I find this thread very interesting.
At Bath Spa University College we are often approached by third parties
who wish to contact a current or ex student. We have always taken the
approach that all of the contact data that we hold is privileged and
refuse aid the third party any more than agreeing to mail a letter from
them to the student.
If email addresses are not personal data this would suggest that I could
pass this on. However, I believe that this would be wrong because this
would allow the third party to harangue the student. The student may be
a debtor of the third party, an unwelcome admirer or a long lost friend.
I am not party to the student's thoughts so I can not know whether they
want this third party to be able to contact them.
Therefore I would always consider email addresses to be personal data.
Perhaps I have missed the point or have created too simplistic a model?
Maggi
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Jethro R Binks
Sent: 09 June 2004 10:02
To: [log in to unmask]
Subject: Re: Email address is personal data?
On Wed, 9 Jun 2004, Roland Perry wrote:
> In message <[log in to unmask]>, Tony Bowden
> <[log in to unmask]> writes
> >> >What if multiple people in the same company have the same name?
> >> What if multiple people in real life have the same name?
> >
> >Then your name, in and of itself, isn't enough to uniquely identify
> >you.
>
> In which case, as very few people have unique names [there's at least
> one other "Roland Perry", for example], are we to conclude that names
> aren't personal data?
I would say yes, unless you have other data that limits the scope. This
is a problem I've always had in understanding the consequences of the
DPA
(it isn't my area of expertise by a long shot, I happily defer to better
informed opinion on the list).
A name is just an arbitrary label, and is not unique. You need further
information to scope it to a particular individual.
Which of the Roland Perrys of the world are you speaking of? Surely it
all depends on the context that you are
investigating/requesting/whatever.
If an ISP or other org receives a request from the police for
transaction
data relating to "Joe Bloggs", and the org has a number of subscribers
called "Joe Bloggs", what do they do? I guess they ask for more context
or specific data to better identify which Joe Bloggs the police are
interested in.
If the org only has one "Joe Bloggs" - well then even then, do the
police
know, and have they stated, that this is a subscriber to the org? Maybe
they sent the same request for data about "Joe Bloggs" to all similar
orgs
in a trawling expedition. I don't like to think about that.
For a SAR, the request is from an individual about themselves to a
relevant organisation, so it is better scoped. However, if I were Joe
Bloggs and I wanted to ask my electricity company for a copy of personal
details, they would probably want my customer number, because it is that
which identifies me, not my name. Or perhaps a match on my address
would
be sufficient. Either way, the name on its own isn't sufficient, often,
unless relevantly scoped.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|