Ian
Thanks very much for your comments below but I'm still unclear about
this....
'We' are likely to know the student's employment history in our 'total set
of data', though this will not be linked to the individuals being discussed
in a thesis. However, it does not seem relevant whether or not WE hold the
additional data that allows individuals to be identified; if we did not hold
it, but were aware that third parties could reasonably be expected to have
data that would enable the identification of individuals, then would be
still have obligations under the DPA. I feel we might.
-----Original Message-----
From: davidwyatt [mailto:[log in to unmask]]
Sent: 23 March 2004 11:04 PM
To: Victoria Hayes
Cc: [log in to unmask]
Subject: Re: [data-protection] anonymized data - still contravene DPA?
Victoria
My observation
Re the para :
''There is NOT sufficient personal detail in the thesis for a person to be
identified and the individuals mentioned in the thesis are anonymized - but
the examiners are saying that they could be identified by someone who has
knowledge of the author's employment.''
If this is true and your organisation really cannot identify a living
individudual from the total set of data in their possession then the data is
not personal data in your possession and the Act will not apply to you for
this set of data. If there is no personal data there can be no 'controller'.
If a Third Party combines the thesis data with other data in their
possession ie a name / address or other unique identifier to enable a
living individual to be uniquely identified (correctly or not) they become a
data controller and subject to the Acts obligations. The way in which the
Act is drafted you have no responsibility over how other legal entities
combine and match data to create personal data about living individuals.
David Wyatt
----- Original Message -----
From: "Victoria Hayes" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, March 23, 2004 2:19 PM
Subject: [data-protection] anonymized data - still contravene DPA?
Hi everyone
I would appreciate your views on the below, particularly from other Higher
Education institutions that might of dealt with this issue before......
An external examiner for a thesis has recommended that the thesis be
withheld from the library (and therefore the public domain) as it may be
possible for someone with knowledge of the author's previous employment to
identify particular individuals, and this would contravene the DPA.
Is this so? I'm not sure it's as clear-cut as that?
There is NOT sufficient personal detail in the thesis for a person to be
identified and the individuals mentioned in the thesis are anonymized - but
the examiners are saying that they could be identified by someone who has
knowledge of the author's employment.
The type of information in the thesis is primarily the author's views about
how they managed the work of teacher x, or about the culture of school A
which was being influenced by teacher y,etc.
The basis of the thesis did not involve interviewing or collecting data from
individuals, but is based on the author's observations & views etc.
Therefore consent to publish was never obtained at the outset & would be
impractical to obtain now.
Clearly the University wants to make the thesis publicly available as the
work could be of benefit to other researchers. However, since we would
never know whether a given person seeking access had sufficient knowledge of
the author's employment to be able to identify individuals - would we have
to issue a blanket ban on access to the dissertation? I think not - but I'm
really not sure.
Your comments would be most appreciated.
Thanks
Victoria
Victoria Hayes Tel (01392) 263355
Data Protection Officer
University of Exeter
Northcote House
Queens Drive
Exeter EX4 4QJ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|