Hear that, Sigourney? Common names 'may not constitute personal data' Common names of people may not, read alone, constitute "personal data", the Court of Appeal has said. The Court said that only if common names were matched with other information would it be possible to identify the individuals to whom the names relate. Data protection laws only apply to the processing of personal data. "A …
Very confusing article, let's see if I've got it right.
This Edem fellow feels wronged by faceless bureaucrats, demands their unmasking, first court agrees. Said bureaucrats continue the fight to remain faceless and a higher court decides that no, their very identities really are 'personal data' that may not be legally divulged, according to rules created by other faceless bureaucrats.
So the system is rigged such that if you get screwed, tough, you ain't finding out who's screwing you, ha ha! Get lost, lusers!
I ended up entirely confused by that as well.
However - the Office for National Statistics releases lists of baby names every year. They only redact names with a count of two or fewer babies in a year for being personally identifiable information. That seems reasonable to me. One could apply that test to any population from which information was demanded.
I'll admit that I have not studied the details of the case. But it does sound to me that the junior staff involved were acting in a professional capacity, on behalf of their employer, in this case a public authority, though it might have been a private business under different circumstances.
I expect a person I am dealing with to introduce himself/herself, which is just common politeness. I expect to be able to refer to him/her by name if the issue I am trying to resolve is referred to another person. I expect to get enough information to understand the area and the extent of the person's competence and/or authority. I expect any written communication to be signed with the name and the title of whoever wrote it. I do not need personal details such as the person's home address, FB login, or personal mobile number. I deal with him/her as a representative of the organization. Oh, and by the way, if he/she is, say, rude to me or otherwise behaves less than professionally, I expect to be able to complain against him/her personally. Though an actual person is involved the context is not personal at all.
Is it possible for a disgruntled customer to Google Sigourney (or hire a PI, for that matter), find out all sorts of personal info, and, if the customer is crazy enough, do something nasty to her personally if he thinks that she is to blame for delay/denial/whatever? I suppose it is. Is this potential hazard serious enough to scrap all the norms of human and business communications? I would hope not.
It is not clear why the gentleman with a very unusual name had to resort to FOI to get the names of the people who handled his case at FSA in the first place. Had he just forgotten to write them down or does it say something about FSA's practices?
I expect a person I am dealing with to introduce himself/herself, which is just common politeness. I expect to be able to refer to him/her by name if the issue I am trying to resolve is referred to another person. I expect to get enough information to understand the area and the extent of the person's competence and/or authority. I expect any written communication to be signed with the name and the title of whoever wrote it. I do not need personal details such as the person's home address, FB login, or personal mobile number. I deal with him/her as a representative of the organization. Oh, and by the way, if he/she is, say, rude to me or otherwise behaves less than professionally, I expect to be able to complain against him/her personally. Though an actual person is involved the context is not personal at all.
I'm guessing you don't deal with government agencies very much then.
Try telling HMRC that you want the name of anyone who has done anything to your personal tax records (the very same tax records you are legally responsible for), and see how far you get.
No one is allowed to hold the jobsworths of this country to account, no matter how badly they do their jobs.
It's generally held (in guidance issued by the ICO) that the names of junior staff of public bodies are not to be released as a result of FOI requests. However, the names of senior staff can generally be released, due to the responsibility they hold, and an emphasis on transparency (i.e. they're sufficiently senior, therefore they are subject to more scrutiny).
You have a right to information about yourself, held by those bodies. You do not have a right, under law, to personally identifiable information from others.
If you make a call and the person identifies themselves, that is fine, ditto if they give you a business card. However their employer cannot give you their names, generally. They have to obtain written permission from those persons in order to release their names in your FOI request. They have to obtain permission, before they can put them as a contact on their website, for example!
I was once told that 90% of Chinese share just eight family names. The speculation was that this was a case of Darwinian selection, in the world's longest-running (almost) continuous civilisation. Those with unusual names were easier for the empire to trace and tax to the full. So they were poorer. So their mortality rate in the next famine was greater.
Perhaps we should all change our names to John Smith or suchlike, so that we may engage in internet commerce without having our easily identified "anonymous" data trafficked and tracked? How long before someone can prove that "John Smith" gets offered different (better? )prices than Sigourney Efidom for one's first purchase from a random etailer?
Is it still possible to open a bank account under a pseudonym, and to require and expect the bank to keep one's legal and legally required name strictly confidential?
the bank would probably detect that and inform the police
If you don't admit to your true name, yes. But it is not against the law to go by any name you choose if there is no intent to deceive. So what happens should you go to a bank and say that you'd like to open a bank account in a fairly common name by which you wish to be known to strangers, while showing them your passport in your legal name as required by law? (I'm assuming it would be illegal for a bank to sell on the fact that you have an account "Sigourney Whatever known as Susan Smith")
Companies do this all the time: XYZ ltd. trading as "Whatever we want to trade as today".
I had this argument with bank when they insisted I start using my (previously never used) first name on my bank account when I made the mistake of showing them my passport once for ID rather than my driver's licence. Pointing out to them I'd had my account for over 20 years in my preferred name (my second legal name) made no difference. Saying that all my tax records were in my preferred name was just as successful.
It doesn't matter that the law of the land says that you can call yourself Mickey Mouse if you like, without the intention to defraud. A bank can have whatever *policy* they choose in terms of what name they insist you use on your account. The bank's policy had "changed after 9/11 to stop money laundering" (what relevance that had to NZ escaped me).
So I closed my account that that bank, walked down the road to another bank and opened an account there using just my driver's licence as ID.
A marketeer calls your company looking to speak to the person responsible for buying XYZ product and the receptionist gives the caller the name of the person to speak with (an probably a contact number). Under this ruling, the receptionist would appear to have given what this appeals court considers personal information. Is the company then liable in the case of an action taken by the employee whose name has been disclosed?
As a business owner you call up your bank and ask to speak to your personal banker whom you have never met so don't recall the person's name and ask to be reminded. According to this ruling, that would appear to be personal information disclosed to you by the bank. Is the bank liable to the person whose name is being disclosed?
You call your Doctor's surgery to book an appointment and you are given a time and ask which doctor will see you. Is the practice liable for disclosing the name of the Doctor?
These scenarios seem very similar to the disclosure requested of the FSA. The obvious difference being that in the case of the FSA it does not want it's employees being harassed by a person who seems to have a grievance. But this difference does not seem to have influenced the judgement so I have to conclude that the ruling, in effect, makes it illegal for a company to disclose the name of any member of its staff even though it is (usually) a requirement that it does so if it is to continue to function.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
