OK Charles Im bored again
I don't dispute an email address should be unique thats an IT system
perspective. However human error shows this is not always true.
However giving the drafting of the Act a single item of information on its
own cannot be personal data (data being plural) so arguing an email address
is personal data is false. Even a 'name' on its own is not personal data but
simply a datum. How can a name be proved unique?
Moving swiftly on to the element of the definition 'data which may come into
the possession of the data controller'. If your data is not uniquely
identifiable in the first place how can you be sure you have a correct match
with third party data sources even if you can lawfully have access their
data. e.g J Smith = J Smith or email address = email address? I accept
that many matching processes are more sophisticated than this but many also
have errors in assumption. The risks from data mismatch and sharing were
drivers for granting individuals legislative rights in respect personal data
processing transparency and access.(But balancing the access right via
drafting with a discretion given to judges to overule access rights aka
Durant)
Then theres a question of lawful disclosures to allow data to be shared.
Leaving aside criminal investigations or stautory obligation, is the lawful
means of obtaining personal data from sources other than the data subject as
common as we may believe. Im not aware of any controller who has advised me
when collecting data from me it will disclose to anyone who asks. Certainly
not my ISP who manages my subscriber details and can connect such data with
my email addresses.
All the above are technical arguments but are possible as avenues of
exploration in disputes.
In practice however DPA compliance boils down to simply a risk assessment
exercise by each controller.
Can I have a subject access by email now? ;-) ZZZZZZZZZzzzzzzzzzzzzzzz
sleep.
David Wyatt
----- Original Message -----
From: "Charles Christacopoulos" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, June 08, 2004 1:31 PM
Subject: Re: [data-protection] Email address is personal data?
** Reply to note from Tony Bowden <[log in to unmask]> Tue, 8 Jun 2004
13:12:26 +0100
> > "[log in to unmask]" is sufficient to identify me whereas
> > "enquiries@.." is not.
>
> What if multiple people in the same company have the same name?
I think David Wyatt was bored last night
The email address will be still unique. So if you have a J(ohn) Smith who
is at
marketing and a J(oanne) Smith at manufacturing the email system will have
to be
able to separate them. In our case we add extra initials, others may use
subdomains etc.
Unless one of the very basics of the act has fallen on its head, ie. that
personal
data are any information which can be used to identify a living individual
which
and which is in the posession or may come in the posession of the data
controller.
So even if one does not know who [log in to unmask] is ... if together with
other information it can be used to identify a living individual then it is
personal
data.
My point is that in most instances an email address will be personal data
EVEN if
it does not show a person's actual name on it.
The exception to the rule would be the so called generic addresses, eg.
[log in to unmask] which could be answer by a team of people ... and if the
responses do not include the sales person personal details.
Charles
--
Charles Christacopoulos, Management Information Officer,
Planning & Information, University of Dundee, Dundee, DD1 4HN,
Scotland, United Kingdom. Tel: 44(0)1382-344891. Fax: 44(0)1382-348845.
http://www.somis.dundee.ac.uk/ ::egothor http://www.egothor.org/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|