[http://images.itn.co.uk/images/ITN_Master_blue.gif] PHILLIP BARNETT SERVER MANAGER 200 GRAY'S INN ROAD LONDON WC1X 8XZ UNITED KINGDOM T +44 (0)20 7430 4474 F E phillip.barn...@itn.co.uk WWW.ITN.CO.UK P Please consider the environment. Do you really need to print this email? ________________________________ From: 80n [80n...@gmail.com] Sent: 26 August 2011 10:47 To: Barnett, Phillip Cc: Jim Brown; talk@openstreetmap.org; Ed Avis Subject: Re: [OSM-talk] [Osmf-talk] Membership applications from Skobbler employees On Fri, Aug 26, 2011 at 10:22 AM, Barnett, Phillip <phillip.barn...@itn.co.uk<mailto:phillip.barn...@itn.co.uk>> wrote: On Fri, Aug 26, 2011 at 1:13 AM, Barnett, Phillip <phillip.barn...@itn.co.uk<mailto:phillip.barn...@itn.co.uk>> wrote: Well, this is a sideshow to the main debate, but you are still not revealing personal data, merely a fact about some or all members of a group. You are clear to do this under the UK Data Protection Act. I can say '"Most of the voting population of the UK live in this country" and you can cross-refer to the UK electoral register, for names and addresses, but that doesn't mean I've released the personal details of 40 million people! In this instance, Cloudmade were releasing personal data. But since they're not under UK law, the fact that they released their own employees names and faces and email addresses is presumably between them, their employees, and the US government. >The data point that we would have been revealing is that these people were >members of OSMF. >Membership of an organisation is personal information and >we did not want to leak that information in >any form whatsoever. From the legislation guidance notes "An individual is 'identified' if you have distinguished that individual from other members of a group. In most cases an individual's name together with some other information will be sufficient to identify them." http://www.ico.gov.uk/upload/documents/determining_what_is_personal_data/whatispersonaldata2.htm So if you had said that a large number of applications had been made from Apple employees, then since we have no way of knowing whether every single Apple employee, up to and including the janitor, had made an application to join, we are not be able to reverse-engineer the membership status of any individual employee, and so this is not 'personal' information but aggregate group information. And therefore the Data Protection Act doesn't come into it. Phillip Please Note: Any views or opinions are solely those of the author and do not necessarily represent those of Independent Television News Limited unless specifically stated. This email and any files attached are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify postmas...@itn.co.uk Please note that to ensure regulatory compliance and for the protection of our clients and business, we may monitor and read messages sent to and from our systems. Thank You.
_______________________________________________ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk