Chris,
Thanks for the
reference to the case. The following issues come to mind immediately in
considering the Cranston J approach. First, the FOIA is applicant
blind. Are we going to be certain that the recipient does *not* have the
algorithmic capacity to crack this data open? The average person may not
have this capacity, but that assumes that the average person is making the
request. I make this point without regard to the applicant in this
case.
Second, the challenge
from the O'Hara review is that large scale data sets or seemingly anonymous data
can, with the proper tools and techniques can be used to identify people.
To some extent, this is the inverted image of this problem. O'Hara is looking at
large data sets, while this is looking at small sample sizes. I fear that
Cranston J may have assumed that a small confers anonymity. In some cases
this may be true. However, I recall in this case, I believe a reporter was able
to track down the physicians involved.
In the end, each case
will be on its merits and I think the advice will stand for now. I think we will
see a different approach in the coming years as the O'Hara review's suggestions
interact with the impending revision to the Data Protection Act as required by
the UK government's ongoing "negotiations" with the EU.
Best,
Lawrence