection, sign up to my support 
service:
www.paulticher.com/data-protection-services


----- Original Message ----- 
From: "Marchini, Renzo" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, September 17, 2012 9:46 AM
Subject: Re: Outsourcing


There is another view to that expressed in out-law.com.

Their analysis depends on the passing of data by a controller to a processor 
itself being an act of "processing" for which you need to find a legal basis 
(schedule 3). If it is, then of course, many, many, many outsourcings which 
happen on a daily basis could not take place - since it is almost impossible 
to find a schedule 3 condition.

(The problem does not arise for non-sensitive data since you could generally 
rely on para 6 of schedule 2).

Instead, one can take the view that that passing (of data from controller to 
processor) is not an act of "processing". You then don't need to find a 
schedule 3 condition.

There is logic in this view: the controller remains responsible for the act 
of the processor, the controller still needs to comply with paras 11 and 12 
of schedule 1 and so on, data subject's are not prejudiced since all other 
provisions of the DPA apply (including organizational and technical security 
and so on - which may be the real issue in this news story).

There is support in the language of the definitions: "processing" doesn't 
expressly refer to "passing" data (by any terms) - the closest you get is 
"disclosure" in para (c) of Section 1(1) - but giving it to a processor 
(acting on a controller's behalf only) can hardly be called "disclosure". 
The introductory words before the examples in (a) to (d) are likewise a 
little difficult to make clearly fit this situation: giving data to a 
processor to act on a controller's behalf is not "obtaining, recording or 
holding".  (It is true that the processor "holds" the data - but there is no 
need to find a schedule 2 or 3 condition in the hands of the processor - 
since it is only the controller that needs to have the legitimizing basis). 
It might, just, be the "carrying out of an operation" - but that to me 
implies some sort of use of the information in the data.

I realize this is a rather pragmatic analysis to get out us of the need to 
find a schedule 3 basis, but how else does one do it?

Renzo Marchini
Counsel
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]<mailto:[log in to unmask]>
www.dechert.com<http://www.dechert.com/>

From: This list is for those interested in Data Protection issues 
[mailto:[log in to unmask]] On Behalf Of Ray Cooke
Sent: 17 September 2012 08:48
To: [log in to unmask]
Subject: Re: [data-protection] Outsourcing

V. interesting.  The reference in the article to "sections 11 and 12 of the 
DPA" is not quite right though, is it?  This must be a reference to paras 11 
and 12 of Schedule 1, Part II which set out the requirements for data 
processors relating to the seventh, security, principle.  These are 
ingrained in my memory because of the need to bang on so much about the 
issues relating to outsourcing to data processors.


Ray Cooke

tel: +44 (0)1865 484354
fax: +44 (0)1865 483330

www.brookes.ac.uk<http://www.brookes.ac.uk>

On 17 September 2012 08:15, 
<[log in to unmask]<mailto:[log in to unmask]>> wrote:
ICO's 'pragmatic' view of outsourcing rules on sensitive personal data 
processing may be without legal basis, claim experts

http://www.out-law.com/en/articles/2012/september/icos-pragmatic-view-of-outsourcing-rules-on-sensitive-personal-data-processing-may-be-without-legal-basis-claim-experts/


Regards

Ibrahim Hasan

Www.actnow.org.uk<http://Www.actnow.org.uk>

________________________________

All archives of messages are stored permanently and are available to the 
world wide web community at large at 
http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the 
email if you are receiving emails in HTML format):

 *   Leaving this list: send leave data-protection to 
[log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE+data-protection>
 *   Suspending emails from all JISCMail lists: send SET * NOMAIL to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET+*+NOMAIL>
 *   To receive emails from this list in text format: send SET 
data-protection NOHTML to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET+data-protection+NOHTML>
 *   To receive emails from this list in HTML format: send SET 
data-protection HTML to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET+data-protection+HTML>

All user commands can be found at 
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an 
otherwise blank email to 
[log in to unmask]<mailto:[log in to unmask]>

Any queries about sending or receiving messages please send to the list 
owner 
[log in to unmask]<mailto:[log in to unmask]>

(Please send all commands to 
[log in to unmask]<mailto:[log in to unmask]> not the list or the 
moderators, and all requests for technical help to 
[log in to unmask]<mailto:[log in to unmask]>, the general office 
helpline)

________________________________

________________________________

All archives of messages are stored permanently and are available to the 
world wide web community at large at 
http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the 
email if you are receiving emails in HTML format):

 *   Leaving this list: send leave data-protection to 
[log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
 *   Suspending emails from all JISCMail lists: send SET * NOMAIL to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
 *   To receive emails from this list in text format: send SET 
data-protection NOHTML to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
 *   To receive emails from this list in HTML format: send SET 
data-protection HTML to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>

All user commands can be found at 
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an 
otherwise blank email to 
[log in to unmask]<mailto:[log in to unmask]>

Any queries about sending or receiving messages please send to the list 
owner 
[log in to unmask]<mailto:[log in to unmask]>

(Please send all commands to 
[log in to unmask]<mailto:[log in to unmask]> not the list or the 
moderators, and all requests for technical help to 
[log in to unmask]<mailto:[log in to unmask]>, the general office 
helpline)

________________________________



 This e-mail is from Dechert LLP, a law firm, and may contain information 
that is confidential or privileged. If you are not the intended recipient, 
please delete the e-mail and any attachments, and notify the sender. Dechert 
LLP is a limited liability partnership registered in England & Wales 
(Registered No. OC306029) and is authorised and regulated by the Solicitors 
Regulation Authority. A list of names of the members of Dechert LLP (who are 
solicitors or registered foreign lawyers) is available for inspection at its 
registered office, 160 Queen Victoria Street, London EC4V 4QQ.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at 
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list 
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your 
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager