26 June 2006
Mr John Tierney
National Postcodes Project Board
Originally Posted by seamus
I'm sorry, but that has to be a misquote or something that was misheard.
Following my presentation to the Board last April, I have recently had discussions with the Board’s consultants on the privacy/data protection implications of various postcodes options which are under consideration.
I very much welcome the opportunity to have these exchanges at this stage. My approach is to help the Board to arrive at a set of proposals which meet the public good objectives of the postcodes project without giving rise to privacy/data protection issues.
I have been asked to put in writing for the Board some of the key points that were raised in our discussions. I am happy to do so in this letter.
Personal privacy is important to Irish people. This was confirmed in a survey which this Office carried out last year, where it came second only to crime prevention in its relative importance to individuals.
Data Protection legislation is part of the overall legal framework in Ireland (and the EU) for the protection of personal privacy. The central theme of data protection legislation is that the individual, as part of their right to privacy, should control the use of information that is personal to them.
“Personal data” is defined in our legislation as data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller (a person who, either alone or with others, controls the contents and use of personal data). This definition of “personal data” is very broad and mirrors a similar broad definition in the EU Data Privacy Directive. Its precise meaning has to be considered in context and is not subject to any hard-and-fast rules.
In the Irish context, a person’s home address is an important part of their identity. In the case of a single-occupancy, owner-occupied dwelling, it is, in practice, a unique identifier. In the case of a family home, it typically identifies a small group of related individuals.
I suggest therefore that, for the purposes of postcodes planning, a single-unit residential address should be considered as being part of the “personal data” of the occupant(s). This would not apply to a commercial address. Neither would it apply to a typical apartment blockface containing many individual residential units.
Based on the considerations above, a postcode model which provided, in most cases, a 1 to 1 match between a postcode and a dwelling would raise significant privacy/data protection issues. It is a model I would have serious reservations about, if it were to be put forward as a formal policy proposal. In expressing such reservations, I would have regard to issues such as the potential for ready identification of sensitive information about individuals where postcodes were used for purposes other than mail delivery. Examples could include use of postcodes to identify patterns of crime or illness.
A postcode model that matched a postcode (with geo-location coordinates) to an area normally including say 20 – 50 dwellings should not give rise to privacy/data protection issues. Such an area could be a street, a district etc. It would not normally be possible to identify an individual from such a postcode without significant additional details. The risk to privacy therefore would be proportionate to what I assume are the public good aspects associated with a postcodes model.
I understand that, in the case of sparsely populated areas, it might be difficult to avoid a situation where a postcode area would in practice include only a small number of residential dwellings. Provided planning were based on keeping such cases to a minimum, I would also see this as a proportionate solution.
For the reasons outlined above, a public database of one-to-one postcodes would, in my opinion, give rise to serious privacy/data protection issues. Such issues should not arise in relation to a public database of area postcodes (with geo-location coordinates) typically covering 20-50 individual but unspecified addresses.
Such a public database of area postcodes would facilitate existing holders of customer databases (utilities, financial institutions, public authorities etc) who wished to apply the postcodes to these databases. It could also be available more generally (e.g. on a website) as a ‘look-up’ facility to allow individuals to enter an address known to them and be provided with the corresponding postcode. It would not be desirable that the public database be designed on an individual address basis, but rather on a street, district etc basis.
I have been asked to comment specifically on a scenario where a comprehensive national database, containing the addresses and geo-coordinates of individual properties, was developed under the aegis of a Postcode Authority on the basis that the database was not publicly available. My answer from a data protection/privacy perspective is that the manner in which such a database was developed, and the conditions of its use, should preferably be set out in law. This would facilitate a full debate on the public good that would be served by such a comprehensive database and the degree to which this would outweigh concerns about the threat to privacy that could result.
I should add, for the sake of completeness, that data protection issues only arise where the individual is not in control of the use etc of their personal data. If an individual were to consent to their address being put on a public database, in the full knowledge of how such a database would be used, then data protection/privacy issues would not arise.
I hope this information is helpful. I would be very happy to engage further with the Board if that would be helpful.
Data Protection Commissioner
(note the highlighted bit above - opostcodes can contain up to 50 properties nut the addresses of those properties are to have "unspecified addresses" - this means that nobody will know what addresses are in the postcode ..........confused??? - so will the courier be when he is trying to deliver your new google phone!!!)
Read the full report here
POSTCODES ANDDATA PROTECTION
re paying An Post €37 million
see para 3.3 bullet point 4
re adding a GPS coordinate to the code as an addition - this coordinate is to be the centre of the area of the code - i.e the centre of up to 50 properties - in non urban areas this could be the centre of a townland - probably in the middle of a field somewhere and absolutely of no benfit for GPS navigation. The coordinate will take a SatNav to the centre of up to 50 houses and then you have to work out which one is the one you want - i.e. the same as putting a townland name into your satnav now - that is of cousre if the SatNav manuafturers will bother paying the Dept of Communications for supporting the postcode in the first place.
see page 5-3
re the benefits to the CSO for statistics - a Small Area Code has already been created by the OSI and NUIM for Statistical Analysis instead of DED's and their recommendation that areas for statistics should not contain any less that 65 properties for privacy reasons and they recommend an additional GPS based postcode for navigation.
see para 7.4.1
re the proposed postcode being unable to solve the non unique addressing problem in Ireland which was one of the stated aims of the system to solve and it further goes on to say that the only way to solve this is to add road names and properties in non urban areas - thereby changing people's addresses and this also was clearly stated as something to be avoided in implementing the code.
See page D-1
where it states that in non urban areas a single postcode will cover a complete townland except in ceratin minimum circumstances - it seems to have been forgotten that 40% of our population lives in townland addressed areas. This therefore proposes to cover every property in a single townland with the same postcode - i.e. in the address the townland could then be omitted in favour of a six character code. Seems that they have taken no guidance from what happened in Northern Ireland since they introduced the Royal Mail Code there in the 70's and are trying to recover from it now - see here
It is clear that we are now to have a postcode which was designed on the single opinion of a Data Commissioner above.. even though the Geodirectory, the telephone book, the register of electors and the UK postcode already do without any repercussions what he says breaches EU privacy and data proetction laws - seems like a classic case of a second opinion would have been useful if it suited politically .........and perhaps it didn't suit as the Data Commissioner's opinion might have kept An Post onboard as new competition arriving with the deregualtion of the postal market would gain no advantage from the resulting postcode - this and a planned €37 million payment of course.
And then the Minister stood up in the Seanad and quoted a postcode with 10-20 houses, 20-40 properties and 20-50 properties - smoke screens why can't he just state the facts? (there is a difference between houses and properties and using houses as the reference allows a smaller figure to be quoted. However, if you are delivering mail you have to find the right one amongst all properties not just houses)
He also talked about developing a "data system" that is just as effective as GPS - so the consultants to the Minister for Communications in Ireland has developed an alternative to GPS - just as good and capable of guiding an ambulance to a field in the centre of a townland anywhere in Ireland - useful new technology to take over from GPS on the global markets!!!! (The not-so-smart economy perhaps)
Then he refers to the time taken to implement the code as being associated with "allocating addresses to houses" which seems to suggest putting names on roads and numbers on properties in rural areas. You can spot all the contradictions and the lack of understanding in the exchanges here
and not to mention the first official mention of an alternative to GPS - currently known as a "Data System" - and which does not breach people's privacy rights.
So now do you believe that what we are going to get as a postcode is worth 5 years of consultants reports and a minimum of €15 million to implement plus the €37 million peace offering to An Post???
Don't forget that in 2006 after the report referred to here, the then Minister stated that the recommended Postcode would be implemented by Jan 2008. In September last Year, Eamon Ryan said that it would be in place by 2011. But nothing has happend since and the latest statement was by the end of 2011 - if it happened then it would only be almost 4 years late!!!!
Thought people should see the full picture...............too much misinformed speculation!!!!