JISCMail - DATA-PROTECTION Archives

On Fri, Feb 03, 2006 at 12:26:10AM -0000, Martin Hoskins wrote:
> I'm playing the Devil's advocate this Friday morning! In a post-Durant
> world are we really certain that the information that BT is sending by
> SMS really is "personal data"?

In a post-Durant world I'm finding it hard to believe there's very much
that can't be classed as "not personal data" if someone tries hard enough
... (But that's a whole 'nother rant!)

> BT might argue that the information was confidential, but that it was
> not sufficiently "pesonal" to fall within the ambit of the DPA. After
> all, the account could be a corporate account, or it could be used by
> someone (or the bill paid by someone) other than the individual to whom
> the account may have been registered. 

The T&Cs for the service say explicitly that it the service is only for
home users - not business users (not that that stops you being able to
check when a business line was last paid ...)

And, IIRC, BT are rather strict about their association with users and
lines generally. ISTR friends with tales of BT not being willing to
discuss anything about a phone line with them, because the line was in
their husband's name.

And what if the data is classed with other information that becomes
otherwise available. What if someone were to state publically "I live
alone and pay my own phone bill"? Does this impact on the status?

I also have a sneaking suspicion that if 100 people were to ring BT and
say "I'd like some information on when the bill for phone number <XXXXXX>
was last paid", that, once it was established that line wasn't connected
to the caller, at least 50% of the callers would be informed they can't
give that information out as "it would be a breach of Data Protection".
(Call centres seem overly fond of claiming this about all manner of
things these days...)

> I agree that BT appear to have acted foolishly in allowing "anyone"
> to learn of the date that a particular phone account was paid. But I
> would suggest that BT is closer to breaching the tort of confidence than
> it is of the DPA.

I think there might be some truth in what you say. And, BT may indeed be
able to squirm out of a complaint to the IC by such weasely means. But
I suspect that enough complaints are made, whether directly to BT,
or via the IC or Oftel, it might make them think twice about having such
a service.

And if they have to give Ł25 to enough people....

Tony

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^