ISNI Data Policy
ISO 27729 International Standard Name Identifier; ISNI International Agency
It is a legal requirement for ISNI to comply with the U.K. Data Protection Act, 1998.
1. General data protection principles
ISNI keeps certain information about data subjects. To comply with the law, any personal data must be:
obtained fairly and lawfully and shall not be processed unless certain conditions are met;
obtained for specified and lawful purposes and not further processed in a manner
incompatible with that purpose;
adequate, relevant and not excessive;
accurate and up to date;
kept for no longer than necessary;
processed in accordance with data subjects’ rights;
protected by appropriate security.
2. Collection and registration of data
The mission of the ISNI International Authority (ISNI-IA) is to assign to the public name(s) of a researcher, inventor, writer, artist, performer, publisher, etc. a persistent unique identifier in the form of a number and a check digit in order to resolve the problem of name ambiguity in search and discovery; and diffuse each assigned ISNI across all repertoires in the global supply chain so that every published work can be unambiguously attributed to its creator wherever that work is described. ISNI holds public records of over 8.3 million identities. The ISNI database is a cross-domain resource, contributed to by 29 institutions and databases, and 40 major national and research libraries.
The contractual framework between ISNI and its data contributors ensures that each individual author or each database producer of each database incorporated in ISNI has authorised the acquirement of a copy of each individual database by ISNI. The contractual relationship for ISNI data contributors ensures that either the information is already in the public domain or these have consent from the authors and publishers whose information they are using.
The institution requesting ISNIs warrants that it is done with the consent of the individuals/institutions to which the ISNIs are assigned.
3. Correction/updating of information
Data subjects are encouraged to correct and update the information contained in the ISNI database. They are also invited to express their views and decide on the use of their data contained in the ISNI database.
The ISNI database receives data feeds from numerous sources, which are listed here. The ISNI Data Quality document outlines the interacting roles of the ISNI data contributors, ISNI Assignment Agency and ISNI Quality Team in maximizing quality in the ISNI database.
Because of the large number of records in the ISNI database, the following policies for corrections and updates have been put into place:
Concerning data that is loaded by batch to the database, matching accuracy and data accuracy level of 95% is acceptable.
Following acceptance of the matched data, reviews of unmatched data will be undertaken to identify where single sources, such as these data, are sufficiently unique in the system, ensuring that they will not generate large amounts of duplicate assignments.
Birth and death dates will be suppressed on request.
All pseudonym and real names as public identities (where detected) will be given separate inter-linked records. The display of links will be suppressed on request.
4. Security of processing
ISNI ensures (i) that the integrity of the personal data is validated; (ii) the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data; and (iii) the restoration of the availability and access to data in a timely manner in the event of a physical or technical incident.
ISNI ensures protection of the data subjects against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Upon request, the data subject has the right to know the recipients to whom the personal data are to be or have been disclosed, including to recipients in third countries, and whether his/her personal data has been disclosed to a public authority at the authority's request.
5. Cancellation/Deletion of an ISNI
ISNI shall respond to requests from the data subject within a reasonable period of time.
Upon request from the data subject, ISNI will delete the personal data, without undue delay, and notify each data subject of its deletion, unless this proves impossible or involves a disproportionate effort.
Where ISNI has made the personal data public without a justification, it shall take all reasonable steps to have the data erased, including by third parties. ISNI shall inform the data subject, where possible, of the action taken by the relevant third parties.
In certain cases, ISNI can preserve the ISNI identifier for documentation purposes provided that ISNI needs to maintain the ISNI identifier/personal data for purposes of proof.
ISNI data contributors may request that their data be removed from the database. Except where the actual data subject has requested complete removal of his or her ISNI, removal of data by any one ISNI data source will not result in the de-assignment of an ISNI. All data from a contributing source may be removed, including the direct URI link to the source’s database, with the exception of ISNI core metadata including the name, name variants, creation class, creation role and in the case of organisation, location.
6. Notification of data held
Upon request, data subjects concerned are entitled to know:
what personal information ISNI holds about them and the purpose for which it is used;
how to gain access to it;
what ISNI is doing to comply with its legal obligations.
This information is available from the ISNI data protection coordinator.
7. Applicability and applicable law
This Policy applies, no matter whether the processing takes place in the European Union or not. This Policy is governed by the laws of England and Wales.
The ISNI Privacy Statement for end users can be found here.
9. Handling of requests from those who have been assigned an ISNI
In late 2012, the ability for the public to make comments and add information was made available in the public view of the ISNI database. The information provided is stored in a non-displayable field that generates a nightly alert to the ISNI Quality Team. If an e-mail address is supplied, a personal response is made in addition to any enhancements and corrections as a result of the input. Data subjects are using this method for requesting enriched information to be added to their record, to request merges and to correct errors and to request the suppression of information. ISNI strives to respond to such input in a timely manner, usually within 7 days.
10. Data controller information and filing of complaints
The ISNI-IA acts as the authority responsible for the supervision of the processing activities of ISNI.
To ensure the implementation of this policy, ISNI has designated Andrew MacEwan, Head of Content & Metadata Processing at the British Library, as ISNI’s data protection coordinator. Enquiries relating to the holding of personal data should be addressed to Mr. MacEwan in the first instance.
ISNI is registered with the Information Commissioner’s Office (ICO) in the United Kingdom.
Any concerns should be raised with ISNI in the first instance. If ISNI has been unable, or unwilling, to resolve these concerns, these can be raised with the U.K. ICO