I would tend to agree as personal data is defined as data which identifies a living individual from data in the possession of, or likely to come into the possession of, the data controller. Whilst email leaves a trail via IP numbers that trail crosses several data controller boundaries. When signing up to an ISP e.g Freeserve the user does not have to supply any personal details, simply sufficient responses to pass data validation tests. Freeserve does collect the telephone number via CLI which cannot be blocked if wishing to gain a working service but this will only be able to be positively linked to the subscriber of the telephone line assuming such data is accessible to freeserve. The telephone number could also be matched with an IP reference number which ultimately, given the right circumstances, trace a machine. The telephone subscriber however is not necessarily the email user. Similar arguments can arise with a paying service as the person paying may be different to the user. A data controller can assume information linkages to try to identify a living individual but risks breaching the DPA when getting assumptions wrong. If a persons identity could be accurately proved by data controllers via their email identity then one of the barriers to successful E-Commerce would be removed. As you point out information contained in the email may connect with other data in the possession of the data controller which can then identify the individual. Dave Wyatt ----- Original Message ----- From: <[log in to unmask]> To: <[log in to unmask]> Sent: Thursday, February 17, 2000 11:08 AM Subject: Re: E-mail advice and DPA > Anonymous e-mail does not constitute Personal Data unless the pseudonym is > held by the Data User in a separate place and the person can be identified > fully from that information. > If you retain anonymous information (for some reason?) then this is still > not Personal Data.. Obviously if an enquirer gives all the necessary > identification details, then this is Personal Data and will need to be > processed under the Act, with all considerations of security, length of > retention etc. Hope members agree? > > Roy Candy > DPO > Northampton General Hospital NHS Trust > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%