> Otherwise what do you have in mind? The issue raised was in the sense of collating a number of opt-out lists together, matching them against each other and any other verifiable data source, say the publicly available voters register, to identify all those persons whom think they may be at risk. Of course also matching against lists of employees from known at risk occupations would enable further refinement or focus. Whilst a recommendation of best practice to match data could well be of benefit in specific circumstances, in others that practice could be a very serious risk. Given the historicity of the recognised potentiality for compromise, apparently merely hoping for the best, without any fully open and recognised debate (with its own inherent problems) rather seems to be avoiding more than addressing the issues. Unless organisations are providing support only as necessary in order to achieve some privacy in the mechanisms employed. Having different identities in specific spheres seems an obviously logical method of addressing the issues by providing possibilities for opt outs with less risk. For some reason though officially there is apparently much resistance to such ideas. Muddy waters all around so somehow people are achieving what they perceive as an acceptable degree of privacy for whatever purpose(s) they require it. My specific interest stems from considerations of the underlying issues surrounding that mixed situation. Ian W > -----Original Message----- > From: This list is for those interested in Data Protection > issues [mailto:[log in to unmask]] On Behalf Of Tim Trent > Sent: 24 March 2006 15:28 > To: [log in to unmask] > Subject: Re: Opt out lists > > > See below: > > -----Original Message----- > From: This list is for those interested in Data Protection > issues [mailto:[log in to unmask]] On Behalf Of Ian Welton > Sent: 24 March 2006 13:40 > To: [log in to unmask] > Subject: [data-protection] Opt out lists > > Are opt out lists held by organisations to prevent a data > subject's data being processed by that organisation available > for enquiry using any of the exemptions? > > >>A SAR should deliver all such items to the data subject. The list > >>must be > available at data take-on time to be queried against. > Otherwise what do you have in mind? > > What if any restrictions exist to prevent fishing trips of > those lists? > > >>Policies and procedures must be in place including HR based > sanctions > >>to > outlaw such things > > The reason for the enquiry is historically based upon a > source for official unease about opt out lists being that > they would identify persons whom may consider themselves to > be at significant risk, and conducting data matching > exercises upon the lists could fairly easily identify those > individuals. > > >>Elizabeth France considered them to be a best Practice > > Also, considered from the same risk angle, should security > measures for those lists be generally aligned with the > original database security, or should there be a higher level > of security applied to them. > > >>The level should be congruent with the data (or implied data) that > >>they > contain > > Ian W -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.2.6/288 - Release Date: 3/22/06 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^