Further to previous response the mail archive scenario is discussed at some length in the ICO guidance on disproportionate effort : http://tinyurl.com/6wxch83 . Note however :
1. The guidance does not really consider whether the info in the emails really is personal data in the Durant sense.
2. It takes a very limited view of the Ezsias case - it rubbishes the argument that reasonable and proportionate can be applied to search and location. However note the recent Elliot v Lloyds Bank case discussed on the Panopticon blog which says "Mr Elliott relied on guidance published by the Information Commissioner...Lloyds argued that this was not the correct approach and that, following Ezsias v Welsh Ministers [2007] All ER (D) 65, it was not obliged under the DPA to conduct a search requiring unreasonable or disproportionate effort. Lloyds further contended that, to the extent that the Commissioner’s guidance took a different view of the principles approved in Ezsias, the guidance was wrong and ought not to be followed. Lloyds argued that it would be disproportionate to conduct the further searches demanded by Mr Elliott. The judge accepted Lloyds’ case on the disproportionate effort issue. He agreed that the further searches sought by Mr Elliott were disproportionate and, hence, were not required under the DPA." http://tinyurl.com/7zeyrsf
As the blog points out it remains to be seen whether ICO will revise his guidance in the light of this new judgement. For my part whilst I understand the strict interpretation of s8(2) which the ICO takes, it also ignores the thrust of the Court of Appeal in Durant that the purpose of an SAR is to check whether the data controller's processing of the data unlawfully infringes the data subject's privacy and is not "an automatic key to any information, readily accessible
or not, of matters in which he may be named or involved". Someone's privacy is only minimally infringed, if at all, if the data is only held on system recovery back-ups of the type described and not, in practice, accessible to anyone.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|