Richard's suggestion did not work for an FOISA case which asked for the
number of sex offenders in areas in first 4 chars of Glasgow Postcode; that
was deemed to be personal data
Please look at the ANONYMISATION CODE OF PRACTICE that covers this subject;
identification by the Recipient has to be "remote".
This Code to discussed at our update session in April
(http://www.amberhawk.com/uploads/Brochures/Amber_Update%2015%20April%202013
.pdf)
C
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Richard Hopkins
Sent: 10 January 2013 15:21
To: [log in to unmask]
Subject: Re: [data-protection] Addresses being personal data
Re postcodes, there's this from the ICO...
<http://www.ico.gov.uk/foikb/PolicyLines/FOIPolicyAnonymisingpostcodes.htm>
I'm sure that I've previously read somewhere that omitting the last part of
the "inbound" part was sufficient.
e.g. For "BS8 1UD" (my work postcode), "BS8 1" would be sufficiently
anonymous.
Cheers,
Richard
--On 10 January 2013 14:31 +0000 Simon Howarth <[log in to unmask]>
wrote:
> I always advise that the entire postcode should be considered personal
> data unless it can be satisfactorily proven otherwise. There are a
> great many rural postcodes that have only one or two abodes which
> means that identification is made easy. Even with half a dozen houses
> in a road, you have to be sure that there are enough people that small
> numbers does not come into play. It all amounts to disproportionate effort
in most cases.
>
>
>
> In the case of my example "SH" - Michael is right that it could be
> personal data. However, the example was meant in isolation and may
> well be a bad one, don't let that red herring deflect from the real
question.
> Sorry for my lack of exampular (new word? You heard it here first)
> thought.
>
>
>
> Simon.
>
>
>
>
>
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ray Cooke
> Sent: 10 January 2013 11:42
> To: [log in to unmask]
> Subject: Re: [data-protection] Addresses being personal data
>
>
>
> On the post code issue. I had to consider release of a spreadsheet
> containing answers to survey questions with postcodes but no names.
>
>
>
> So I did some checks myself and found that just using an
> unsophisticated internet search, without subscribing to any service,
> it took me about 20 minutes to identify a postcode with only two
> addresses and from that to identify the individual who had been
> surveyed and tie that identity to a whole host of their personal data.
>
>
>
> I declined to release the data on the basis that the postcodes could
> identify specific individuals.
>
>
>
>
> Ray Cooke
> Information Compliance Officer
> Oxford Brookes University
> Oxford Brookes Information Solutions
> Headington Campus
> Gipsy Lane
> Oxford, OX3 0BP
>
> tel: +44 (0)1865 484354 <tel:%2B44%20%280%291865%20484354>
> fax: +44 (0)1865 483330 <tel:%2B44%20%280%291865%20483330>
>
> www.brookes.ac.uk
>
>
>
> On 10 January 2013 10:27, Grimbaldus <[log in to unmask]> wrote:
>
> Taking Simon's argument further, if it is obvious from the content of
> the email that "SH" is Simon Howarth, perhaps by reference to an
> activity performed by Simon, then that email surely constitutes Personal
Data.
>
> This discussion begs a number of related questions:
>
> 1) If the subject refers to "SH" and it is (as) obvious from other
> emails in the thread that this is Simon, does that email not constitute
PD?
>
> 2) In such a situation, does the entire thread constitute PD?
>
> [Subject, of course, to the mainstream tests.]
>
> It will probably be necessary to read each email to determine this,
> which leads to question (3).
>
> 3) I have a situation at the moment where the Data Subject, an
> ex-employee, has requested those Personal Data in emails, including
> emails sent and received by themselves. Their Inbox and Sent mailbox
> contain over 10,000 emails. Because of limitations in the
> configuration of the email system itself, it is impractical to search
> through this number for the myriad content /subject references. The
> emails are likely to contain commercially-sensitive information which
> is not PD, and which we would not wish to supply. Further, the emails
> contain innumerable references to other parties.
>
> My current thoughts range among:
>
> a) inviting the DS in to read the file, with the stipulation either
> that notes cannot be taken or that any notes must be vetted before
> being taken away.
>
> b) claiming an exemption to supply under s8(2) by reason of
> disproportionate effort;
>
> c) asking the DS to identify the correspondents with whom their PD
> would have been included in emails (e.g. HR), but that would have to
> be named individuals or specific mailboxes. In and of itself, this
> raises an issue of identifying an email from DS to another (or vv) in
> which some 'of the moment' biographical data was cited, e.g. "I'm in
> the office now if you want to call."
>
> Has anyone faced this challenge and what did ('would' for those who
> haven't) you do?
>
> Interestingly, the advice on disproportionate effort given by the ICO
> Helpline followed Durrant, /Ezsias/Elliott rather than the Code of
> Practice and established ICO interpretation of s8(2).
>
> 4) Staying with addresses, but turning to postal ones, what of a Post
> Code? Clearly, in the vast majority of instances a Post Code is not
> PD, but it could refer to a single property with single occupancy. An
> LA might be able to identify that situation, but it is highly unlikely
> that
> (say) a retailer will have such information in their possession, or
> even be able to get it.
>
> So, to borrow a phrase, does the panel think that any Post Code need
> not be treated as PD *if* the Data Controller has no (easy) way to
> confirm the number of properties covered and the occupancy of those?
>
> It is clear from the posts on here that there is a world of difference
> between the ordered, detailed information held by public sector bodies
> about their 'customers' and the less-ordered, and variably dimensioned
> and formatted data held about customers in the retail sector.
>
> Many thx - Michael
>
>
> <snip>
>
> _____
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user
> commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the
> list owner [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
Richard
http://www.bris.ac.uk/infosec
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|