On Fri, Aug 26, 2011 at 11:33 AM, Barnett, Phillip < phillip.barn...@itn.co.uk> wrote:
> From the legislation guidance notes > "An individual is 'identified' if you have distinguished that individual > from other members of a group. In most cases an individual's name together > with some other information will be sufficient to identify them." > > http://www.ico.gov.uk/upload/documents/determining_what_is_personal_data/whatispersonaldata2.htm > > > So if you had said that a large number of applications had been made from > Apple employees, then since we have no way of knowing whether every single > Apple employee, up to and including the janitor, had made an application to > join, we are not be able to reverse-engineer the membership status of any > individual employee, and so this is not 'personal' information but aggregate > group information. > > Regardless of whether the data protection act was relevant, we acted on the side of caution. CloudMade is not Apple. If we had disclosed that a large number of CloudMade employees had just signed up then because it was such a small company it would have been pretty easy to deduce who might or might not be a member. In any case since there was no wrong doing there was nothing to disclose anyway.
_______________________________________________ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
