Does the US have juristriction over the whole world?
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sun Nov 27 14:58:28 GMT 2011
Roland Perry wrote:
> In article <4ED235F0.2040403 at zen.co.uk>, Peter Fairbrother
>> Hmmm, "imposing suitable controls on their chain of supply" sounds
>> very much like "a degree of micro-management of the supplier (and
>> their subcontractors etc) far in excess of a normal contractual
>> relationship".
>
> Their suppliers are one stage removed compared to yourself. So while
> they should be expected to check out the people they rent rackspace
> from, you shouldn't need to.
Perhaps you shouldn't (though I very much think you should). But a data
controller is *required* to do so by the DPA.
The rackspace people are data processors, and the data controller is
required to "choose a data processor providing sufficient guarantees in
respect of the technical and organisational security measures governing
the processing to be carried out" and to "take reasonable steps to
ensure compliance with those measures".
That is not something he can subcontract out. It's his responsibility to
choose _each and every one_ of the data processors in this way. See DPA
Sch.1 part2 s.11.
-- Peter Fairbrother
More information about the ukcrypto
mailing list