Nameless data can still be personal

Joel Harrison ukcrypto at chiark.greenend.org.uk
Sun, 9 Nov 2008 12:34:21 +0000 

On 9 Nov 2008, at 12:15, Peter Tomlinson <pwt@iosis.co.uk> wrote:

> Andrew Cormack wrote:
>> Incidentally *anyone* who controls personal data is a data  
>> controller:
>> there doesn't have to be just one DC for each item of personal  
>> data. So
>> if personal data escapes from its original controller, in a form that
>> makes it still personal, then as far as I can see the recipient is a
>> data controller too.
> Data processor, I believe.
>
In the situation to which I think Andrew was referring, the recipient  
would be a controller. A processor is one who processes data on behalf  
of, and on the instructions of, a controller.


> Which is why it is essential that bus passes for the elderly and  
> disabled don't have personal data stored in the clear in the  
> entitlement dataset in the chip in the pass, even though the fixed  
> format dataset definition includes fields for some personal data -  
> the bus that can and does read the chip [1] has to read the entire  
> dataset in order to verify the digital signature created from the  
> whole dataset, and thus the bus operator becomes not a data  
> controller but a data processor. You can't have every LA having  
> contracts with every bus operator, and anyway the test of necessity  
> comes in: it is not necessary for the bus operator (or anyone else  
> reading that part of the chip) to have that data in the pass  
> dataset, because the bus pass serial number can always be used by  
> those authorised to track back to the pass holder. Other datasets in  
> the chip (e.g. local authority functions) that may need to hold  
> personal data have to be separately protected so that the data can  
> only be accessed by authorised persons.
>
> Peter
>
> [1] Blackpool and much of Lancs and Cumbria, parts of Cheshire, and  
> a slowly growing number of other places in England. Also growing  
> numbers of buses in Scotland, and soon similar in Wales. Not London  
> for a while yet - its not compatible with the current Oyster  
> infrastructure.
>
>
>
>
>