Sara,
If you want to exclude staff names then it shouldn't be too difficult to consult a list of search terms which are not to be suggested. This could include the staff directory. Depending on how your developers feel, this could either be done at the time the search terms are recorded - ie. They're not recorded if they're in the blacklist, or at the time the search terms are suggested, ie. The blacklist is joined to the complete list and where there is a match, this term is then excluded from the list of suggestions handed back to the client.
The latter approach gives you better data (ie. If Sara Stock should have been suggested but was subdued for DP reasons then why are people searching for Sara Stock? Should her section of the web site be more prominent? Should she be consulted for consent?) but I would guess it is more computationally expensive given the complexity of the query and the frequency with which it is run.
You then also have the issue that people will probably already know that Sara Stock should feature in the results as she obviously works for the organisation. There is no DP benefit to prohibiting her presence in the results given that the disclosure has probably already taken place in the staff directory, the sign on your door, wherever else. I'm sure the list will correct me if I am wrong but there needs to be a degree of acceptance as to how much you can protect someone in situations like this.
With regards correlation of who is searching for what, this is inbuilt in to the process of responding to requests for the web page. The issue of whether an IP address is personal data is the matter of much debate. I personally would argue that it is inherently not due to the way a network with address translation is set up. Although in many cases it absolutely is, particularly where users are part of an intranet or have authenticated to the web app before running the searches.
Ian
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Stock, Sara
Sent: 10 March 2010 11:05
To: [log in to unmask]
Subject: [data-protection] Search suggestion functions and data protection
Good morning all
Our web design team are hoping to set up our website so that it collects the queries people type into the search box and uses them to make suggestions for subsequent searches by other users of the website, as the Google search box does. They came to me because they were worried that if someone starts typing in "sar" and the system suggests "Sara Stock" as a likely search term then that will some how breach my data rights. I don't think that's an issue - what would worry me would be if the system collects my log-in or IP address when it collects search terms so that there is a data set somewhere that shows which searches I have made, which would of course be A Bad Thing.
I can't see any other problems. I don't want to go looking for trouble but I somehow feel I must have overlooked something here. Any suggestions?
Thanks
Sara
Sara Stock
University Records Manager
University of Essex
Wivenhoe Park
Colchester
CO4 3SQ
Tel: (01206) 874853
E-mail: sstock
For general Freedom of Information queries please e-mail: foi
(non-Essex users should add @essex.ac.uk to create full e-mail addresses)
________________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
________________________________________
---------------------------------------------------------------------------------------
Please consider the environment before printing this email.
---------------------------------------------------------------------------------------
This email and any attachments are confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of Liverpool Community College or associated companies. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.
The message content of in-coming emails is automatically scanned to identify Spam and viruses otherwise Liverpool Community College does not actively monitor content. However, sometimes it will be necessary for Liverpool Community College to access business communications during staff absence.
Liverpool Community College has taken steps to ensure that this email and any attachments are virus free. However, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Liverpool Community College for any loss or damage arising in any way from its use.
---------------------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|