Full Disclosure

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <48DE79E5.8020205@zen.co.uk>, Peter Fairbrother
<zenadsl6186@zen.co.uk> writes

>Nicholas Bohm wrote:
>
>> 
>> ``Is the Phorm UUID personally identifiable data?''
>> 
>> I think it depends who is in possession of it.  When in the possession 
>> of someone who can link it to what is undoubtedly personally 
>> identifiable, then so is the UUID.
>
>But does whether a piece of data is personally identifying depend on who 
>has possession of it, and what other databases they have access to?

yes, from the very definition, see the DPA 1998

"personal data" means data which relate to a living individual who can
be identified--
   (a)  from those data, or
   (b)  from those data and other information which is in the possession
        of, or is likely to come into the possession of, the data
        controller,
   and includes any expression of opinion about the individual and any
   indication of the intentions of the data controller or any other
   person in respect of the individual;

>I don't see how it can - the first may be known, but the second can't be 
>- or is there a law which says if you have x piece of information, you 
>can't then get y piece of information, because y would make x personally 
>identifiable?

the law doesn't work that way -- it doesn't say you can't have personal
data, it just sets restrictions on handling it when you have it

>My brain hurts

IANAL either :)

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSN6ocZoAxkTY1oPiEQKxxwCdHtXX1b7nG8aBfYOxeSxlsDt8Z8UAoLC6
KPpH3NDyoDerSImsO8BVOmLL
=osJI
-----END PGP SIGNATURE-----