[BNM] data protection Q

Joe Aliferis joe at newforms.co.uk
Thu Nov 29 10:52:34 GMT 2007 

Thanks Andrew

I'd like to re-phrase and re-circulate this question to try and get more 
views

----------------------------------------------------------------------------

Company A = supplier
Company B = client

Company A supplies a web-application product/service to Company B

The product resides on Company A's server (rack mounted/data centre)

Company B supplies contact data to Company A to populate the application 
(name/email)

Contact data is imported into Company A's web database for use by 
application.

Company B uses application to send mailshots to their contacts

Company A backs up database nightly

----------------------------------------------------------------------------

Setting aside the issues of server and application security, Company B 
is worried about implications of putting their contact data into Company 
A's database.

How does Company A reassure Company B that they will not copy/use/sell 
the contact data to another party or use it for their own purposes?

Merci

Joe







Andrew Mann wrote:
> You are right and so a legal agreement is needed. This should cover a  
> whole range of things to protect you and display that you have been  
> responsible when it comes to data.
>
> There must also be a point at which Rackspace have a legal  
> responsibility not to copy data, and have security measures so that  
> unauthorised individuals could access the hardware.
>
> You can obviously demonstrate how serious you are by what software  
> you run, ie everything running on the server has a good security  
> history or you have written yourself.
>
> This is also demonstrated by your back up procedures and levels of  
> redundancy so that there are no single points of failure.
>
> Your password system to give people access is of a sufficient level,  
> so unauthorised entry is near impossible.
>
> Your customer also needs to sign a legal document to agree to the  
> online laws about electronic marketing and how their lists are  
> created and that they have permission to email the individuals.
> This is really of greater concern when email marketing in Spain and  
> Germany as they enforce the laws, that said, the UK is going in the  
> same direction.
>
> The best place to start looking and ask questions would be here at  
> the Information Commissioner's Office http://www.ico.gov.uk/
>
> Sorry to say the right way to do this is with a lawyer, the good  
> thing is that it is more a less a one off to get the right documents  
> drawn up.
>
> Hope that helps, yours Andrew
>
>   
>> On 28 Nov 2007, at 16:36, Joe Aliferis wrote:
>>
>> It seems to me that the default position would be that any data that
>> forms part of product supplied by us, that they import into a database
>> running on our server, belongs to them and we would have no right to
>> copy or sell that data to any other parties.
>>
>> Can anyone shed light?
>>
>> Appreciated
>>
>> joe
>> -- 
>>     
>
>
>
>

More information about the BNMlist mailing list. Powered by Wessex Networks