Tony Bowden on 21 July 2004 at 13:54 said:-

> The OIC's argument basically boils down to "if you can't show 
> how you're
> actually harmed by them not giving or explaining the information, then
> we don't have time to pursue the matter".

I suppose the ICO's stance is intended to improve the situation for them.

This does however seem a most strange approach akin to "The protective
legislation does not require upholding unless you can prove harm"

An analogy comes to mind.  A person is trying to enter your office, they try
the door, it is locked and has a clearly visible sign saying 'No Visitors'.
Trying to gain entry they walk around testing all the doors in turn, even
trying different keys they might have.  Eventually, tiring of constant
knocking, which nobody answers (all out at lunch) and finding a window which
was not properly secured, they gain access.  If they are a salesperson, is
that proper conduct? If they are a business associate, is that proper
conduct? If they are a client, is that proper conduct? Eventually leaving,
taking with them only a mental note of information they have obtained from
within the premises, and ostensibly causing no damage what harm have they
done?

Erm, are they acting legally, unless the office owner can prove harm, or is
the office owner condemned for having something to hide?  I would guess some
office owners would take their own steps to protect their office, but not
everybody would continue to live quitely in such a climate without brewing
up a major storm.

Now replace the word 'office' with 'computer'.  
What is the difference?  
With many possibly more worried about affecting areas of commercial rivalry
than upholding the legislation, no wonder there is a major chill, and such
high overheads attached to e-commerce.  A pity the normal everyday data
subjects freedoms are suppressed so much along the way, whilst the valuable
information held at the office is extracted without qualms.

What could condone such odd conduct? Perhaps only controlled legal
enforcement mechanisms, and many would argue against some of those.

Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection 
> issues [mailto:[log in to unmask]] On Behalf Of 
> Tony Bowden
> Sent: 21 July 2004 13:54
> To: [log in to unmask]
> Subject: Re: Privacy Policy changes
> 
> 
> On Wed, Jul 21, 2004 at 10:50:18AM +0100, Ian Welton wrote:
> > > However, the Commissioner has stated that they don't have 
> to provide
> > > this information in response to an SAR.
> > From the brief description you give that seems hardly 
> legitimate.  I wonder
> > what the organisational/inter-organisational structure is.
> > One must assume they clearly outline these actions within 
> their privacy and
> > terms of use policies, updating them whenever they make any 
> consequential
> > change to the logical method of processing the data.  I 
> suppose they hook
> > that up with the existing software change management process.
> 
> Nope. They don't outline these at all. I only know that it happens
> because I wrote the systems!
> 
> > Do they conduct any collection of information from other 
> cookies which may
> > be on the users machine?
> 
> No - that's pretty much technical infeasible - most cookies 
> can only be
> accessed by the site which set them.
> 
> > It will be interesting to see what arguments have been used 
> on both sides to
> > result in the stated outcome.
> 
> My argument is "they have the information, and aren't providing it".
> 
> BlackStar's is "we don't have the information, and if even we do, then
> you're not getting it, and even if we've already given you some of it
> in an unintelligible form, then we're certainly not going to 
> explain it".
> 
> The OIC's argument basically boils down to "if you can't show 
> how you're
> actually harmed by them not giving or explaining the information, then
> we don't have time to pursue the matter".
> 
> Tony

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^