Wedding vendor goes ballistic.

desertcircus wrote: »

This is meaningless whataboutery. Either it's true, in which case it is a data protection breach, or it's false, in which case it's defamation. The person was identified, the specific details of their contract were detailed; there's no defence of honest opinion that I can see here, and no claim that the information, if true, does not constitute data.

Frynge wrote: »

"This bride signed a contract on the 13th of June 2015. She is having a meal and a wedding here at the castle. Her total price for 52 guests is 2,196. This is a four-hour hire with the use of the Lundie Hall for a drinks reception. The original down payment was 1,096. We waived it to 700 because she could not afford the down payment."

Nothing in that statement could have been used to identify the bride other than the fact it was said to her on a public forum.

desertcircus wrote: »

Do you have any source for this claim? That would be an absolutely insane legal situation. By that logic, if someone were to post on Facebook saying that their internet service provider was frustratingly slow, it would be no breach of data protection law if the ISP were to respond by publishing the person's full browser history.

desertcircus wrote: »

And can you please give an explanation for why you think the customer information leaked by the company doesn't count as personal data?

Frynge wrote: »

I really wouldn't have the required knowledge or expertise but that would be my take on things and I may be wrong.

Frynge wrote: »

Yes. All this is just my opinion.

"personal data" means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller;

A similar definition is contained in the
EU Data Protection Directive (95/46/EC)
:
"personal data" shall mean any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

The definition is – deliberately - a very broad one. In principle, it covers any information that relates to an identifiable, living individual. However, it needs to be borne in mind that data may become personal from information that could likely come into the possession of a data controller.

esforum wrote: »

I said calling someone poor is not a breach. Thats what I said, nothing more.

the concept of personal data includes any sort of statements about a person. It covers "objective" information, such as the presence of a certain substance in one's blood. It also includes "subjective" information, opinions or assessments. This latter sort of statements make up a considerable share of personal data processing in sectors such as banking, for the assessment of the reliability of borrowers ("Titius is a reliable borrower"), in insurance ("Titius is not expected to die soon") or in employment ("Titius is a good worker and merits promotion").
For information to be 'personal data', it is not necessary that it be true or proven. In fact, data protection rules already envisage the possibility that information is incorrect and provide for a right of the data subject to access that information and to challenge it through appropriate remedies5-

esforum wrote: »

AND Graham AND

it can only be WITH A or B, not standalone

esforum wrote: »

Graham, why are you fixated with the working group?