[BNM] data protection Q

Thu Nov 29 11:26:33 GMT 2007

thanks for that

you're right about trust - its just that these two companies have just 
met, introduced by a 3rd company

joe


Richard Maynard / Wessex Networks wrote:
> Company A needs a standard set of (signed) terms and conditions that
> stipulate non-disclosure of any information gained as a result of operating
> whatever agreement it is Company A and company B have.
>
> Short of it being plain illegal to take (steal) the data anyway (Data
> Protection Act) - the Ts and Cs should put company B's mind at rest.  If
> that isn't good enough, then it's not going to work.  If there is no trust,
> Company A and B are going to find it hard to get along no matter what the
> legal arrangement is.
>
> Regards
>
> Richard.
>
> Wessex Networks
> Linchmere Place
> Ifield
> Crawley
> West Sussex
> RH11 0EX
> www.wessexnetworks.com rjm at wessexnetworks.com
> T: 01293 542080 F: 01293 553849
>
> -----Original Message-----
> From: bnmlist-bounces at brightonnewmedia.org
> [mailto:bnmlist-bounces at brightonnewmedia.org] On Behalf Of Joe Aliferis
> Sent: 29 November 2007 10:53
> To: Brighton New Media
> Subject: Re: [BNM] data protection Q
>
> Thanks Andrew
>
> I'd like to re-phrase and re-circulate this question to try and get more 
> views
>
> ----------------------------------------------------------------------------
>
> Company A = supplier
> Company B = client
>
> Company A supplies a web-application product/service to Company B
>
> The product resides on Company A's server (rack mounted/data centre)
>
> Company B supplies contact data to Company A to populate the application 
> (name/email)
>
> Contact data is imported into Company A's web database for use by 
> application.
>
> Company B uses application to send mailshots to their contacts
>
> Company A backs up database nightly
>
> ----------------------------------------------------------------------------
>
> Setting aside the issues of server and application security, Company B 
> is worried about implications of putting their contact data into Company 
> A's database.
>
> How does Company A reassure Company B that they will not copy/use/sell 
> the contact data to another party or use it for their own purposes?
>
> Merci
>
> Joe
>
>
>
>
>
>
>
> Andrew Mann wrote:
>   
>> You are right and so a legal agreement is needed. This should cover a  
>> whole range of things to protect you and display that you have been  
>> responsible when it comes to data.
>>
>> There must also be a point at which Rackspace have a legal  
>> responsibility not to copy data, and have security measures so that  
>> unauthorised individuals could access the hardware.
>>
>> You can obviously demonstrate how serious you are by what software  
>> you run, ie everything running on the server has a good security  
>> history or you have written yourself.
>>
>> This is also demonstrated by your back up procedures and levels of  
>> redundancy so that there are no single points of failure.
>>
>> Your password system to give people access is of a sufficient level,  
>> so unauthorised entry is near impossible.
>>
>> Your customer also needs to sign a legal document to agree to the  
>> online laws about electronic marketing and how their lists are  
>> created and that they have permission to email the individuals.
>> This is really of greater concern when email marketing in Spain and  
>> Germany as they enforce the laws, that said, the UK is going in the  
>> same direction.
>>
>> The best place to start looking and ask questions would be here at  
>> the Information Commissioner's Office http://www.ico.gov.uk/
>>
>> Sorry to say the right way to do this is with a lawyer, the good  
>> thing is that it is more a less a one off to get the right documents  
>> drawn up.
>>
>> Hope that helps, yours Andrew
>>
>>   
>>     
>>> On 28 Nov 2007, at 16:36, Joe Aliferis wrote:
>>>
>>> It seems to me that the default position would be that any data that
>>> forms part of product supplied by us, that they import into a database
>>> running on our server, belongs to them and we would have no right to
>>> copy or sell that data to any other parties.
>>>
>>> Can anyone shed light?
>>>
>>> Appreciated
>>>
>>> joe
>>> -- 
>>>     
>>>       
>>
>>   
>>