I would be interested in views expressed on whether passwords / keywords
allocated to individuals to enable secure access to information such as web
sites, bank accounts, employers systems etc are a 'personal datum' item.
I can find nothing in the DPA 98 which appears to allow the datum to be
argued as not part of personal data where linked to an identifiable living
individual.
Has anyone ever supplied the item as part of subject access?
What would be the response if an individual asks for the item as part of a
subject access?
Following the logic through unless an argument is found in the Acts content
an individual would appear to be in a position to drive for an issue of an
enforcement notice where a controller decides not to disclose.
There are difficult issues in extraction and secure disclosure of a password
in smartcards, security systems etc should it be argued the datum is part of
personal data. The issue must universal for all UK based organisations using
passwords.
My feel is passwords / keywords should be outside of the Act but not sure
where I find the supporting text in the legislation itself for this view.
David Wyatt
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|