The issue to me is not whether the person issuing the SAR is willing to
submit such proof.  Rather it is being seen both to protect their rights as
a data subject and to protect the rights of any data subject that he or she
may be seeking to impersonate for reasons unknown.

It is a matter of process being shown to anyone who complains about data
escaping incorrectly, or the potential for data to escape incorrectly as
well as protecting the rights of the person who has bona fide access to
their data record.  The view I am taking is that, provided this is a part of
your process, then no-one can object to it.


Tim Trent - Consultant
Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
email: [log in to unmask]
<mailto:[log in to unmask]>
Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
United Kingdom, RG12 1BP
http://www.marketingimprovement.com <http://www.marketingimprovement.com>



This message is for the intended addressee's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mis-transmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is
authorised to state them to be the views of any such entity.



-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Carolyn Howard
Sent: Wednesday, October 22, 2003 9:24 AM
To: [log in to unmask]
Subject: Re: [data-protection] Verifying identification & bought-in lists

Re certified photo evidence as proof of identity - why is a photo needed?
It seems that the subject is objecting to his inclusion on a mailing list -
the data controller in this case won't be able to prove identity because
he/she is provided with a photo and I suspect this subject will not be happy
to provide further info to this degree - why should the data controller get
to see, for example, his driving licence or passport?  Also, why should the
subject be put to the extra expense and inconvenience of getting proof of
identity certified?  I can see that in certain sensitive circumstances the
requirement for such a degree of proof might be necessary, but not here.
Para 4.1.3 of the IC's Legal Guidance offers guidance.

Date sent:              Tue, 21 Oct 2003 10:02:53 +0100
Send reply to:          Tim Trent <[log in to unmask]>
From:                   Tim Trent <[log in to unmask]>
Subject:                Re: [data-protection] Verifying identification &
bought-in lists
To:                     [log in to unmask]

> I'm afraid you have to bite your tongue with his sarcasm and respond
> by being overwhelmingly charming.
>
> I think it is fair to ask for documentary proof of identity.  After
> all you have to protect yourself from sending data to an incorrect
> individual.  A logical form of identity is payment by cheque drawn on
> his named account plus a certified copy of a photo-id of relevance.
>
> As for mailing lists, don't get me started!
>
> Apart from generally being poor quality (OK, if you sell a good
> quality list just say so!  We'd like to know how good you really are!)
> they are usually very poorly reduplicated (We have just received an
> alleged list of 63,000 names bought by a client for a campaign which
> netts down to about 12,000 usable ones!).  And if they have email
> addresses in and are released to you then we totally distrust their
> legality and advise most strongly "DO NOT USE" [ASA and "The Training
> Guild" applies here - see Google and our website].  After all, have
> any of you ever been asked for your email address with "permission to
> sell it to unspecified third parties for unspecified purposes"?
>
> Snail mail and telephone lists are generally better the more expensive
> they are.  But that is not a hard and fast rule, and is open to price
> abuse. Data evaporates at approximately 20% per annum.  If the data
> subjects are students (hence mobile population) the evaporation rate
> is substantially higher.
>
>
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> email: [log in to unmask]
> <mailto:[log in to unmask]>
> Marketing Improvement Limited, Abbey House, Grenville Place,
> Bracknell, United Kingdom, RG12 1BP
> http://www.marketingimprovement.com
> <http://www.marketingimprovement.com>
>
>
>
> This message is for the intended addressee's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any
> mis-transmission. If you receive this message in error, please
> immediately delete it and all copies of it from your system, destroy
> any hard copies of it and notify the sender. You must not, directly or
> indirectly, use, disclose, distribute, print, or copy any part of this
> message if you are not the intended recipient. Any views expressed in
> this message are those of the individual sender, except where the
> message states otherwise and the sender is authorised to state them to
> be the views of any such entity.
>
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Paula Owen Sent:
> Tuesday, October 21, 2003 9:39 AM To: [log in to unmask]
> Subject: [data-protection] Verifying identification & bought-in lists
>
> Hi All
>
> I've had my first complaint/SAR from an customer - we have been beyond
> reproach before ;-)
>
> It is a very sarcastic letter and concerns a mailout sent to this
> chap's parent's home (where he has not lived for 18 months).  The
> reason we have had this complaint, and others, is that we bought in
> lists from outside (in good faith).
>
> I have 2 questions:
>
>  - how do people ask for proof of identity on a written SAR?  As he is
> being rude and sarcastic and quoting DP '98 word for word I want to
> make sure I do everything totally by the book - hence I feel I should
> require him to prove his identity before I carry out the SAR.  But I'm
> not sure what type of proof I should ask for???  Can people give me
> any examples of what they do?
>
>  - my other question is regarding bought in lists.  I was not
> consulted by the marketing team before they did this, for which there
> will be words, but it's done now and we must face the consequences.
> What assurances can you get from your contractors and suppliers of
> these lists that they are 'clean' and up to date (as other complaints
> have been about deceased recipients of our letters).
>
> We bought in 1 million names so approx 10 complaints so far isn't too
> bad I assume, but as we try to be as 'best practice' as possible, this
> really is dissappointing.
>
> Thanks for any replies/advice in advance
>
> Paula
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^