Tim Trent on 16 May 2005 at 10:54 said:-
> You see? I knew we agreed!
To be fair I do not believe that is so. The argument you present appears to
incorporate only inclusion, where mine incorporates both inclusion and
exclusion within the DPA principled requirements.
For example:-
1. Marketing will often be focused on a particular audience for a particular
reason. Therefore it is strictly inclusive in context, excluding any who
are not subject of that focus.
2. The population targeted by the European DP Directive and the DPA 1998 are
not excluded in their entirety, even when they are in breach of those
principle requirements.
> Oh, by "Irrelevant" I mean and "should therefore be deleted
> forthwith in accordance with the organisation's Data Deletion
> and Destruction policy". A policy which almost never exists!
I completely concur that a properly formulated weeding policy needs to exist
and be correctly implemented for each purpose data is held.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 16 May 2005 10:54
> To: [log in to unmask]
> Subject: Re: Accuracy of records - 'Gone Away'
>
>
> You see? I knew we agreed!
>
> Oh, by "Irrelevant" I mean and "should therefore be deleted
> forthwith in accordance with the organisation's Data Deletion
> and Destruction policy". A policy which almost never exists!
>
> An excellent example. And larger than life!
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 16 May 2005 10:41
> To: [log in to unmask]
> Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
>
> Tim Trent on 16 May 2005 at 08:56 said:-
>
> > If the purpose is simply "marketing purposes" then a gone away is
> > irrelevant.
>
> If marketing purposes create irrelevancy then why would the
> data in question be held?
>
> > If it is some form of contractual matter that data is exempt anyway
> > (probably).
>
> At least where the assignee has agreed and the agreement is
> legally valid, something which DPO's very rarely question, as
> contracts can frequently be assumed to have originally been
> constructed after a legal fashion and hence reflect legality
> and fairness to the data subject(s) therefore making them DP
> compliant. A sort of DP risk management which could end up
> entirely negating many of the DPA purposes.
>
> > If it is some other (unspecified) purpose where address history is
> > germane to the processing then it is Personal Data and may
> be held if
> > it is marked "prior address", or else the record is
> incorrect and not
> > held lawfully.
>
> There is no disagreement that all the principles require very
> careful consideration to determine the accuracy of such a
> statement with regard to the original purpose(s) of
> collection for any particular part of a data set.
>
> > I may have a large body, but most of it is made up of food.
> > I rarely wend my way round Nottingham, though :)
>
> As I understand it that is scientifically untrue as water
> forms the greater part of any persons body, but as an example
> it was more literally accurate than intended then. :)
>
> Ian W
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Tim Trent
> > Sent: 16 May 2005 08:56
> > To: [log in to unmask]
> > Subject: Re: Accuracy of records - 'Gone Away'
> >
> >
> > We return to the purpose of processing.
> >
> > If the purpose is simply "marketing purposes" then a gone away is
> > irrelevant.
> >
> > If it is some form of contractual matter that data is exempt anyway
> > (probably).
> >
> > If it is some other (unspecified) purpose where address history is
> > germane to the processing then it is Personal Data and may
> be held if
> > it is marked "prior address", or else the record is
> incorrect and not
> > held lawfully.
> >
> > I may have a large body, but most of it is made up of food.
> > I rarely wend my way round Nottingham, though :) -----Original
> > Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Ian Welton
> > Sent: 14 May 2005 15:36
> > To: [log in to unmask]
> > Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
> >
> > Tim Trent on 13 May 2005 at 17:53 said:-
> >
> > > And that part is the point, Ian, and I am grateful to you. People
> > > appear to be discussing this emotionally and with regard to what
> > > people might do, as opposed to the definition of the data.
> >
> > We appear to agree about the importance of properly
> interpreting and
> > implementing the DPA definitions.
> >
> > Although the comment "and with regard to what people might
> do" seems
> > at odds with the DPA 1998 legal requirements to determine "purpose"
> > when "processing" personal data, requiring as they do prior
> > consideration of what people might 'do' with personal data, and
> > ensuring "appropriate" security measures restrict use and
> availability
> > for the identified purpose(s).
> >
> > In DPA terms many of the strictly logical extensions have seemed to
> > illustrate more of a purposeless based approach, possibly
> reflective
> > of the difficulties inherent in simply and humanely
> handling purposes.
> >
> > > A name with an address that is not valid is not data that,
> > of itself,
> > > can identify a living individual. Ergo it is no longer
> > subject to the
> > > DPA 1998.
> >
> > If a name together with an invalid address could not be considered
> > personal data it would be illogical for so many
> organisations to go to
> > such great lengths in recording, maintaining and holding invalid
> > addresses. Those organisations would not be so careful in their
> > processing of what, following some arguments, would be
> invalid data,
> > unless their intentions provide a purpose for those data holdings,
> > like linking to living individuals, in which case the
> invalid address
> > data would seem to become personal data rather than a sort of
> > uncontrolled data.
> >
> > Equally where an invalidity may arise because of a mistake within a
> > living individuals record, that data would still be considered
> > personal data under the DPA, otherwise there would be no need to
> > provide that data in any s.7 response.
> >
> > Consider a name like "Mr large body of water wending its way around
> > Nottingham". If that is thought to be invalid as a name, then it is
> > not personal data, unless it is likely that any data
> controller has or
> > could obtain any necessary information to relate that data
> to a living
> > individual(s).
> >
> > It would seem that the mere intention to consider which living
> > individual an invalid name or address could relate to would
> make what
> > was considered an invalid name or address personal data being
> > processed for some purpose and subject to any applicable
> > ethical/moral/legal considerations, and that any lack of intention
> > merely defines a different set of constraining purpose(s),
> or raises
> > the question of any need for that data collection to exist.
> >
> >
> > Ian W
> >
> > This e-mail and its contents are provided for the purposes of
> > furthering knowledge about privacy and data protection and
> should not
> > be used or processed for any other purposes.
> >
> > > -----Original Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]] On Behalf Of Tim Trent
> > > Sent: 13 May 2005 17:53
> > > To: [log in to unmask]
> > > Subject: Re: Accuracy of records - 'Gone Away'
> > >
> > >
> > > And that part is the point, Ian, and I am grateful to you. People
> > > appear to be discussing this emotionally and with regard to what
> > > people might do, as opposed to the definition of the data.
> > >
> > > A name with an address that is not valid is not data that,
> > of itself,
> > > can identify a living individual. Ergo it is no longer
> > subject to the
> > > DPA 1998.
> > >
> > > That does not remove any duty of care we may have over
> > removing that
> > > record from the database properly
> > >
> > > -----Original Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]] On Behalf Of Ian Welton
> > > Sent: 13 May 2005 15:52
> > > To: [log in to unmask]
> > > Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
> > >
> > > Chris Brogan on 13 May 2005 at 15:42 said:-
> > >
> > > > I cannot agree with you. Just because the person has left
> > > the address
> > > > they havent ceased to exist.
> > >
> > > The debate seems to revolve around "any data in the
> > possession of or
> > > likely to come into the possession of the data controller"
> > when linked
> > > to the "data controller" definition.
> > >
> > > If it is likely or possible that the data subject can be
> > identified by
> > > the data controller, the data remains personal data.
> > >
> > > Ian W
> > >
> > > > -----Original Message-----
> > > > From: This list is for those interested in Data
> Protection issues
> > > > [mailto:[log in to unmask]] On Behalf Of
> Chris Brogan
> > > > Sent: 13 May 2005 15:42
> > > > To: [log in to unmask]
> > > > Subject: Re: Accuracy of records - 'Gone Away'
> > > >
> > > >
> > > > Tim,
> > > > I cannot agree with you. Just because the person has left
> > > the address
> > > > they havent ceased to exist. If he owes you money you are
> > probably
> > > > going to track him down. The information you hold on him
> > > will help you
> > > > to do so. It is big business tracking down "Gone Aways".
> > Credit Card
> > > > Companies, Mail Order Companies etc spend a fortune on it. The
> > > > credit agencies have dedicated `databases to assist in locating
> > > > "Gone Aways". The information Commissioner issued a code
> > of practice
> > > > many years ago dealing with the functions of Tracing
> > Agencies. The
> > > > Information Commissioner has actively targeted agencies
> > that track
> > > > down absconders because of the methods that they use. An
> > absconder
> > > > was once located because the agent knew he had a dog
> > called Spikins.
> > > > There are numerous cases of a similar nature.
> > > >
> > > > Chris Brogan
> > > > www.securitysi.com
> > > >
> > > > ________________________________
> > > >
> > > > From: This list is for those interested in Data Protection
> > > issues on
> > > > behalf of Tim Trent
> > > > Sent: Fri 13/05/2005 15:15
> > > > To: [log in to unmask]
> > > > Subject: Re: Accuracy of records - 'Gone Away'
> > > >
> > > >
> > > >
> > > > I disagree.
> > > >
> > > > Tim Trent at "Old address, old company" or "Old house, Old
> > > Street, Old
> > > > Town", is not sufficient data, even with other data
> > > reasonably held,
> > > > to identify a living individual. It identifies what is
> now a non
> > > > existent individual. You are wise to counsel caution, of
> > > course, but
> > > > this record cannot identify Tim Trent.
> > > >
> > > > -----Original Message-----
> > > > From: This list is for those interested in Data
> Protection issues
> > > > [mailto:[log in to unmask]] On Behalf Of
> Roland Perry
> > > > Sent: 13 May 2005 14:40
> > > > To: [log in to unmask]
> > > > Subject: Re: [data-protection] Accuracy of records - 'Gone Away'
> > > >
> > > > In message
> > > > <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAh8IWNoVXQESwWr
> > > > gvRgp6R8KAA
> > > > [log in to unmask]>,
> > > > at 13:54:23 on Fri, 13 May 2005, Tim Trent
> > > > <[log in to unmask]> writes
> > > > >Someone who is a "gone away" is precisely that and the
> > > record is no
> > > > >longer capable of identifying a living individual
> > > >
> > > > You might not have their current address, but there will
> > be enough
> > > > information to *identify* the person. Don't confuse
> > > identifying them
> > > > with being able to locate them this week.
> > > > --
> > > > Roland Perry
> > > >
> > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > All archives of messages are stored permanently and are
> > > > available to the world wide web community at large at
> > > > http://www.jiscmail.ac.uk/lists/data-protection.html
> > > > If you wish to leave this list please send the command
> > > > leave data-protection to [log in to unmask]
> > > > All user commands can be found at : -
> > > > http://www.jiscmail.ac.uk/help/commandref.htm
> > > > Any queries about sending or receiving message please send
> > > to the list
> > > > owner
> > > > [log in to unmask]
> > > > (all commands go to [log in to unmask] not the
> list please)
> > > >
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
