JISCMail - DATA-PROTECTION Archives

RE: [data-protection] Biometric Data on Flash Drive

I suspect that Jethro's line of thinking is the way out of this: once the profile is removed, it is no longer "held" so no longer processed even if technically recoverable. I don't know of any cases which touch upon this issue, but clearly would be interested (as would others no doubt) in hearing if anyone knows of any. (If this were not the case, then responding to subject access requests would require all sorts of low level recovery of data from hard drives (pace Eszias v Welsh Ministers, which many (including me) think is bad law) - as deleted data would still be "held" - and be even more of a nightmare than they are at the moment.)

But in any case, even if that were wrong, I am not sure that the UK ICO would worry too much about the fifth principle. The approach to what is "necessary" (despite the literal meaning of that word) tends to be pragmatic. The security measures on the USB stick are good, part of the consequences of implementing these measures is this residual keeping of personal data (with minimal - if any - risk to privacy), and to implement those measures it is "necessary" (at least without spending even more money) to put up with the keeping of that data. Arguably there is no breach if the data is kept there in the background and not used.

-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Jethro R Binks

Sent: 27 May 2009 18:05
To: [log in to unmask]
Subject: Re: [data-protection] Biometric Data on Flash Drive

On Wed, 27 May 2009, Bradshaw, Phillip wrote:

> It is nothing to do with the biometric data itself.
>
> Scenario:
>
> There are 5 people in my team and they register to use the device. Fred
> leaves for a better job (debatable but I will concede for the sake of
> argument !). His profile is removed. We now have a device with 4
> registered users plus biometric data of AN Other. My HR records show
> Fred is the only person to have left the team whilst device in use.
> Therefore the AN Other data is identifiable as being Fred's from other
> information in my possession. Therefore it is personal data whilst in
> our hands.

OK, and indeed Collie does appear to be quite far-reaching in that case
then.

You already mentioned that the profile data isn't actually deleted, just
made inaccessible. That being the case, it could be considered not
'held', so the point is moot. However, if it is accessible, but by
extra-ordinary means, you're into the sort of territory that you get into
when you start talking about recovering 'deleted' data from systems at a
very low level. Is there not terminology in one or other act or guidance
stating that if 'specialists' are required, then it is essentially data
'not held'?

Maybe records shouldn't be reflecting who previously had access to the
device after they have "left", or it should not be an assumption that
being a member of a particular team equates to having access to a
particular device. In some cases, this may be a reasonable assumption.
In others, it may not.

Jethro.

This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)