Nameless data can still be personal

[Peter Tomlinson]

Andrew Cormack wrote:
>> Certainly in the case of bus passes the bus operator can visually
>> read
>> the name of the pass holder off the face of the pass, but in my
>> view is
>> not allowed to use that in association with the transaction
>> messages -
>> if a fraudulent transction is suspected, the bus operator should
>> contact
>> the pass issuer and advise them of a suspicious transaction, and I
>> see
>> one of two ways to do that:
>>
>> - inspect the pass visually and write down the name and serial
>> number,
>> then submit a paper report
>>
>> - without recording the name of the pass holder, create an
>> additional
>> transaction message reporting a suspicious use of the pass (and
>> referencing the serial number read electronically).
>>     
> Agreed. And I'd very much hope that the contract between the pass issuer
> and the bus operator states which one applies, otherwise the bus
> operator would seem to be getting close to the line of working only
> under the direction of the data controller, and thereby becomine a data
> controller themselves.
The problem with the English bus passes is that there are many pass 
issuers (local authorities acting as Travel Concession Authorities), 
each of which [1] has contracts only with the operators based in their 
area [2], but the bus passes can be used all over England... Anyway, the 
ICO was alerted and took a hand in this, ensuring that it was made very 
plain to the LAs that in the dataset in the chip in the pass they must 
not populate the fields defined for personal data (the data elements are 
name, date of birth and gender). How reporting suspicious use is to be 
handled I suspect (sic) has not been looked at.

Peter

[1] Sometimes a group of adjacent LAs forms a common TCA

[2] Large bus operating groups actually operate as a network of local 
operating companies.