Monthly Archives: March 2009

“This is England Robert; one expects to have privacy”. So says Ernestine to her brother in Elizabeth Bowen’s novel “The Heat of the Day”, published in 1949. Ernestine is reacting to the investigations and inquiries of potential purchasers of the family home. They are property owning middle-class, and the “one” is telling, but even so she was expressing a widely held view about privacy and England. George Orwell noted much the same thing in his war time essay “The Lion and The Unicorn: Socialism and the English Genius” (1941) where he emphasised “the addiction to hobbies and spare time occupations, the privateness of English life”. He thought that the liberty of the individual was still believed in, and that this meant the liberty to have a home of your own, to do what you like in your spare time, and choose your own amusements. “The … Continue Reading ››
The Times Online is one of many sources that broke the news this morning that an investigation has been launched after it was discovered that a mole is selling the expenses records of all Members of Parliament for £300,000. This follows the leakage of embarrassing details of Home Secretary Jacqui Smith’s expenses claim, which included pornographic films watched by her husband.

MPs are to be given the chance to edit receipts submitted to justify their expense claims before they are made public. Details that identify individual suppliers, as well as any items on bills not paid for by the taxpayer, can be blacked out by MPs during the next month, according to House of Commons officials. Says the report:
"MPs opposed to full publication of the receipts say that the information could be used to identify … Continue Reading ››
The Information Commissioner's Office (ICO) has opened a file on Google's controversial Street View 360 degree street level imagery facility, though it has not at this time taken an official position. A statement on the ICO's website currently reads:
"Google's Street View includes a facility which allows vehicle registration marks and faces to be blurred. Individuals who feel that an image does identify them (and are unhappy with this) should contact Google direct to get the image removed. Individuals who have raised concerns with Google about their image being included - and who do not think they have received a satisfactory response - can complain to the ICO".
No specific mention has at this stage been made of fears expressed in some quarters that the images stored on the Street View database may be used by local authorities … Continue Reading ››
Last week the European Commission published a set of Frequently asked questions relating to transfers of personal data from the EU/ EEA to third countries. This 54-page document consists of a detailed set of frequently-asked questions (FAQs) dealing with transfers of personal data from the European Union/European Economic Area to countries that belong to neither bloc, these being governed by Articles 25 and 26 of Data Protection Directive 95/46.

The Directive seeks to ensure that personal data lawfully processed within the shelter of the European zone stays safe even when it's transferred to third countries.
Computer Active reports that the Information Commissioner’s Office has taken enforcement action against the Camden Primary Care Trust (PCT) following a breach of the Data Protection Act. Nine computers in the London borough's PCT, containing a total of 2,500 names of individuals, together with their addresses and diagnoses of their medical conditions were left beside a skip inside the grounds of St Pancras Hospital in August 2008. According to the Office, the information was not encrypted and, while the computers in question were no longer in use, the data controller had not authorised their disposal and did not discover the incident for 13 days.
The Rowntree Trust Report on the Database State, available here, takes the debate on the database state to a new stage. While it is short on legal and political analysis, it does make a comprehensive listing of the number of large databases currently run by the Government and Public authorities. The report lists 46 major databases, and concludes that only 6 have a proper legal basis and are necessary and proportionate. Around 12 are taken to be illegal in the sense of breaching human rights or data protection law; the 46 databases are assessed according to a traffic light system, and this assessment and the other headline conclusions of the Report are set out in the useful Executive Summary.

The Report was made by the Foundation for Information Policy Research, and the authors include Ross Anderson and William Heath. The increasingly beleaguered Minister … Continue Reading ››
The Ponemon Institute has released its second annual study "Cost of a Data Breach". The results represent the cost estimates for activities resulting from actual data loss incidents in 2008.

According to the report, the total average costs of a data breach grew to £60 per record compromised (up from £47 in the 2007 report), with the total average costs per reporting company of more than £1.73 million per breach (up from £1.42 million in 2007).
Interestingly, the highest cost of data breach has been identified as the cost of lost business, which accounts for 53 percent of data breach costs. This is not hard to imagine, given that a £1.5 million contract with the Home Office was terminated when details on all (at the time) 84,000 prisoners in England and Wales were lost on a memory stick by a third party contractor.

Lost … Continue Reading ››