Information Age reports that businesses could be fined 10% of their revenue in respect of data protection breaches if the Information Commissioner’s Office gets its own way. According to the article the ICO is seeking a penalty that matches the maximum punishment the Financial Services Authority can impose on companies that breach financial regulations. This fine would be reserved for companies that commit serious and reckless breaches of the Data Protection Act, resulting in harm to individuals.
ENISA (the European Network and Information Security Agency) has published a 49-page report, Technology-Induced Challenges in Privacy and Data Protection in Europe (here) which analyses the problems presented by the latest information and communication technologies for privacy and data protection. Its 13 key recommendations propose, inter alia, an incentive system, backed by both the Commission itself and EU Member States, to motivate compliance with data protection laws; the system should include a package of tax incentives, connected to a certification scheme and sanctions for non-compliance.

ENISA also recommends that the Commission introduce a comprehensive security breach notification law, as well as privacy impact assessments by the industrial sector. A further recommendation is that the right of data subject access is re-framed within the existing legal framework ,to ensure that individuals can access the maximum amount of their personal data online, ideally at … Continue Reading ››
The online publication of the full contact details of British National Party activists (reported here by the BBC) has drawn an angry response from the party itself. BNP deputy leader Simon Darby has called this leak of personal data "an underhand political attack", saying an ex-employee was to blame. Party leader Nick Griffin has complained to Dyfed Powys Police, who are investigating. Others have commented with surprise that the BNP has been invoking the data protection legislation and the Human Rights Act 1998 in support of its complaint, since these are two pieces of legislation that the party has opposed and has proposed to repeal.

Perhaps the last word on the subject comes from a newspaper hoarding in Holborn, bearing the startling headline LONDON BNP MEMBERS EXPOSED
Organised by Sweet & Maxwell, "Data Protection and Privacy - The shifting landscape" is a one-day conference which will be held at the London offices of law firm Pinsent Masons. According to the conference brochure,
"The digital revolution is a double-edged sword. The ease of collection, storage and transfer of data has transformed our relationship with businesses and public bodies. We want to access information in an instant. We expect ever greater degrees of personalisation in our dealings with organisations. We expect global service from business. We demand efficiency in public services.

Yet we also expect our privacy to be protected – and recent high-profile lapses of security have shown just how vulnerable personal data is. Consumers voice concerns about the vulnerability of personal data once it leaves the UK. Businesses and public bodies are struggling to keep up with the pace of change. Is the law on data … Continue Reading ››
The Official Journal of the European Union has now published online a new codified version of Council Regulation (Euratom, EEC) No 1588/90 of 11 June 1990 on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities. The codified version is now Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council of 22 October 2008 on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities. You can read the full text here.
Radio Netherlands Worldwide's English news service reports that the Dutch Data Protection Authority has criticised hospitals for being careless with patients' computer records. This criticism follows an inspection of 20 hospitals, not a single one of which was found to have adequate data security. The Authority blames hospital management. Apparently entire departments were using the same login name and password and, in many hospitals, computers were left running so that anyone could access the system if no member of staff was nearby. Remarkably a similar inspection four years ago produced the same results.