Even if the name isn't of itself sufficient to identify a living individual,
if the name together with other information which is in the possession of,
or is likely to come into the possession of, the data controller then the
name is personal data.
Ian Mansbach
Mansbachs
Data Protection Practitioners
[log in to unmask]
phone: 0871 716 5060
international: +44 (871) 716 5060
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Jethro R Binks
Sent: 09 June 2004 10:02
To: [log in to unmask]
Subject: Re: [data-protection] Email address is personal data?
On Wed, 9 Jun 2004, Roland Perry wrote:
> In message <[log in to unmask]>, Tony Bowden
> <[log in to unmask]> writes
> >> >What if multiple people in the same company have the same name?
> >> What if multiple people in real life have the same name?
> >
> >Then your name, in and of itself, isn't enough to uniquely identify
> >you.
>
> In which case, as very few people have unique names [there's at least
> one other "Roland Perry", for example], are we to conclude that names
> aren't personal data?
I would say yes, unless you have other data that limits the scope. This is
a problem I've always had in understanding the consequences of the DPA (it
isn't my area of expertise by a long shot, I happily defer to better
informed opinion on the list).
A name is just an arbitrary label, and is not unique. You need further
information to scope it to a particular individual.
Which of the Roland Perrys of the world are you speaking of? Surely it all
depends on the context that you are investigating/requesting/whatever.
If an ISP or other org receives a request from the police for transaction
data relating to "Joe Bloggs", and the org has a number of subscribers
called "Joe Bloggs", what do they do? I guess they ask for more context or
specific data to better identify which Joe Bloggs the police are interested
in.
If the org only has one "Joe Bloggs" - well then even then, do the police
know, and have they stated, that this is a subscriber to the org? Maybe
they sent the same request for data about "Joe Bloggs" to all similar orgs
in a trawling expedition. I don't like to think about that.
For a SAR, the request is from an individual about themselves to a relevant
organisation, so it is better scoped. However, if I were Joe Bloggs and I
wanted to ask my electricity company for a copy of personal details, they
would probably want my customer number, because it is that which identifies
me, not my name. Or perhaps a match on my address would be sufficient.
Either way, the name on its own isn't sufficient, often, unless relevantly
scoped.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . Jethro R Binks Computing Officer, IT Services University Of Strathclyde,
Glasgow, UK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|