Ekin Caglar on 12 December 2002 at 09:28 said:- [snip] > Legally, data controller of the email should be the owner of the > domain name Does this mean that ISP's are the data controllers of all e-mail accounts they hold? That does seem to rather go against what ISP's have been stating for many years. > MyCompany.com and therefore should have a code of practice in > place for the > usage of email accounts created for individuals. I know some > companies make > their employees sign a contract before giving them an email > address in order > to get rid off the responsibility if the person decides to email > his old pal > Osama. I agree where the e-mail address relates to an employee the situation is more as you describe. > > But anyway, due to the nature of email accounts I explained > above, they are > potentially personal identifiers. Even when they don't identify a person > directly, e.g. [log in to unmask], they can still be traced back to an > individual given as the administrative or technical contact for > MyCompany.com. And because of this, here at Sibilo, we use email > accounts as > a unique ID for people. If you are doing business with us, I only > need your > email to pull your and your organization's records. > > Regardless of being a personal or business email, an email is still a > personal identifier and for me as good as a picture. > > But.... If this is the case, when a data subject access request > is received, > I should then collect all the emails exchanged within the company that > includes the data subject's email address (might include > "opinions"), which > would then require a certain type of email system to be installed > within the > organization and none of the Outlook Express stuff. And there may be many > many more complications from that point of view. That does appear to be the case with e-mail addresses and certain mechanisms are required (Even considering the difficulties). Going back to the allocation/deletion of e-mail addresses, the views expressed so far do not seem to deny the issue. Unless somebody can come up with another angle? Placing the text of e-mails within envelopes (encryption) as a normal course of events would seem to mitigate significantly against the issue I raise. Ian W ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^