Hi Everyone

A personalised search related question.....

I'm interested in obtaining some university data that might lead to personal identification.

This would be 'anonymized'  library use data, where student ID or library numbers are hidden by replacing them by random numbers (called GUIDs).

The same GUIDs would also be used in a second set of 'anonymized' data; registration data. The registration data would consist of course (e.g. Chemical Engineering), progression level (eg 2nd year) and, possibly, module registration (eg E203 Organic chemistry).  So again student identity is hidden by GUIDs, but the GUIDs definitely link library use data and student registration data.

I want to use the above two sets of data to personalise library catalogue search facilities for students.

Now if I had a third set of data all students' names and registrations (course/progression/module) I might just be able to find a unique pattern of module choices in student registration data for a named student S, and then find out what S had been borrowing by interrogating first the GUID identified registration data and looking for S's pattern of module registrations.  This would yield S's GUID, and I could then find oht what S had been borrowing.

I don't have this third set of data, and never will have it. However, it is possible that I might pass student T on campus, and see her carrying an obscure library book, of which there is only one in the campus library. From the date of that event, and the first set of data, library use/borrowings, I could find T's GUID and access all her library use data.

Or I might know student U, who is doing a rare module combination. On interrogation of the registration data, I find only one student is taking those modules. Clearly this is student U, and I now know U's GUID and library use/borrowings.

Questions for you please:

1. The idiot question: Each of the 'anonymized' data sets, the library use data and the registration data, is, in isolation, PII?

2. Of the above information, what can university libraries legally divulge (with/without consent)

3. Can I legally be contracted by a library/university to process their pre-'anonymized' data sets without consent being given by the students?


Thanks
mark


--
Mark van Harmelen
Personal Learning Environments Ltd
&
School of Computer Science, University of Manchester
cell/mobile            07830 212 464
skype                   markvanharmelen



On Thu, Apr 16, 2009 at 10:21 AM, Bradshaw, Phillip <[log in to unmask]> wrote:
... and if they cannot accept the fact, can you be satisfied that your arrangements meet Principle 7 requirements ?
 

Phil Bradshaw


 

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Marchini, Renzo
Sent: 16 April 2009 10:15

To: [log in to unmask]
Subject: Re: [data-protection] Application support companies ...

agreed.  And if they are not processors, you have to question how you can "legitimise" the transfer to them, they need to give notice to the subjects, etc... and so their position is worst!
R
 
 

Renzo Marchini
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]
www.dechert.com

 

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 15 April 2009 21:57
To: [log in to unmask]
Subject: Re: [data-protection] Application support companies ...

On the face of it I am with you.

What do those who insist that they are not do for you and how to they describe their activities?

Jon Dunster wrote: 
Hi all!

We have a number of support companies supporting various MIS type 
applications.

Some of them regularly work on databases containing personal data or even 
take copies of the databases away for work/backup etc.

Under my understanding of DP I'd class them as Data Processors and require 
rather more meat pertaining to DP in contracts.

Am I working from the right basis?  So far I've stuck to my line but some of 
them consistently refuse to acknowledge they are data processors despite 
their activities fitting the 'processor' definition.

Thanks,

Jon

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

--

Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website - more than anyone needs to know

Marketing by Permission

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

 


This e-mail is from Dechert LLP, a law firm, and may contain 
information that is confidential or privileged. If you are not the intended 
recipient, please delete the e-mail and any attachments, and notify the sender. 
Dechert LLP is a limited liability partnership registered in England & Wales 
(Registered No. OC306029) and is regulated by the Solicitors Regulation 
Authority. A list of names of the members of Dechert LLP (who are solicitors or 
registered foreign lawyers) is available for inspection at its registered 
office, 160 Queen Victoria Street, London EC4V 4QQ.








All archives of messages are stored permanently and are available 
to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html


Selected commands (the command has been filled in below in the body of the 
email if you are receiving emails in HTML format):



All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm 
and are sent in the body of an otherwise blank email to [log in to unmask]


Any queries about sending or receiving messages please send to the list owner 
[log in to unmask]


(Please send all commands to [log in to unmask] not the list 
or the moderators, and all requests for technical help to [log in to unmask], the general 
office helpline)





**********************************************************************


Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind.  Opinions, conclusions and other information in this message that do not relate to the official business of the Council of the City and County of Cardiff shall be understood as neither given nor endorsed by it.  All e-mail sent to or from this address will be processed by Cardiff County Councils Corporate E-mail system and may be subject to scrutiny by someone other than the addressee.



**********************************************************************


Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os na chyfeirir y neges atoch chi'n benodol (neu os nad ydych chi'n gyfrifol am drosglwyddo'r neges i'r person a enwir), yna ni chewch gopio na throsglwyddo'r neges. Mewn achos o'r fath, dylech ddinistrio'r neges a hysbysu'r anfonwr drwy e-bost ar unwaith. Rhowch wybod i'r anfonydd ar unwaith os nad ydych chi neu eich cyflogydd yn caniatau e-bost y Rhyngrwyd am negeseuon fel hon. Rhaid deall nad yw'r safbwyntiau, y casgliadau a'r wybodaeth arall yn y neges hon nad ydynt yn cyfeirio at fusnes swyddogol Cyngor Dinas a Sir Caerdydd yn cynrychioli barn y Cyngor Sir nad yn cael sel ei fendith. Caiff unrhyw negeseuon a anfonir at, neu o'r cyfeiriad e-bost hwn eu prosesu gan system E-bost Gorfforaethol Cyngor Sir Caerdydd a gallant gael eu harchwilio gan rywun heblaw'r person a enwir.



**********************************************************************






All archives of messages are stored permanently and are
available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html


Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):



All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]



Any queries about sending or receiving messages please send to the list owner  [log in to unmask]


(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
















All archives of messages are stored permanently and are
available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html


Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):



All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]


Any queries about sending or receiving messages please send to the list owner  [log in to unmask]


(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)