Writing in The Guardian today (27 February), Jack Straw sets out to refute the claim that the Government is establishing a police state. Linking the data sharing proposals to the post 9/11 world he says " I do not pretend we've got everything right. We haven't. Take the data-sharing measures in the coroners and justice bill. Their aim is good, but parliamentary scrutiny has thrown up justificable concerns that the powers could be misused. it's not our intention but I agree, so we are acting to get a much better balance between data protection and access to services."

This is good news, even if the connection between the post 9/11 world and access to services is not entirely clear, unless it is a perhaps unintended recognition that data shared for the purposes of transformational government could be used too easily for national security purposes.

On the latter issue, … Continue Reading ››
PC World has just reported that the Federal Communications Commission is considering fining 600 operators for failing to file proper annual reports which demonstrate that they are adequately protecting customer data. At risk are telephone companies and VoIP (voice over internet protocol) providers that have yet to show that they have kept records of all instances when they disclosed customer information to a third party, plus reports on customer complaints they've received regarding unauthorized release of their information.  Fines of US$20,000 are available for operators that didn't file at all, or $10,000 for those that filed noncompliant reports. 
This morning's Telegraph reports ("Identity database accessed by town hall staff without justification") that the Customer Information System database, which is to be used as a model for the UK's proposed ID card scheme, has been accessed 33 times since 2006 by local authority employees without authority. Following these "serious security breaches" the Department for Work and Pensions, which runs the database, has threatened legal action against local authority staff who access information without "business justification".

For the record, this database currently contains a record of all persons who have a national insurance number, as well as other benefits and employment data held by the Department, which shares its data with agencies including councils, the courts and other government departments. According to the Department, the small number of breaches shows how well the system is working.
Computer Weekly reports that the British Computer Society (BCS) has added its voice to a growing chorus of concern about the data sharing provisions in the Coroners & Justice Bill (noted here by Datonomy) which is currently going through parliament. That venerable organisation is reported as having written to MPs that the Bill "drives a coach and horses through the Data Protection Act". In particular, paragraphs 152-154 and Schedule 18 of the Bill devalued the principle of informed consent and "severely curtailed" the independence of the Information Commissioner.

You can read the BSC's position on the Bill in full here.
28 January 2009 was the third annual Data Protection Day, it seems. Datonomy would have been embarrassed to confess that it missed the chance to celebrate this Red Letter occasion, were it not for the fact that almost everyone else seems to have missed it too. Nearly a month after the great day arrived, and passed, an internet search for the term "data protection day" notched up just 43 responses. Possibly a case of the date being too well-guarded a piece of data?
The Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision on the establishment of the European Criminal Records Information System (ECRIS) in application of Article 11 of Framework Decision 2008/…/JHA has just been posted on the Official Journal of the European Union website. There's nothing particularly revolutionary in the Opinion, which concludes that
"The EDPS supports the present proposal to establish ECRIS, provided that the observations made in this opinion are taken into account, which includes:

— the responsibility of the Commission for the common communication infrastructure should be clarified in the text for reasons of legal certainty,
— a provision should be added to the decision stating that Regulation 45/2001 shall apply to the processing of personal data under the responsibility of the Commission,
— in Article 6 reference must be made to a high level of data protection as a precondition … Continue Reading ››
When considering the balancing act between (i) the individual's right to enjoy the confidentiality of information concerning him, (ii) the public duty to disclose such data and (iii) the need to prevent or reduce the risk of breaches of public order if that information is imparted, yesterday's ruling of the Court of Justice of the European Communities in Case C‑552/07, Commune de Sausheim v Pierre Azelvandre, a reference for a preliminary ruling from from the Conseil d’État (France), is worth a quick glance.

This is not a classic set of data protection facts. Azelvandre asked the Commune de Sausheim to disclose to him, regarding the release of genetically modified organisms (GMOs) taking place within that commune, details that included the planting record for the parcel of land on which the GMOs were planted. The Commune was reluctant to do so since, once the … Continue Reading ››