I disagree actually, but perhaps we will take it offline if need be.
My point was not that anyone told me that my friend was on swissair, because as far as BA are concerned my friend and the swissair comment could be a complete invention.

The point is that the only reasonable grounds that BA have for refusing to answer my question is if the DPA applies, in which case it confirms that the person is on the flight.
This means that insisting DPA applies means Yes , otherwise No.
Therefore, we have the crazy situation that the only way they can truely protect the information about their passengers is to refuse to confirm or deny anyone being on the plane, even if they are not on it and hence not subject to the DPA.

Conclusion: Refusal to confirm or deny should infact be a company policy that ensures that they comply with the DPA requirements, even though it actually goes beyond the legal requirement.
They may well argue the same w.r.t. this thread's question namely that is not the DPA that prevents them from telling you, but the company policy that has been put in place to ensure compliance with DPA, because the DPA itself is logically incomplete in terms of being able to prevent someone drawing useful inferences.
If the policy is heavy handed and you can propose an alternative approach that still meets the needs, that would seem to me the right approach.

Hopeful back on thead now, sorry for the indulgence.

Sorry folks my previous note was in reply to Globaliser, not the posts directly before.