JISCMail - DATA-PROTECTION Archives

An e-mail address is not a single item of information. In the same way
that a home address is more than one item of information, while it may
easy to view it as such, it is in fact made up of more than one element.
The e-mail address is two pieces of information - a unique id for the
account and then a domain name.

>>> davidwyatt <[log in to unmask]> 06/16/04 12:03am >>>
OK Charles Im bored again

I don't dispute an email address should be unique thats an IT system
perspective. However human error shows this is not always true.
However giving the drafting of the Act a single item of information on
its
own cannot be personal data (data being plural) so arguing an email
address
is personal data is false. Even a 'name' on its own is not personal
data but
simply a datum. How can a name be proved unique?

Moving swiftly on to the element of the definition 'data which may come
into
the possession of the data controller'. If your data is not uniquely
identifiable in the first place how can you be sure you have a correct
match
with third party data sources even if you can lawfully have access
their
data. e.g  J Smith = J Smith  or email address = email address?  I
accept
that many matching processes are more sophisticated than this but many
also
have errors in assumption. The risks from data mismatch and sharing
were
drivers for granting individuals legislative rights in respect personal
data
processing transparency and access.(But balancing the access right via
drafting with a discretion given to judges to overule access rights
aka
Durant)

Then theres a question of lawful disclosures to allow data to be
shared.
Leaving aside criminal investigations or stautory obligation, is the
lawful
means of obtaining personal data from sources other than the data
subject as
common as we may believe. Im not aware of any controller who has
advised me
when collecting data from me it will disclose to anyone who asks.
Certainly
not my ISP who manages my subscriber details and can connect such data
with
my email addresses.

All the above are technical arguments but are possible as avenues of
exploration in disputes.

In practice however DPA compliance boils down to simply a risk
assessment
exercise by each controller.

Can I have a subject access by email now? ;-)
ZZZZZZZZZzzzzzzzzzzzzzzz
sleep.

David Wyatt


----- Original Message -----
From: "Charles Christacopoulos" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, June 08, 2004 1:31 PM
Subject: Re: [data-protection] Email address is personal data?


** Reply to note from Tony Bowden <[log in to unmask]>         Tue, 8 Jun
2004
13:12:26 +0100


> > "[log in to unmask]" is sufficient to identify me
whereas
> > "enquiries@.." is not.
>
> What if multiple people in the same company have the same name?

I think David Wyatt was bored last night

The email address will be still unique.  So if you have a J(ohn) Smith
who
is at
marketing and  a J(oanne) Smith at manufacturing the email system will
have
to be
able to separate them.  In our case we add extra initials, others may
use
subdomains etc.

Unless one of the very basics of the act has fallen on its head, ie.
that
personal
data are any information which can be used to identify a living
individual
which
and which is in the posession or may come in the posession of the data
controller.

So even if one does not know who [log in to unmask] is ... if together
with
other information it can be used to identify a living individual then
it is
personal
data.

My point is that in most instances an email address will be personal
data
EVEN if
it does not show a person's actual name on it.

The exception to the rule would be the so called generic addresses,
eg.
[log in to unmask] which could be answer by a team of people ... and if
the
responses do not include the sales person personal details.

Charles


--
Charles Christacopoulos, Management Information Officer,
Planning & Information, University of Dundee, Dundee, DD1 4HN,
Scotland, United Kingdom. Tel: 44(0)1382-344891. Fax:
44(0)1382-348845.
http://www.somis.dundee.ac.uk/ ::egothor http://www.egothor.org/

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^