[k-mcgrady]

Sounds good to me. Following the authors login why make anything an offence? It doesn't stop people from doing it anyway.

It seems like this is intended to stop dodgy marketing companies re-identifying data not hackers. And there doesn't need to be some technical way to know if they've done it. Any company can do illegal stuff and get away with it. They don't because if they are caught (and all that takes is one employee to come forward - and making it an offence to knowingly handle that data makes that more likely) they are in a lot of trouble (in this case an unlimited fine).

Why can't researchers work with fake data sets? If my data has been anonymised I don't care who the person is, I don't want them re-identifying it. Maybe I'm not seeing the necessity for this, and, if it exists I'm sure when the final Act comes around there will be an exception for researchers. Seems like panic over nothing for now.