An e-mail address is not a single item of information. In the same way that a home address is more than one item of information, while it may easy to view it as such, it is in fact made up of more than one element. The e-mail address is two pieces of information - a unique id for the account and then a domain name. >>> davidwyatt <[log in to unmask]> 06/16/04 12:03am >>> OK Charles Im bored again I don't dispute an email address should be unique thats an IT system perspective. However human error shows this is not always true. However giving the drafting of the Act a single item of information on its own cannot be personal data (data being plural) so arguing an email address is personal data is false. Even a 'name' on its own is not personal data but simply a datum. How can a name be proved unique? Moving swiftly on to the element of the definition 'data which may come into the possession of the data controller'. If your data is not uniquely identifiable in the first place how can you be sure you have a correct match with third party data sources even if you can lawfully have access their data. e.g J Smith = J Smith or email address = email address? I accept that many matching processes are more sophisticated than this but many also have errors in assumption. The risks from data mismatch and sharing were drivers for granting individuals legislative rights in respect personal data processing transparency and access.(But balancing the access right via drafting with a discretion given to judges to overule access rights aka Durant) Then theres a question of lawful disclosures to allow data to be shared. Leaving aside criminal investigations or stautory obligation, is the lawful means of obtaining personal data from sources other than the data subject as common as we may believe. Im not aware of any controller who has advised me when collecting data from me it will disclose to anyone who asks. Certainly not my ISP who manages my subscriber details and can connect such data with my email addresses. All the above are technical arguments but are possible as avenues of exploration in disputes. In practice however DPA compliance boils down to simply a risk assessment exercise by each controller. Can I have a subject access by email now? ;-) ZZZZZZZZZzzzzzzzzzzzzzzz sleep. David Wyatt ----- Original Message ----- From: "Charles Christacopoulos" <[log in to unmask]> To: <[log in to unmask]> Sent: Tuesday, June 08, 2004 1:31 PM Subject: Re: [data-protection] Email address is personal data? ** Reply to note from Tony Bowden <[log in to unmask]> Tue, 8 Jun 2004 13:12:26 +0100 > > "[log in to unmask]" is sufficient to identify me whereas > > "enquiries@.." is not. > > What if multiple people in the same company have the same name? I think David Wyatt was bored last night The email address will be still unique. So if you have a J(ohn) Smith who is at marketing and a J(oanne) Smith at manufacturing the email system will have to be able to separate them. In our case we add extra initials, others may use subdomains etc. Unless one of the very basics of the act has fallen on its head, ie. that personal data are any information which can be used to identify a living individual which and which is in the posession or may come in the posession of the data controller. So even if one does not know who [log in to unmask] is ... if together with other information it can be used to identify a living individual then it is personal data. My point is that in most instances an email address will be personal data EVEN if it does not show a person's actual name on it. The exception to the rule would be the so called generic addresses, eg. [log in to unmask] which could be answer by a team of people ... and if the responses do not include the sales person personal details. Charles -- Charles Christacopoulos, Management Information Officer, Planning & Information, University of Dundee, Dundee, DD1 4HN, Scotland, United Kingdom. Tel: 44(0)1382-344891. Fax: 44(0)1382-348845. http://www.somis.dundee.ac.uk/ ::egothor http://www.egothor.org/ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^