I agree Simon - especially in the Scottish Borders there are quite a few rural areas and only one house.
Doreen
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 10 January 2013 14:31
To: [log in to unmask]
Subject: Re: Addresses being personal data
I always advise that the entire postcode should be considered personal data unless it can be satisfactorily proven otherwise. There are a great many rural postcodes that have only one or two abodes which means that identification is made easy. Even with half a dozen houses in a road, you have to be sure that there are enough people that small numbers does not come into play. It all amounts to disproportionate effort in most cases.
In the case of my example "SH" - Michael is right that it could be personal data. However, the example was meant in isolation and may well be a bad one, don't let that red herring deflect from the real question. Sorry for my lack of exampular (new word? You heard it here first) thought...
Simon.
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Ray Cooke
Sent: 10 January 2013 11:42
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: [data-protection] Addresses being personal data
On the post code issue. I had to consider release of a spreadsheet containing answers to survey questions with postcodes but no names.
So I did some checks myself and found that just using an unsophisticated internet search, without subscribing to any service, it took me about 20 minutes to identify a postcode with only two addresses and from that to identify the individual who had been surveyed and tie that identity to a whole host of their personal data.
I declined to release the data on the basis that the postcodes could identify specific individuals.
Ray Cooke
Information Compliance Officer
Oxford Brookes University
Oxford Brookes Information Solutions
Headington Campus
Gipsy Lane
Oxford, OX3 0BP
tel: +44 (0)1865 484354<tel:%2B44%20%280%291865%20484354>
fax: +44 (0)1865 483330<tel:%2B44%20%280%291865%20483330>
www.brookes.ac.uk<http://www.brookes.ac.uk>
On 10 January 2013 10:27, Grimbaldus <[log in to unmask]<mailto:[log in to unmask]>> wrote:
Taking Simon's argument further, if it is obvious from the content of the email that "SH" is Simon Howarth, perhaps by reference to an activity performed by Simon, then that email surely constitutes Personal Data.
This discussion begs a number of related questions:
1) If the subject refers to "SH" and it is (as) obvious from other emails in the thread that this is Simon, does that email not constitute PD?
2) In such a situation, does the entire thread constitute PD?
[Subject, of course, to the mainstream tests.]
It will probably be necessary to read each email to determine this, which leads to question (3).
3) I have a situation at the moment where the Data Subject, an ex-employee, has requested those Personal Data in emails, including emails sent and received by themselves. Their Inbox and Sent mailbox contain over 10,000 emails. Because of limitations in the configuration of the email system itself, it is impractical to search through this number for the myriad content /subject references. The emails are likely to contain commercially-sensitive information which is not PD, and which we would not wish to supply. Further, the emails contain innumerable references to other parties.
My current thoughts range among:
a) inviting the DS in to read the file, with the stipulation either that notes cannot be taken or that any notes must be vetted before being taken away.
b) claiming an exemption to supply under s8(2) by reason of disproportionate effort;
c) asking the DS to identify the correspondents with whom their PD would have been included in emails (e.g. HR), but that would have to be named individuals or specific mailboxes. In and of itself, this raises an issue of identifying an email from DS to another (or vv) in which some 'of the moment' biographical data was cited, e.g. "I'm in the office now if you want to call."
Has anyone faced this challenge and what did ('would' for those who haven't) you do?
Interestingly, the advice on disproportionate effort given by the ICO Helpline followed Durrant,
/Ezsias/Elliott rather than the Code of Practice and established ICO interpretation of s8(2).
4) Staying with addresses, but turning to postal ones, what of a Post Code? Clearly, in the vast majority of instances a Post Code is not PD, but it could refer to a single property with single occupancy. An LA might be able to identify that situation, but it is highly unlikely that (say) a retailer will have such information in their possession, or even be able to get it.
So, to borrow a phrase, does the panel think that any Post Code need not be treated as PD *if* the Data Controller has no (easy) way to confirm the number of properties covered and the occupancy of those?
It is clear from the posts on here that there is a world of difference between the ordered, detailed information held by public sector bodies about their 'customers' and the less-ordered, and variably dimensioned and formatted data held about customers in the retail sector.
Many thx - Michael
<snip>
________________________________
________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>
Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>
(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)
________________________________
**********************************************************************
This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
