Ekin Caglar on 12 December 2002 at 09:28 said:-
[snip]
> Legally, data controller of the email should be the owner of the
> domain name
Does this mean that ISP's are the data controllers of all e-mail accounts
they hold?
That does seem to rather go against what ISP's have been stating for many
years.
> MyCompany.com and therefore should have a code of practice in
> place for the
> usage of email accounts created for individuals. I know some
> companies make
> their employees sign a contract before giving them an email
> address in order
> to get rid off the responsibility if the person decides to email
> his old pal
> Osama.
I agree where the e-mail address relates to an employee the situation is
more as you describe.
>
> But anyway, due to the nature of email accounts I explained
> above, they are
> potentially personal identifiers. Even when they don't identify a person
> directly, e.g. [log in to unmask], they can still be traced back to an
> individual given as the administrative or technical contact for
> MyCompany.com. And because of this, here at Sibilo, we use email
> accounts as
> a unique ID for people. If you are doing business with us, I only
> need your
> email to pull your and your organization's records.
>
> Regardless of being a personal or business email, an email is still a
> personal identifier and for me as good as a picture.
>
> But.... If this is the case, when a data subject access request
> is received,
> I should then collect all the emails exchanged within the company that
> includes the data subject's email address (might include
> "opinions"), which
> would then require a certain type of email system to be installed
> within the
> organization and none of the Outlook Express stuff. And there may be many
> many more complications from that point of view.
That does appear to be the case with e-mail addresses and certain mechanisms
are required (Even considering the difficulties).
Going back to the allocation/deletion of e-mail addresses, the views
expressed so far do not seem to deny the issue.
Unless somebody can come up with another angle?
Placing the text of e-mails within envelopes (encryption) as a normal course
of events would seem to mitigate significantly against the issue I raise.
Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
