Data Protection Legislation

[Slim]

I always thought data had to be personally identifiable to fall under DPA regulations. As nobody is required to submit their identity to register or contribute, it doesn't apply. That's my understanding anyway.

 

The forum still records personal information that can be used to identify the individual (email address, date of birth, ip address), so does fall under data protection legislation.

 

Best thing is to call the odpr, they're quite helpful.

[ans]

For example under the act I could write to the Chief Constable Manx Constabulary and DEMAND to check all electronic information they have on me for accuracy. It doesn't have to work the other way around so you can relax ans. 

 

I don't think I have any electronic information about the Chief Constable anyway.

 

Incidentally, I've actually had to go through that process recently when undergoing some vetting and I was pretty horrified to discover there's a serious error in the data they hold about me. Had to attend the station and talk to them about it and they agreed I was right but it does go to show that the DPA is there for the right reasons.

[ans]

The forum still records personal information that can be used to identify the individual (email address, date of birth, ip address), so does fall under data protection legislation.

 

I'm not trying to argue with you as you obviously know more about this than I do, but I don't understand why that information identifies someone. I know it's taking it to the extreme, but I could be browsing from an Internet cafe, using a brand new GMail account and filling in my birthday isn't compulsary (the date in my profile is wrong).

 

There's nothing that actually ties a unique individual to any user account.

[Slim]

http://www.gov.im/lib/docs/odps/referencen...rencenote25.pdf

 

Clear as mud

 

Emails identified fairly early on in that document as potentially personal data.

[P.K.]

I was pretty horrified to discover there's a serious error in the data they hold about me.

<{POST_SNAPBACK}>

Don't tell me they had you down as "GSOH" ? Heaven forbid.

[ans]

Slim, ta. What about my question at the top of the page?

[Slim]

There's nothing that actually ties a unique individual to any user account.

<{POST_SNAPBACK}>

 

As it says in the guidance notes, some email addresses can identify an individual. If someone registers with 'fredsmith@manx.net', that's now personal data.

 

Some folks have gone further, and posted pictures of themselves outside their houses, or used their name or initials as forum names.

[Rog]

The forum still records personal information that can be used to identify the individual (email address, date of birth, ip address), so does fall under data protection legislation.

.

<{POST_SNAPBACK}>

 

It's then a no-brainer.

 

The forum should be registered and all the safeguards relating to access should be in place.

 

The location of the server is mostly immaterial, the only effect of the use of an off-shore server would be that personal information stored on it should be encoded using strong encryption.

[Slim]

What actually governs which juristiction it falls under? The residency of the domain owner?

<{POST_SNAPBACK}>

 

Well, heh.

 

It depends. This is all imho and not legal advice or binding or anything...

 

But in the case of this forum, it's software licensed (I presume) to a local entity, on a server rented from an isp by a local entity. There's also (probably) going to be local backups of that personal data, and also records on a local computer somewhere of forum donators, which potentially contains financial data. Then there's nfernos accounts information/credid card stuff if applicable. There's a lot that would go under odpr that's not actually on the server that's out of the country.

[Slim]

The location of the server is mostly  immaterial, the only effect of the use of an off-shore server would be that personal information stored on it should be encoded using strong encryption.

 

That's not a requirement I've heard of. Certainl the forum isn't encrypted in any way. Why do you say that?

[ans]

It's then a no-brainer. 

 

I'll flag this topic up to Unisol as he doesn't always read everything.

[Rog]

Hence the need for strong encryption - or maybe a statement about who can access data stored by the Forum admin and under what circumstances.

 

In that way at registration time a potential member could decide if they were willing for what they were to lodge comprises of information that they are content to have the degree of exposure that it will have after registration.

[Rog]

The location of the server is mostly  immaterial, the only effect of the use of an off-shore server would be that personal information stored on it should be encoded using strong encryption.

 

That's not a requirement I've heard of. Certainl the forum isn't encrypted in any way. Why do you say that?

<{POST_SNAPBACK}>

 

Not so importamnt (if at all)about posts but very important about members details.

[Slim]

Not so importamnt (if at all)about posts but very important about members details.

<{POST_SNAPBACK}>

 

I don't get you. The forum's are, as pretty much all forums are, plain text. Are you talking about the files on the server? Why would you encrypt them?

 

Can you explain what on earth your on about?

[Rog]

Not so importamnt (if at all)about posts but very important about members details.

<{POST_SNAPBACK}>

 

I don't get you. The forum's are, as pretty much all forums are, plain text. Are you talking about the files on the server? Why would you encrypt them?

 

Can you explain what on earth your on about?

<{POST_SNAPBACK}>

 

The forum is actually a data-fill on a forum software load and comprises the posts and (presumably the version that you are using is normal) the details about the members in terms of E_Mail addresses, IP addresses etc.

 

Most public forums don’t bother with registration before gaining access to read posts and so they are in effect already in the public domain so no problem

 

But

 

As regards the ‘hidden’ information, this should be secure and so if an off shore server is being used then the security of that server should be assured, or the private data should be secured under strong encryption. If nothing else that is good practice.

 

The whole matter of registration under the DP act is an issue however.