In message <[log in to unmask]>, at
20:08:55 on Thu, 2 Dec 2010, Graham Wilford <[log in to unmask]>
writes
>Recently an organisation sent me some information as part of a wider
>emailing and did not use bcc, meaning my address was opened to all.
>
>I did not provide permission to use the address but have recieved
>mailings before and they were fine. But now all the mailing list know
>my email.
That sort of thing happens all the time :(
Although your question is normally raised in the context of spammers
scraping addresses from websites, buying lists and so on, and whether that
activity is a breach of the Data Protection Principles.
I think it is a breach, because it's personal data) and both Elizabeth
France (when she was the Commissioner) and the Article 29 Committee
(consistently) agree with me.
I wrote a paper about this several years ago:
<http://www.apcomms.org.uk/apig/archive/activities-2003/spam-public-
enquiry/written-evidence-submitted-to-the-enquiry/rolandperryevidence.pdf>
Meanwhile, the context of the inappropriately-cc'd mass-mailing will
generally make it quite clear which "Graham Wilford" the email address
belongs to, should there be any initial ambiguity. And it goes without
saying that (looking at your email address above) even if the
[log in to unmask] part might be a little obscure, the "Graham
Wilford" part is caught red-handed.
In addition, as with the possibility that an IP address might be personal
data, there is "other data" which is often easily available, for example
by typing the address/domain into a browser bar, let alone a search
engine, and seeing what pops up.
Of course, in the case of cc: (rather than bcc:) mailing lists, this can
all be somewhat defused by obtaining informed consent from all the
parties, but I've rarely seen even attempts at that.
The problem for the data processor is "does he feel lucky" - or in other
words even if *some* of the addresses he publishes are not personal data
(because they are too obscure, or corporate role addresses etc) are *all*
of the addresses in that category? If not, he really does need to treat
the entire list of names with respect.
(That's a European thing; the USA-ians will often argue that the presence
of just one *non*-personal email address on such a list means the entire
list of names is tainted as non-personal, and can be thrown to the
wolves.)
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|