There is an inherent flaw in this - most organisations are prepared to
change the rules to suit themselves. If the organisation is looking for
evidence of a misdemeanour (or crime) then back-ups will happily be
restored and days spent searching through the data. Conversely, when the
data subject says "can I see the information you hold about me", we
immediately say the information in back-ups is not accessible.
Now I'm not saying either action is wrong (since both have the weight of
law behind them), but it does seem unfair and possible even unjust.....
Donald Henderson
Information Security Manager
Perth & Kinross Council
-----Original Message-----
From: Tim Trent [mailto:[log in to unmask]]
Sent: 20 May 2004 17:05
To: [log in to unmask]
Subject: Re: [data-protection] New DPA case
I would suggest that a backup is not of itself a mechanism structured
for systematic retrieval of individual data elements. Thus the backup
per se is outwith the scope of the legislation. It is only when you
restore the backup that the data again is capable of systematic
retrieval.
Thoughts?
Tim Trent - Consultant
Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
email: [log in to unmask]
Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
United Kingdom, RG12 1BP http://www.marketingimprovement.com
This message is for the intended addressee's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mis-transmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of any such entity.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of ianwelton
Sent: Thursday, May 20, 2004 4:59 PM
To: [log in to unmask]
Subject: Re: [data-protection] New DPA case
Antoinette Carter on 20 May 2004 at 16:53 said:-
> What if, like us, you have moved
> your mail servers from one proprietary product to another. Would we
> really be required to reinstall our old mail server system just so
> that we could search through historic back-ups in order to respond to
> a DSAR? I think that would constitute disproportionate effort. I'd
> be grateful for anyone's thoughts on the subject.
During the change over, both systems may exist.
Afterwards why would you retain the back ups at all if it is a
disproportionate effort to access them? Clearly they are of little/no
use to the organisation.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Antoinette Carter
> Sent: 20 May 2004 16:53
> To: [log in to unmask]
> Subject: Re: New DPA case
>
>
> In truth, I agree with you. In practice, however, it would suit my
> own organisation's purpose very nicely to take the opposite view! I
> think that you could argue that the judgement ultimately relates to
> what might be considered "disproportionate effort". What if, like us,
> you have moved your mail servers from one proprietary product to
> another. Would we really be required to reinstall our old mail server
> system just so that we could search through historic back-ups in order
> to respond to a DSAR? I think that would constitute disproportionate
> effort. I'd be grateful for anyone's thoughts on the subject.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The information in this email is confidential and is meant solely for
the intended recipients. The information contained in this email may
not be the views of Perth & Kinross Council. It is possible for email
to be falsified and the sender cannot be held responsible for the
integrity of the information contained in it.
If you have received this email in error, any disclosure, copying, or
distribution of the information contained in it is strictly prohibited.
If you are not the intended recipient, please advise the sender
immediately and delete this email.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
