> Any other such processing is unfair processing.
Unless processing is conducted under any of the exemptions, and further
exemptions are not claimed for data already being processed under an
exemption, or the fair obtaining principle is not treated very seriously.
I do not believe there is any mandatory requirement to inform data subjects
which exemptions their data may be disclosed under or the circumstances/how
that disclosure may take place. For various reasons such information more
often seems to be restricted to CoP's than being included within many fair
obtaining notices, and on many occasions the only indication is some form of
broadly worded disclosure entry within a very broadly focused notification.
How many overt limitations exist to control exempt data once an initial
exempt disclosure is made? Certainly on the surface any data subject
protections can effectively be lost once the data enters the official
sphere. Opt out, suppression or exclusion lists would appear particularly
vulnerable to that issue.
Without other regulative requirements the only controlling influence would
seem to be any requirement for a case by case disclosure of exempt data
which is adequate relevant and not excessive for the purpose driving any
required exemption.
Of course any data matching conducted for exempt type purposes would
completely undermine such a control and negate many of the original drivers
for data protection legislation; which then creates a puzzle as to how any
state widely practicing that can effectively be protecting the privacy of
their subjects/citizens as required by international obligations.
Maybe reliance is placed on perceptions of an everlasting benign state or
that in such areas there appears to be very little risk of action
successfully being taken.
Ian w
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 24 March 2006 23:42
> To: [log in to unmask]
> Subject: Re: Opt out lists
>
>
> When you place a data subject on an opt out, suppression or
> exclusion list you need to inform them of this and the
> purpose for so processing the data.
>
> Any other such processing is unfair processing.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 24 March 2006 17:08
> To: [log in to unmask]
> Subject: Re: [data-protection] Opt out lists
>
> > Otherwise what do you have in mind?
>
> The issue raised was in the sense of collating a number of
> opt-out lists together, matching them against each other and
> any other verifiable data source, say the publicly available
> voters register, to identify all those persons whom think
> they may be at risk.
>
> Of course also matching against lists of employees from known
> at risk occupations would enable further refinement or focus.
>
> Whilst a recommendation of best practice to match data could
> well be of benefit in specific circumstances, in others that
> practice could be a very serious risk.
>
> Given the historicity of the recognised potentiality for
> compromise, apparently merely hoping for the best, without
> any fully open and recognised debate (with its own inherent
> problems) rather seems to be avoiding more than addressing
> the issues. Unless organisations are providing support only
> as necessary in order to achieve some privacy in the
> mechanisms employed.
>
> Having different identities in specific spheres seems an
> obviously logical method of addressing the issues by
> providing possibilities for opt outs with less risk. For
> some reason though officially there is apparently much
> resistance to such ideas.
>
> Muddy waters all around so somehow people are achieving what
> they perceive as an acceptable degree of privacy for whatever
> purpose(s) they require it.
>
> My specific interest stems from considerations of the
> underlying issues surrounding that mixed situation.
>
> Ian W
>
>
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Tim Trent
> > Sent: 24 March 2006 15:28
> > To: [log in to unmask]
> > Subject: Re: Opt out lists
> >
> >
> > See below:
> >
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Ian Welton
> > Sent: 24 March 2006 13:40
> > To: [log in to unmask]
> > Subject: [data-protection] Opt out lists
> >
> > Are opt out lists held by organisations to prevent a data subject's
> > data being processed by that organisation available for
> enquiry using
> > any of the exemptions?
> >
> > >>A SAR should deliver all such items to the data subject. The list
> > >>must be
> > available at data take-on time to be queried against.
> Otherwise what
> > do you have in mind?
> >
> > What if any restrictions exist to prevent fishing trips of those
> > lists?
> >
> > >>Policies and procedures must be in place including HR based
> > sanctions
> > >>to
> > outlaw such things
> >
> > The reason for the enquiry is historically based upon a source for
> > official unease about opt out lists being that they would identify
> > persons whom may consider themselves to be at significant risk, and
> > conducting data matching exercises upon the lists could
> fairly easily
> > identify those individuals.
> >
> > >>Elizabeth France considered them to be a best Practice
> >
> > Also, considered from the same risk angle, should security measures
> > for those lists be generally aligned with the original database
> > security, or should there be a higher level of security applied to
> > them.
> >
> > >>The level should be congruent with the data (or implied data) that
> > >>they
> > contain
> >
> > Ian W
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.6/288 - Release Date: 3/22/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|