> Otherwise what do you have in mind?
The issue raised was in the sense of collating a number of opt-out lists
together, matching them against each other and any other verifiable data
source, say the publicly available voters register, to identify all those
persons whom think they may be at risk.
Of course also matching against lists of employees from known at risk
occupations would enable further refinement or focus.
Whilst a recommendation of best practice to match data could well be of
benefit in specific circumstances, in others that practice could be a very
serious risk.
Given the historicity of the recognised potentiality for compromise,
apparently merely hoping for the best, without any fully open and recognised
debate (with its own inherent problems) rather seems to be avoiding more
than addressing the issues. Unless organisations are providing support only
as necessary in order to achieve some privacy in the mechanisms employed.
Having different identities in specific spheres seems an obviously logical
method of addressing the issues by providing possibilities for opt outs with
less risk. For some reason though officially there is apparently much
resistance to such ideas.
Muddy waters all around so somehow people are achieving what they perceive
as an acceptable degree of privacy for whatever purpose(s) they require it.
My specific interest stems from considerations of the underlying issues
surrounding that mixed situation.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 24 March 2006 15:28
> To: [log in to unmask]
> Subject: Re: Opt out lists
>
>
> See below:
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 24 March 2006 13:40
> To: [log in to unmask]
> Subject: [data-protection] Opt out lists
>
> Are opt out lists held by organisations to prevent a data
> subject's data being processed by that organisation available
> for enquiry using any of the exemptions?
>
> >>A SAR should deliver all such items to the data subject. The list
> >>must be
> available at data take-on time to be queried against.
> Otherwise what do you have in mind?
>
> What if any restrictions exist to prevent fishing trips of
> those lists?
>
> >>Policies and procedures must be in place including HR based
> sanctions
> >>to
> outlaw such things
>
> The reason for the enquiry is historically based upon a
> source for official unease about opt out lists being that
> they would identify persons whom may consider themselves to
> be at significant risk, and conducting data matching
> exercises upon the lists could fairly easily identify those
> individuals.
>
> >>Elizabeth France considered them to be a best Practice
>
> Also, considered from the same risk angle, should security
> measures for those lists be generally aligned with the
> original database security, or should there be a higher level
> of security applied to them.
>
> >>The level should be congruent with the data (or implied data) that
> >>they
> contain
>
> Ian W
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.6/288 - Release Date: 3/22/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
