Does the US have juristriction over the whole world?

Peter Fairbrother zenadsl6186 at
Sun Nov 27 14:58:28 GMT 2011

Roland Perry wrote:
> In article <4ED235F0.2040403 at>, Peter Fairbrother 

>> Hmmm, "imposing suitable controls on their chain of supply" sounds 
>> very much like "a degree of micro-management of the supplier (and 
>> their subcontractors etc) far in excess of a normal contractual 
>> relationship".
> Their suppliers are one stage removed compared to yourself. So while 
> they should be expected to check out the people they rent rackspace 
> from, you shouldn't need to. 

Perhaps you shouldn't (though I very much think you should). But a data 
controller is *required* to do so by the DPA.

The rackspace people are data processors, and the data controller is 
required to "choose a data processor providing sufficient guarantees in 
respect of the technical and organisational security measures governing 
the processing to be carried out" and to "take reasonable steps to 
ensure compliance with those measures".

That is not something he can subcontract out. It's his responsibility to 
choose _each and every one_ of the data processors in this way. See DPA 
Sch.1 part2 s.11.

-- Peter Fairbrother

More information about the ukcrypto mailing list