G'day Zero,Speaking from general IT knowleddge (I'm in Australia, and don't know the UK's rules specifically), generally acts like the DPA cover data held in "information systems" which can be organised filing cabinets. The key is that the data is held in a way that it can be processed. Emails in someone's personal mail account, and references to you in letters filed under the sender's name should not count as data about you held by the organisation – otherwise it becomes an impossible burden. Reply
DavidP The ICO produce a good guide on how to determine what is 'personal data' and therefore covered by the DPA. Although there are several criteria to be met, basically it is any data from which I can be idnetified as an individual and includes emails, whether live or on an archive or back-up system. Reply