Once and for all...

Domain names *have to* be unique. They are not sold, they are leased. So if
IBM at some point does not renew their domain name, you can buy it, which
would give you access to all the emails in the form of [log in to unmask]
(until they get it back off you!)

After MyCompany buys (leases) a domain name MyCompany.com, somebody has to
then "host" the email addresses (and website, etc) for the domain, as this
requires an investment in machinary and relevant IT skills. The hosting
company (might be MyCompany itself) can than create the [log in to unmask]
where "name" has to be unique.

Legally, data controller of the email should be the owner of the domain name
MyCompany.com and therefore should have a code of practice in place for the
usage of email accounts created for individuals. I know some companies make
their employees sign a contract before giving them an email address in order
to get rid off the responsibility if the person decides to email his old pal
Osama.

But anyway, due to the nature of email accounts I explained above, they are
potentially personal identifiers. Even when they don't identify a person
directly, e.g. [log in to unmask], they can still be traced back to an
individual given as the administrative or technical contact for
MyCompany.com. And because of this, here at Sibilo, we use email accounts as
a unique ID for people. If you are doing business with us, I only need your
email to pull your and your organization's records.

Regardless of being a personal or business email, an email is still a
personal identifier and for me as good as a picture.

But.... If this is the case, when a data subject access request is received,
I should then collect all the emails exchanged within the company that
includes the data subject's email address (might include "opinions"), which
would then require a certain type of email system to be installed within the
organization and none of the Outlook Express stuff. And there may be many
many more complications from that point of view.

Ekin
Sibilo.co.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^