Thanks. I think I understand your position.

The Facebook comparison earlier was probably not the best analogy to begin with. The Facebook scenario revolves around the other organization keeping the privacy of our personal information. As a user you probably don't want your information used without your consent, and to do so would be just plain bad form. In fact, that seems to be at the center of the previously cited Facebook dispute?

In my particular situation, the disclaimer revolves around the privacy of the other organization.

Let's say, for example, we are a hospital and we are required to send our patient data to a national patient registry. We have access to our (and only our) patient records through the national system. We also keep our own copies of the records, and from time to time it becomes necessary compare our system with the national system to correct errors on either side. The application I'm building is an automated bridge between the our system and the national system. The disclaimer in question comes from the national system with regards to the privacy of their data (and rightly so). We as a hospital, obviouly have our own privacy/security procedures.

Except for changing the names and faces and organizations of the people involved, that pretty nearly nails my current direction.

To continue with this example, is it enough for the hospital administrator to authorize access to the national system from my application without requiring other staff members accept the national privacy statement? I suppose even the answer to this question biased by the organizations involved. The local aquarium club probably doesn't rate the same level of privacy as say the department of national defense.