Hi! I'm not sure I can answer but I have had to deal with a similar situation for a London Borough library service that wanted to place contact details for local societies on their new web site. In this case the information usually consisted of name, home address and a telephone number. In a very few cases it also included an email address. Regarding whether another organisation can use the information for direct marketing purposes without reference back, justifying this by considering the data subject to have waived their rights by allowing their information to be published on the Web? - I don't know the legal answer but I would suggest that whatever the legal position it will be very difficult in practice to prevent this attitude from prevailing. You don't say what details would be placed on the sites but I seem to recall some 1995 CCTA guidelines that advised against the placing of personal details on web sites. I can see why details would be included in a site but suggest that you anonymise the data as best as possible, providing only the bare minimum contact details. Also I suggest that you ensure the individuals concerned have understood to what they are consenting i.e. they fully appreciate that placing their details on the Web makes them publicly and globally available. My solution was to provide only a title and club house address where possible rather than give personal details e.g. instead of Ms A Knight, ...home address etc.... we simply put The Secretary, Bishop's Chess Club together with the address of a regular meeting place if available or an email address if this didn't obviously identify the individual. Only if there was no other alternative or the individual agreed did we use a domestic address or home phone number. Although it may not have been completely satisfactory we hoped that this approach would still enable the club to be contacted by legitimately interested persons but allow an individual to retain some sort of anonymity! It also helped a with site maintenance since we weren't forever changing contact addresses as local society officials changed following each annual meeting! Regarding the second question "can the data controller of the internet database pass any data to another individual/organisation without obtaining consent from the data subject if the information is available in the "public domain" anyway i.e. the Internet?" When the information is originally provided it is for a purpose, which appears to be 'to enable other interested individuals to make legitimate contact'. To do so the information is place in a 'public domain' but this doesn't in itself remove ethical or legal responsibilities. To use the information for a purpose other than that for which it is provided is a breach of the second principle. Hope this is useful. I'm interested in the views/experience of others. regards, Kevin Broadfoot IS Adviser Business Link London North, 312 High Rd., Tottenham, London N15 4BN tel 020 8376 6262 fax 020 8376 623