[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]

Subject: RE: [uk-netmarketing] Data Protection Act
From: Alex Chapman
Date: Mon, 22 Jan 2001 17:36:57 -0000


The legal position on all this is tricky - the most difficult bit is the
fact that the rules are very much open to interpretation. It is also
confused by the terms - data Controller, data processor etc.

So I will start with the absolute basic prerequisite.

If you collect or use data relating to people (names, e-mails, phone
numbers etc) get yourself registered with the data protection registrar -
it costs about 75quid and is very simple.

Virtually every business should do so, as virtually all collect and use
data referring to living people (whether as a client database, phone book
on excel or part of a piece of marketing software).

Next you need to decide whether you have the right to have the data and use

Data falls into 2 main categories - personal data and sensitive personal

Personal data will include name, address, email, age etc.
to use personal data you need
the subject's consent; OR
processing to be necessary:
for performance of a contract with the individual; OR
under a legal obligation; OR
to protect the vital interests of the individual; OR
to carry out public functions; OR
to pursue your legitimate interests or those of a third party (unless it
could prejudice the interests of the subject).

Sensitive Personal data will include race, religion, sexual preference,
politics etc.
to use Sensitive Personal data strict conditions apply, including:
explicit consent of the subject; OR
being required by law to process the data for employment purposes; OR
the need to do so to protect the vital interests of the subject or another;
dealing with the administration of justice or legal proceedings.

This doesn't answer the main question - what if a friend gives the email
address to you.

Well in that case you should go back to the start.

Is it personal data (most email addresses probably are - though the old
CompuServe type i.e. 123456789@compuserve probably are not).

Next is it sensitive? - It is very hard to see how they can be and though
tonyblairatlabourparty [dot] org might be an example of emails that need some

So with emails we are really talking about personal data. Therefore is your
use consented to, or is it necessary? Again this is open to interpretation.

My professional view is that you should all adopt a policy of best
practice. In this you can acknowledge the law is ambiguous but that you are
doing all you can to work within it. In particular you can provide
individuals with the ability to notify you if they are unhappy with your
use of their data - thus reducing the risks to you and your business.

I will deal with Direct Marketing per se in another submission.

All the best


Alex Chapman
Business Design Centre
N1 0QH

t: 020 7288 6003
f: 020 7288 6004
d: 020 7288 6076

e: alexatbriffa [dot] com

-----Original Message-----
From: Sam Michel [SMTP:samatchinwag [dot] com]
Sent: 22 January 2001 12:09
To: uk-netmarketing from chinwag
Subject: [uk-netmarketing] Data Protection Act

Mornin' all...

Following on from this discussion...I was watching the Mark Thomas Product
couple of weeks back when he concentrated on CCTV, the Data Protection Act
and individual's rights to ask for footage from cameras. See:


Perhaps you can help me out on this one. I asked the people I watched the
show with, and friends/collegaues/passers-by if anyone has ever been
prosecuted or even warned about the Data Protection Act?

[Sam says: msg chopped]

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]