On 26/08/2011 11:33, Barnett, Phillip wrote:
From the legislation guidance notes
"An individual is 'identified' if you have distinguished that individual
from other members of a group. In most cases an individual's name
together with some other information will be sufficient to identify them."
http://www.ico.gov.uk/upload/documents/determining_what_is_personal_data/whatispersonaldata2.htm
So if you had said that a large number of applications had been made
from Apple employees, then since we have no way of knowing whether every
single Apple employee, up to and including the janitor, had made an
application to join, we are not be able to reverse-engineer the
membership status of any individual employee, and so this is not
'personal' information but aggregate group information.
And therefore the Data Protection Act doesn't come into it.
Interestingly, when we converted an organisation recently to an official
Charity under UK law, the Charity Commission wanted us to make it a
requirement that the full membership list (names and home addresses) was
available on demand to any member who requests it. That is the default
position of their model constitution for charities. This seemed to us
very odd indeed, quite contrary to Data Protection principles. The CC
didn't actually insist on that as a requirement of our constitution, but
we queried the point with them and they basically said "the organisation
is the membership and if you can't show to someone that the membership
exists, then the organisation doesn't exist" (I paraphrase).
See Part 2, sec 8.4
http://www.charity-commission.gov.uk/library/guidance/gd3text.pdf
David
_______________________________________________
talk mailing list
[email protected]
http://lists.openstreetmap.org/listinfo/talk
