Hi everyone, Today's emails have got me thinking... and I hope my prognosis is not true. Some people may be about to give me library records that are purportedly anonymised in different ways. The most worrying case is captured by the following example: jon borrowed from library L war&peace 25 may jon borrowed from librarly L das capital 1 jun 08 jon borrowed from library L penthouse 1 july 08 (I guess that this is not a run of the mill library :-) but the example works to demonstrate a point) Quite possibly Jon may neither want to be identified as a borrower of das capital, nor of penthouse. Whatever jon's predelicitons, I'm presuming that the anonimised data should not give rise to anyone being able to ascertain jon's reading habits When they are given to me the library use records are anoymised thus - replace jon's name with a large random number X (for the technically minded this random number is a GUID, see eg wikipedia for details) - replace the date with a sequence number starting from 1 in a given year Thus I might be given X borrowed war&peace 1st in 08 X borrowed das capital 2nd in 08 X borrowed penthouse 3rd in 08 Also - any work that is borrowed only once in a year has been removed from this list, - anyone who borrows only one work in a year has been removed from the list. Let's assume that each of these library holdings have been borrowed many many times in 08, and my current assumption is that I can therefore NOT identify Jon from the data if I saw him come out the library with a copy of war&peace. I don't really know what the situation is if I saw Jon come out the library with war&peace one day and then some time later with das capital. For many borrowings ov these two works over the year, I assme that the data does not contravene the DPA. But for a unique sequnce of borrowings, it seems that the prognosis is not good,: If there is no other person who borrowed war&peace and then, later, das capital in 08 I can deduce that Jon also borrowed penthouse if I observe him first with L's war&peace , and then with L's das capital. So, if this data is about to be delivered to me, then 1) is the DPA possibly to be contravened (I am not registered as a processor for library L)? 2) is there any transformation or partial eradication of the data that makes it 'DPA-safe' while preserving both a random number identified user, and the sequence of loans. If there is a problem, then I guess the argument that I have never seen any people walking around with library L's books does not hold, I could have found out jon's first two loans by any means (eg, to pick up on messages passim, jon, somewhat paranoid about privacy, shielded his face with the first two works when he twice saw a google street view car on the street. I subsequently chanced on the images in google street view, and knowing jon, recognised him both by his unique sartorial style, and by the fact that, not knowing much about google street view, he neglected to cover the side of his face as the car passed, taking 360 degree pictures in the horizontal plane). What if I never look at the raw data and just use it in rather obscure ways (ie bury it in a database that is only used for library catalogue search personalisation purposes, by a search engine that could never reveal what X borrowed and in what order -- still a problem, I'm presuming, I or anyone else with access to the raw database, could find out jon's data. Its a minefield out there... regards mark ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^