Tim Trent on 16 May 2005 at 13:12 said:-
> Help me out here:
>
> "1. Marketing will often be focused on a particular audience
> for a particular reason. Therefore it is strictly inclusive
> in context, excluding any who are not subject of that focus."
>
> I am unclear why this is a point of disagreement?
There is a need to interpret both of the example extracts in the context of
the previous paragraph of the same e-mail:
"To be fair I do not believe that is so. The argument you present appears
to incorporate only inclusion, where mine incorporates both inclusion and
exclusion within the DPA principled requirements."
>
> "2. The population targeted by the European DP Directive and
> the DPA 1998 are not excluded in their entirety, even when
> they are in breach of those principle requirements."
>
> I need this more simply worded, please?
>
But longer then:- The EU DP Directive and the DPA 1998 both seem to be
attempting to provide protection for every person in every circumstance of
personal data processing, therefore they attempt to be all inclusive, with
focused exclusions being the exception.
Having said that respect for privacy does seem to suffer consequentially and
a significant danger of an ever tightening framework exists. Hence my
original comments about the necessity for broad interpretations rather than
refined ones with a broad spread.
Many other laws, like many contracts attempt to be exclusionary, they
regulate by excluding persons/purposes/protections in focused circumstances.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 16 May 2005 13:12
> To: [log in to unmask]
> Subject: Re: Accuracy of records - 'Gone Away'
>
>
> Help me out here:
>
> "1. Marketing will often be focused on a particular audience
> for a particular reason. Therefore it is strictly inclusive
> in context, excluding any who are not subject of that focus."
>
> I am unclear why this is a point of disagreement?
>
> "2. The population targeted by the European DP Directive and
> the DPA 1998 are not excluded in their entirety, even when
> they are in breach of those principle requirements."
>
> I need this more simply worded, please?
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 16 May 2005 13:00
> To: [log in to unmask]
> Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
>
> Tim Trent on 16 May 2005 at 10:54 said:-
>
> > You see? I knew we agreed!
>
> To be fair I do not believe that is so. The argument you
> present appears to incorporate only inclusion, where mine
> incorporates both inclusion and exclusion within the DPA
> principled requirements.
>
> For example:-
>
> 1. Marketing will often be focused on a particular audience
> for a particular reason. Therefore it is strictly inclusive
> in context, excluding any who are not subject of that focus.
> 2. The population targeted by the European DP Directive and
> the DPA 1998 are not excluded in their entirety, even when
> they are in breach of those principle requirements.
>
> > Oh, by "Irrelevant" I mean and "should therefore be deleted
> forthwith
> > in accordance with the organisation's Data Deletion and Destruction
> > policy". A policy which almost never exists!
>
> I completely concur that a properly formulated weeding policy
> needs to exist and be correctly implemented for each purpose
> data is held.
>
> Ian W
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Tim Trent
> > Sent: 16 May 2005 10:54
> > To: [log in to unmask]
> > Subject: Re: Accuracy of records - 'Gone Away'
> >
> >
> > You see? I knew we agreed!
> >
> > Oh, by "Irrelevant" I mean and "should therefore be deleted
> forthwith
> > in accordance with the organisation's Data Deletion and Destruction
> > policy". A policy which almost never exists!
> >
> > An excellent example. And larger than life!
> >
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Ian Welton
> > Sent: 16 May 2005 10:41
> > To: [log in to unmask]
> > Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
> >
> > Tim Trent on 16 May 2005 at 08:56 said:-
> >
> > > If the purpose is simply "marketing purposes" then a gone away is
> > > irrelevant.
> >
> > If marketing purposes create irrelevancy then why would the data in
> > question be held?
> >
> > > If it is some form of contractual matter that data is
> exempt anyway
> > > (probably).
> >
> > At least where the assignee has agreed and the agreement is legally
> > valid, something which DPO's very rarely question, as contracts can
> > frequently be assumed to have originally been constructed after a
> > legal fashion and hence reflect legality and fairness to the data
> > subject(s) therefore making them DP compliant. A sort of DP risk
> > management which could end up entirely negating many of the DPA
> > purposes.
> >
> > > If it is some other (unspecified) purpose where address
> history is
> > > germane to the processing then it is Personal Data and may
> > be held if
> > > it is marked "prior address", or else the record is
> > incorrect and not
> > > held lawfully.
> >
> > There is no disagreement that all the principles require
> very careful
> > consideration to determine the accuracy of such a statement with
> > regard to the original purpose(s) of collection for any particular
> > part of a data set.
> >
> > > I may have a large body, but most of it is made up of
> food. I rarely
> > > wend my way round Nottingham, though :)
> >
> > As I understand it that is scientifically untrue as water forms the
> > greater part of any persons body, but as an example it was more
> > literally accurate than intended then. :)
> >
> > Ian W
> >
> > > -----Original Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]] On Behalf Of Tim Trent
> > > Sent: 16 May 2005 08:56
> > > To: [log in to unmask]
> > > Subject: Re: Accuracy of records - 'Gone Away'
> > >
> > >
> > > We return to the purpose of processing.
> > >
> > > If the purpose is simply "marketing purposes" then a gone away is
> > > irrelevant.
> > >
> > > If it is some form of contractual matter that data is
> exempt anyway
> > > (probably).
> > >
> > > If it is some other (unspecified) purpose where address
> history is
> > > germane to the processing then it is Personal Data and may
> > be held if
> > > it is marked "prior address", or else the record is
> > incorrect and not
> > > held lawfully.
> > >
> > > I may have a large body, but most of it is made up of
> food. I rarely
> > > wend my way round Nottingham, though :) -----Original
> > > Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]] On Behalf Of Ian Welton
> > > Sent: 14 May 2005 15:36
> > > To: [log in to unmask]
> > > Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
> > >
> > > Tim Trent on 13 May 2005 at 17:53 said:-
> > >
> > > > And that part is the point, Ian, and I am grateful to
> you. People
> > > > appear to be discussing this emotionally and with
> regard to what
> > > > people might do, as opposed to the definition of the data.
> > >
> > > We appear to agree about the importance of properly
> > interpreting and
> > > implementing the DPA definitions.
> > >
> > > Although the comment "and with regard to what people might
> > do" seems
> > > at odds with the DPA 1998 legal requirements to determine
> "purpose"
> > > when "processing" personal data, requiring as they do prior
> > > consideration of what people might 'do' with personal data, and
> > > ensuring "appropriate" security measures restrict use and
> > availability
> > > for the identified purpose(s).
> > >
> > > In DPA terms many of the strictly logical extensions have
> seemed to
> > > illustrate more of a purposeless based approach, possibly
> > reflective
> > > of the difficulties inherent in simply and humanely
> > handling purposes.
> > >
> > > > A name with an address that is not valid is not data that,
> > > of itself,
> > > > can identify a living individual. Ergo it is no longer
> > > subject to the
> > > > DPA 1998.
> > >
> > > If a name together with an invalid address could not be
> considered
> > > personal data it would be illogical for so many
> > organisations to go to
> > > such great lengths in recording, maintaining and holding invalid
> > > addresses. Those organisations would not be so careful in their
> > > processing of what, following some arguments, would be
> > invalid data,
> > > unless their intentions provide a purpose for those data
> holdings,
> > > like linking to living individuals, in which case the
> > invalid address
> > > data would seem to become personal data rather than a sort of
> > > uncontrolled data.
> > >
> > > Equally where an invalidity may arise because of a
> mistake within a
> > > living individuals record, that data would still be considered
> > > personal data under the DPA, otherwise there would be no need to
> > > provide that data in any s.7 response.
> > >
> > > Consider a name like "Mr large body of water wending its
> way around
> > > Nottingham". If that is thought to be invalid as a name,
> then it is
> > > not personal data, unless it is likely that any data
> > controller has or
> > > could obtain any necessary information to relate that data
> > to a living
> > > individual(s).
> > >
> > > It would seem that the mere intention to consider which living
> > > individual an invalid name or address could relate to would
> > make what
> > > was considered an invalid name or address personal data being
> > > processed for some purpose and subject to any applicable
> > > ethical/moral/legal considerations, and that any lack of
> intention
> > > merely defines a different set of constraining purpose(s),
> > or raises
> > > the question of any need for that data collection to exist.
> > >
> > >
> > > Ian W
> > >
> > > This e-mail and its contents are provided for the purposes of
> > > furthering knowledge about privacy and data protection and
> > should not
> > > be used or processed for any other purposes.
> > >
> > > > -----Original Message-----
> > > > From: This list is for those interested in Data
> Protection issues
> > > > [mailto:[log in to unmask]] On Behalf Of Tim Trent
> > > > Sent: 13 May 2005 17:53
> > > > To: [log in to unmask]
> > > > Subject: Re: Accuracy of records - 'Gone Away'
> > > >
> > > >
> > > > And that part is the point, Ian, and I am grateful to
> you. People
> > > > appear to be discussing this emotionally and with
> regard to what
> > > > people might do, as opposed to the definition of the data.
> > > >
> > > > A name with an address that is not valid is not data that,
> > > of itself,
> > > > can identify a living individual. Ergo it is no longer
> > > subject to the
> > > > DPA 1998.
> > > >
> > > > That does not remove any duty of care we may have over
> > > removing that
> > > > record from the database properly
> > > >
> > > > -----Original Message-----
> > > > From: This list is for those interested in Data
> Protection issues
> > > > [mailto:[log in to unmask]] On Behalf Of Ian Welton
> > > > Sent: 13 May 2005 15:52
> > > > To: [log in to unmask]
> > > > Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
> > > >
> > > > Chris Brogan on 13 May 2005 at 15:42 said:-
> > > >
> > > > > I cannot agree with you. Just because the person has left
> > > > the address
> > > > > they havent ceased to exist.
> > > >
> > > > The debate seems to revolve around "any data in the
> > > possession of or
> > > > likely to come into the possession of the data controller"
> > > when linked
> > > > to the "data controller" definition.
> > > >
> > > > If it is likely or possible that the data subject can be
> > > identified by
> > > > the data controller, the data remains personal data.
> > > >
> > > > Ian W
> > > >
> > > > > -----Original Message-----
> > > > > From: This list is for those interested in Data
> > Protection issues
> > > > > [mailto:[log in to unmask]] On Behalf Of
> > Chris Brogan
> > > > > Sent: 13 May 2005 15:42
> > > > > To: [log in to unmask]
> > > > > Subject: Re: Accuracy of records - 'Gone Away'
> > > > >
> > > > >
> > > > > Tim,
> > > > > I cannot agree with you. Just because the person has left
> > > > the address
> > > > > they havent ceased to exist. If he owes you money you are
> > > probably
> > > > > going to track him down. The information you hold on him
> > > > will help you
> > > > > to do so. It is big business tracking down "Gone Aways".
> > > Credit Card
> > > > > Companies, Mail Order Companies etc spend a fortune
> on it. The
> > > > > credit agencies have dedicated `databases to assist
> in locating
> > > > > "Gone Aways". The information Commissioner issued a code
> > > of practice
> > > > > many years ago dealing with the functions of Tracing
> > > Agencies. The
> > > > > Information Commissioner has actively targeted agencies
> > > that track
> > > > > down absconders because of the methods that they use. An
> > > absconder
> > > > > was once located because the agent knew he had a dog
> > > called Spikins.
> > > > > There are numerous cases of a similar nature.
> > > > >
> > > > > Chris Brogan
> > > > > www.securitysi.com
> > > > >
> > > > > ________________________________
> > > > >
> > > > > From: This list is for those interested in Data Protection
> > > > issues on
> > > > > behalf of Tim Trent
> > > > > Sent: Fri 13/05/2005 15:15
> > > > > To: [log in to unmask]
> > > > > Subject: Re: Accuracy of records - 'Gone Away'
> > > > >
> > > > >
> > > > >
> > > > > I disagree.
> > > > >
> > > > > Tim Trent at "Old address, old company" or "Old house, Old
> > > > Street, Old
> > > > > Town", is not sufficient data, even with other data
> > > > reasonably held,
> > > > > to identify a living individual. It identifies what is
> > now a non
> > > > > existent individual. You are wise to counsel caution, of
> > > > course, but
> > > > > this record cannot identify Tim Trent.
> > > > >
> > > > > -----Original Message-----
> > > > > From: This list is for those interested in Data
> > Protection issues
> > > > > [mailto:[log in to unmask]] On Behalf Of
> > Roland Perry
> > > > > Sent: 13 May 2005 14:40
> > > > > To: [log in to unmask]
> > > > > Subject: Re: [data-protection] Accuracy of records -
> 'Gone Away'
> > > > >
> > > > > In message
> > > > > <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAh8IWNoVXQESwWr
> > > > > gvRgp6R8KAA
> > > > > [log in to unmask]>,
> > > > > at 13:54:23 on Fri, 13 May 2005, Tim Trent
> > > > > <[log in to unmask]> writes
> > > > > >Someone who is a "gone away" is precisely that and the
> > > > record is no
> > > > > >longer capable of identifying a living individual
> > > > >
> > > > > You might not have their current address, but there will
> > > be enough
> > > > > information to *identify* the person. Don't confuse
> > > > identifying them
> > > > > with being able to locate them this week.
> > > > > --
> > > > > Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|