[BNM] data protection Q

[Joe Aliferis]

yes, thanks

I am putting something together that covers all angles

Joe

Andrew Mann wrote:
> This is a question of trust, so by having a customer base who already  
> trust you then that should help to believe that you are as good as  
> your word.
>
> The other side of it is that if you did abuse their trust then you  
> would instantly destroy all your credibility and all you have work  
> for becomes pointless.
>
> So I would reassure them by explaining that it would be business  
> suicide and tell them about your "good citizenship" philosophy. This  
> would be done face to face as they do need to trust you and whatever  
> legal documentation there is, this is really about your integrity.
>
> Any help?
>
> Andrew
>
>
> On 29 Nov 2007, at 10:52, Joe Aliferis wrote:
>
> Thanks Andrew
>
> I'd like to re-phrase and re-circulate this question to try and get more
> views
>
> ------------------------------------------------------------------------ 
> ----
>
> Company A = supplier
> Company B = client
>
> Company A supplies a web-application product/service to Company B
>
> The product resides on Company A's server (rack mounted/data centre)
>
> Company B supplies contact data to Company A to populate the application
> (name/email)
>
> Contact data is imported into Company A's web database for use by
> application.
>
> Company B uses application to send mailshots to their contacts
>
> Company A backs up database nightly
>
> ------------------------------------------------------------------------ 
> ----
>
> Setting aside the issues of server and application security, Company B
> is worried about implications of putting their contact data into Company
> A's database.
>
> How does Company A reassure Company B that they will not copy/use/sell
> the contact data to another party or use it for their own purposes?
>
> Merci
>
> Joe
>
>
>
>
>
>
>
> Andrew Mann wrote:
>   
>> You are right and so a legal agreement is needed. This should cover a
>> whole range of things to protect you and display that you have been
>> responsible when it comes to data.
>>
>> There must also be a point at which Rackspace have a legal
>> responsibility not to copy data, and have security measures so that
>> unauthorised individuals could access the hardware.
>>
>> You can obviously demonstrate how serious you are by what software
>> you run, ie everything running on the server has a good security
>> history or you have written yourself.
>>
>> This is also demonstrated by your back up procedures and levels of
>> redundancy so that there are no single points of failure.
>>
>> Your password system to give people access is of a sufficient level,
>> so unauthorised entry is near impossible.
>>
>> Your customer also needs to sign a legal document to agree to the
>> online laws about electronic marketing and how their lists are
>> created and that they have permission to email the individuals.
>> This is really of greater concern when email marketing in Spain and
>> Germany as they enforce the laws, that said, the UK is going in the
>> same direction.
>>
>> The best place to start looking and ask questions would be here at
>> the Information Commissioner's Office http://www.ico.gov.uk/
>>
>> Sorry to say the right way to do this is with a lawyer, the good
>> thing is that it is more a less a one off to get the right documents
>> drawn up.
>>
>> Hope that helps, yours Andrew
>>
>>
>>     
>>> On 28 Nov 2007, at 16:36, Joe Aliferis wrote:
>>>
>>> It seems to me that the default position would be that any data that
>>> forms part of product supplied by us, that they import into a  
>>> database
>>> running on our server, belongs to them and we would have no right to
>>> copy or sell that data to any other parties.
>>>
>>> Can anyone shed light?
>>>
>>> Appreciated
>>>
>>> joe
>>> -- 
>>>
>>>       
>>
>>
>>