RE: [Exim] Administrivia: Take down requests

Top Page
Delete this message
Reply to this message
Author: Ben Strawson
Date:  
To: frank
CC: 'Phil Chambers', 'Nigel Metheringham', exim-users
Subject: RE: [Exim] Administrivia: Take down requests
Frank S. Bernhardt wrote:

> Well, if it applies to log files on web servers, what about
> log files and system backups on intermediate servers? If h??
> posts went through several mail servers to reach the lists
> and they were logged or happend to get added to a backup
> tape, what happens then? Does each admin have to restore the
> backups and remove/obscure the information.


Sorry - couldn't answer that, but I guess they would be included. I
find the DPR site quite useful, especially the guidance notes
(http://www.dataprotection.gov.uk/dpr/dpdoc.nsf > Legal Guidance > Data
Protection Act 1998 : Legal Guidance) which makes the point I made (page
10 onwards). There is also some useful stuff under " > Compliance
Advice", including:

"19. WHAT IS THE POSITION IF I ONLY USE MY WEBSITE FOR DOMESTIC
PURPOSES?

Where personal data are processed only for an individual's personal,
family or household affairs, including recreational purposes, the data
are exempt from the Act's notification requirements and from the
requirements of the data protection principles. However, the Information
Commissioner retains her powers of investigation and enforcement to
determine whether the scope of the exemption has been exceeded, for
example because the site is also used for business purposes."

...from FAQ's - Web (Jul 01) in the Compliance Advice section. So you
may be able to claim an exemption under this - but once again, IANAL and
have never asked ours about this. It's also only the opinion of the
Information Commissioner - but the courts are the people who end up
really interpreting the mess of law we have been given ;-(

> This is just getting silly.


I never said the law made sense - as usual it's very general, and gets
silly when it has to be applied in the real world! In the end, showing
that you have reasonably tried to comply is usually enough to ensure you
don't get into too much trouble.

I should also add my thanks to Nigel; I find the archives (and site)
invaluable and access them almost daily to help answer queries. I'd
hate to see them disappear.

Ben.

> Ben Strawson wrote:
>
> > Phil Chambers wrote:
> > >
> > > Not having heard of a "Take down request" before, I
> assume that it
> > > is not a "request", but a demand and that it requires you
> to remove
> > > personal data relating to the relevant person.
> >
> > I think this person has got his terms mixed up - a "Take
> down request"
> > sounds like a DMCA thing, but that legislation is US only, and so
> > doesn't apply here. Either way, although their terminology
> is a bit
> > mixed up, I agree that they are probably within their rights to ask
> > for removal of information.
> >
> > I suppose you could argue - if they are in the US, they
> would have to
> > appoint people over here.
> >
> > > In this case, one assumes it to be any messages sent by
> that person.
> > > One wonders if it extends as far as replies which contain the
> > > typical "On Wed, 24 Apr 2002, xxxxxx wrote:" followed by the
> > > original message!
> >
> > The Act relates to "Personal Data" - that is data that can be
> > connected with a living individual in any way. For
> example, you would
> > have thought that log files on web servers with just IP addresses
> > wouldn't be covered. However, they are; an IP address can
> be used to
> > identify a computer on the Internet, and from there the
> individual can
> > be identified. So, a pattern of accesses to the site could be
> > connected to a unique, living, person, and hence the data
> falls under
> > the DPA. The fact that you'd need to ask the ISP to
> identify who has
> > the IP address is not an issue.
> >
> > So the answer is yes - attributions probably also count under this.
> >
> > BTW - IANAL, I only coordinate DPA policy within our company - with
> > the help of lawyers only when we need to approve policy etc.
> >
> > Ben.
> >
> >
> ----------------------------------------------------------------------
> > Ben Strawson
> ben.strawson@???
> > Good Technology                                       +44
> 20 7565 8725
> > 332B Ladbroke Grove, London, W10 5AH, UK
> www.goodtechnology.com

> >
> > --
> >
> > ## List details at
> http://www.exim.org/mailman/listinfo/exim-users
> > Exim details at http://www.exim.org/ ##
>
> --
>
> Regards
>
> Frank S. Bernhardt
> b.c.s.i.
> 14 Halton Court
> Markham, ON.
> L3P 6R3
>
> 905-471-1691 Voice
> 905-471-3016 FAX
>
> frank@???
>
>
>