Hi everyone,<br><br>Today&#39;s emails have got me thinking... and I hope my prognosis is not true.<br><br>Some people may be about to give me library records that are purportedly anonymised in different ways. The most worrying case is captured by the following example:<br>
<br><div style="margin-left: 40px;"><br><br>jon borrowed from library L war&amp;peace 25 may <br>jon borrowed from librarly L das capital 1 jun 08<br>jon borrowed from library L penthouse 1 july 08 <br>      (I guess that this is not a run of the mill library :-) but the example works to demonstrate a point)<br>
</div><br>Quite possibly Jon may neither want to be identified as a borrower of das capital, nor of penthouse. Whatever jon&#39;s predelicitons, I&#39;m presuming that the anonimised data should not give rise to anyone being able to ascertain jon&#39;s reading habits<br>
<br>When they are given to me the library use records are anoymised thus<br><ul><li>replace jon&#39;s name with a large random number X (for the technically minded this random number is a GUID, see eg wikipedia for details)</li>
<li>replace the date with a sequence number starting from 1 in a given year</li></ul>Thus I might be given<br><br><div style="margin-left: 40px;">
X borrowed war&amp;peace 1st in 08<br>
X borrowed das capital  2nd in 08<br>
X borrowed penthouse   3rd in 08<br></div><br>Also <br><ul><li>any work that is borrowed only once in a year has been removed from this list,</li><li>anyone who borrows only one work in a year has been removed from the list.</li>
</ul>Let&#39;s assume that each of these library holdings have been borrowed many many  times in 08, and my current assumption is that I can therefore NOT identify Jon from the data if I saw him come out the library with a copy of war&amp;peace.<br>
<br>I don&#39;t really know what the situation is if I saw Jon come out the library with war&amp;peace one day and then some time later with das capital.  For many borrowings ov these two works over the year, I assme that the data does not contravene the DPA.<br>
<br>But for a unique sequnce of borrowings, it seems that the prognosis is not good,: If there is no other person who borrowed war&amp;peace and then, later, das capital in 08 I can deduce that Jon also borrowed penthouse if I observe him first with L&#39;s war&amp;peace , and then with L&#39;s das capital.<br>
<br>So, if this data is about to be delivered to me, then <br>  1) is the DPA possibly to be contravened (I am not registered as a processor for library L)?<br>  2) is there any transformation or partial eradication of the data that makes it &#39;DPA-safe&#39; while preserving both a random number identified user, and the sequence of loans.<br>
<br>If there is a problem, then I guess the argument that I have never seen any people walking around with library L&#39;s books does not hold, I could have found out jon&#39;s first two loans by any means <br><br><div style="margin-left: 40px;">
(eg, to pick up on messages passim,  jon, somewhat paranoid about privacy, shielded his face with the first two  works when he twice saw a google street view car on the street. I subsequently chanced on the images in google street view, and knowing jon, recognised him both by his unique sartorial style, and by the fact that, not knowing much about google street view, he neglected to cover the side of his face as the car passed, taking 360 degree pictures in the horizontal plane).<br>
<br></div>What if I never look at the raw data and just use it in rather obscure ways (ie bury it in a database that is only used for library catalogue search personalisation purposes, by a search engine  that could never reveal what X borrowed and in what order  -- still a problem, I&#39;m presuming, I or anyone else with access to the raw database, could find out jon&#39;s data.<br>
<br>Its a minefield out there...<br>regards<br>mark<br><br><br><br><br><br><br><br><br><br><br><br>
<hr />
<small>
<p align="left">All archives of messages are stored permanently and are
available to the world wide web community at large at <A href="http://www.jiscmail.ac.uk/lists/data-protection.html">http://www.jiscmail.ac.uk/lists/data-protection.html</a></p>
<p>Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):</p>
<ul>
  <li>Leaving this list: send <strong><em>leave data-protection</em></strong> to <a href="mailto:[log in to unmask]&BODY=LEAVE data-protection"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a></li>
  <li>Suspending emails from all JISCMail lists: send <strong><em>SET * NOMAIL</em></strong> to <a href="mailto:[log in to unmask]&BODY=SET * NOMAIL"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a></li>
  <li>To receive emails from this list in text format: send <strong><em>SET data-protection NOHTML</em></strong> to <a href="mailto:[log in to unmask]&BODY=SET data-protection NOHTML"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a></li>
  <li>To receive emails from this list in HTML format: send <strong><em>SET data-protection HTML</em></strong> to <a href="mailto:[log in to unmask]&BODY=SET data-protection HTML"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a></li>
</ul>
<p>All user commands can be found at <a href="http://www.jiscmail.ac.uk/help/commandref.htm">http://www.jiscmail.ac.uk/help/commandref.htm</a> and are sent in the <strong>body</strong> of an otherwise blank email to <a href="mailto:[log in to unmask]"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a></p>
<p>Any queries about sending or receiving messages please send to the list owner  <a href="mailto:[log in to unmask]"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a></p>
<p>(Please send all commands to <a href="mailto:[log in to unmask]"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a> not the list or the moderators, and all requests for technical help to <a href="mailto:[log in to unmask]"><a href="/cgi-bin/wa-jisc.exe?LOGON=A3%3Dind0905%26L%3DDATA-PROTECTION%26E%3Dquoted-printable%26P%3D1199686%26B%3D--001636c5b154db2768046ae9e3ea%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a>, the general office helpline)</p>
</small>
<hr />