If we had to take into account the information other people have, it
would not be possible to have 'annonymised' data about people. You need
to look at the data you are the controller of, and determine if you can
or can't identify an individual from that data alone. This determines
your course of action. You either can or can't, so it either is or isn't
personal data. That's what the act says. It's perfectly reasonable,
however, for your institution to make a decision that you won't make it
public because it's against the spirit of the Act, or the beliefs of the
institution.
Hope that's useful.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Victoria Hayes
Sent: 24 March 2004 09:44
To: [log in to unmask]
Subject: Re: [data-protection] anonymized data - still contravene DPA?
Ian
Thanks very much for your comments below but I'm still unclear about
this....
'We' are likely to know the student's employment history in our 'total
set
of data', though this will not be linked to the individuals being
discussed
in a thesis. However, it does not seem relevant whether or not WE hold
the
additional data that allows individuals to be identified; if we did not
hold
it, but were aware that third parties could reasonably be expected to
have
data that would enable the identification of individuals, then would be
still have obligations under the DPA. I feel we might.
-----Original Message-----
From: davidwyatt [mailto:[log in to unmask]]
Sent: 23 March 2004 11:04 PM
To: Victoria Hayes
Cc: [log in to unmask]
Subject: Re: [data-protection] anonymized data - still contravene DPA?
Victoria
My observation
Re the para :
''There is NOT sufficient personal detail in the thesis for a person to
be
identified and the individuals mentioned in the thesis are anonymized -
but
the examiners are saying that they could be identified by someone who
has
knowledge of the author's employment.''
If this is true and your organisation really cannot identify a living
individudual from the total set of data in their possession then the
data is
not personal data in your possession and the Act will not apply to you
for
this set of data. If there is no personal data there can be no
'controller'.
If a Third Party combines the thesis data with other data in their
possession ie a name / address or other unique identifier to enable a
living individual to be uniquely identified (correctly or not) they
become a
data controller and subject to the Acts obligations. The way in which
the
Act is drafted you have no responsibility over how other legal entities
combine and match data to create personal data about living individuals.
David Wyatt
----- Original Message -----
From: "Victoria Hayes" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, March 23, 2004 2:19 PM
Subject: [data-protection] anonymized data - still contravene DPA?
Hi everyone
I would appreciate your views on the below, particularly from other
Higher
Education institutions that might of dealt with this issue before......
An external examiner for a thesis has recommended that the thesis be
withheld from the library (and therefore the public domain) as it may be
possible for someone with knowledge of the author's previous employment
to
identify particular individuals, and this would contravene the DPA.
Is this so? I'm not sure it's as clear-cut as that?
There is NOT sufficient personal detail in the thesis for a person to be
identified and the individuals mentioned in the thesis are anonymized -
but
the examiners are saying that they could be identified by someone who
has
knowledge of the author's employment.
The type of information in the thesis is primarily the author's views
about
how they managed the work of teacher x, or about the culture of school A
which was being influenced by teacher y,etc.
The basis of the thesis did not involve interviewing or collecting data
from
individuals, but is based on the author's observations & views etc.
Therefore consent to publish was never obtained at the outset & would be
impractical to obtain now.
Clearly the University wants to make the thesis publicly available as
the
work could be of benefit to other researchers. However, since we would
never know whether a given person seeking access had sufficient
knowledge of
the author's employment to be able to identify individuals - would we
have
to issue a blanket ban on access to the dissertation? I think not - but
I'm
really not sure.
Your comments would be most appreciated.
Thanks
Victoria
Victoria Hayes Tel (01392) 263355
Data Protection Officer
University of Exeter
Northcote House
Queens Drive
Exeter EX4 4QJ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|