Thanks Paul - that's very helpful.
Thanks all for your thoughts. They have helped to clarify mine.
Matt
--On 22 November 2010 12:27 +0000 Paul Ticher <[log in to unmask]> wrote:
> There are a number of points here.
>
> 1) Personal data that is in the public domain is still personal data.
> Therefore all the Principles and Data Subject rights apply as well as the
> possible obligation to issue Data Subjects with a privacy notice.
>
> 2) Breach of privacy is not the only possible breach of the Principles.
>
> 3) Principle 1 says you have to be 'fair'. The requirement for
> transparency is limited where data is acquired from a third party, but
> that is only one aspect of fairness. Compliance with a Schedule 2 (and
> possibly Schedule 3) Condition is also required. This would appear to
> rule out the processing of any sensitive data in this context, and to
> leave just the sixth Schedule 2 Condition available for processing
> non-sensitive data. Unless you inform the Data Subject what you are
> doing, and give them the opportunity to object, it is difficult to be
> sure that the 'legitimate interests' of the Data Controller outweigh any
> rights, freedoms or legitimate interests of the Data Subject. Someone
> may - without your knowledge - have legitimate concerns about the effect
> on them of certain pieces of independently innocuous information being
> linked to other information.
>
> 4) Principle 2 would prohibit use of the information - even if it is
> in the public domain - in ways incompatible with its original purpose.
>
> 5) Principles 3 and 4 are absolute. Your information does not have to
> be 'as accurate as possible', it has to be 'accurate'. If not, and
> someone is harmed as a result, they are due compensation, and you are due
> a hit on your reputation. We all know how difficult it is to keep our
> data sets accurate, even with the willing assistance of the Data Subject.
> In this case, where the information is likely to be patchy and, quite
> possibly, out of date, the chances of linking information from two
> different individuals instead of from one individual must be high. The
> information also, of course, has to be 'relevant and not excessive'. A
> random attempt to assemble information about a person is almost bound to
> draw in some information which is not relevant to the purpose.
>
> This is not to say that screening in this way is never compatible with
> good Data Protection practice, but it would be better to tell the Data
> Subject in advance what is going to be done, and better still to involve
> them in checking the data quality before any decisions that affect them
> are taken.
>
>
> Paul Ticher
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
>
> ----- Original Message ----- From: "Matt Morrison"
> <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Monday, November 22, 2010 9:05 AM
> Subject: Screening companies using publicly available information
>
>
>> Hi all
>>
>> I'm after opinions about screening companies that use publicly available
>> information, for example - entering a surname and address into a piece
>> of software that then matches that data against other publicly
>> available information that will then give you a profile.
>>
>> My feeling is that this is a clear use of personal data and the subjects
>> should be notified, but am having trouble convincing others. Their
>> argument is that all the information is in the public domain so there is
>> no invasion of privacy.
>>
>> Any thoughts welcome.
>>
>> Thanks
>>
>> Matt Morrison
>>
>> Information Rights Officer
>> University of Bristol
>> [log in to unmask]
>> 0117 3317751 (ex.17751)
>>
>> This e-mail is for the above named recipient(s) only. It
>> may contain proprietary material, confidential information and/or be
>> subject to legal privilege. It should not be disclosed to or used,
>> retained
>> or copied by, any other party. If you are not an intended recipient then
>> please delete this e-mail and all copies and promptly
>> inform the sender. Thank you.
>>
>> Please note that in order to protect the security and working of
>> University
>> network and computer systems, it may be necessary to intercept, monitor,
>> record, copy, audit, inspect and/or disclose to authorised University and
>> law enforcement personnel any files, messages and any or all uses of the
>> systems. The University may also be required to disclose this email as a
>> result of a freedom of information or data protection request, or in
>> connection with litigation.
>>
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at
>> http://www.jiscmail.ac.uk/help/commandref.htm
>> Any queries about sending or receiving messages please send to the list
>> owner
>> [log in to unmask]
>> Full help Desk - please email [log in to unmask] describing your
>> needs
>> To receive these emails in HTML format send the command:
>> SET data-protection HTML to [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Matt Morrison
Information Rights Officer
University of Bristol
[log in to unmask]
0117 3317751 (ex.17751)
This e-mail is for the above named recipient(s) only. It
may contain proprietary material, confidential information and/or be
subject to legal privilege. It should not be disclosed to or used, retained
or copied by, any other party. If you are not an intended recipient then
please delete this e-mail and all copies and promptly
inform the sender. Thank you.
Please note that in order to protect the security and working of University
network and computer systems, it may be necessary to intercept, monitor,
record, copy, audit, inspect and/or disclose to authorised University and
law enforcement personnel any files, messages and any or all uses of the
systems. The University may also be required to disclose this email as a
result of a freedom of information or data protection request, or in
connection with litigation.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|