The latest UK health trust to fall foul of data protection norms is the Cambridge University Hospital NHS Foundation Trust, which is responsible for the world-famous Addenbrooke's Hospital. According to the BBC, a memory stick with medical treatment details of 741 patients went missing. The stick, which was privately owned, was discovered by a car wash attendant who, having accessed the contents, was able to establish ownership and return it to the Trust.

The Information Commissioners Office said that the Trust reported the loss of an unencrypted memory stick containing treatment details "after a member of staff left it in an unattended vehicle" towards the end of last year. According to a spokesman for Addenbrooke's Hospital:
"Following an investigation, it became clear that the information contained on the memory stick was only looked at by the car … Continue Reading ››
The Government's latest proposals on retention of Internet and telephone data have come as a pleasant surprise to privacy advocates – despite being even more far-reaching than the unpopular EU Data Retention Directive which has only just been fully transposed into UK law. Then again, they had been fearing something much, much worse…

What's new?

After almost a year of press speculation about the possible introduction of a centralised database to capture all phone and Internet traffic data for investigatory purposes, headline writers appeared to let out a collective sigh of relief this week: "Smith drops plans for state web database" (Financial Times 28/4) and "Home Secretary rules out state-run super database" (The Guardian 28/4). Human rights champion Liberty was so delighted that it issued a press release of its own, hailing a "Home Office U-turn on the super Big … Continue Reading ››
Geocast TV has recently produced a number of IT video debates in partnership with the British Computer Society (BCS). These debates cover current issues in the IT sector and are chaired by the managing editor of the BCS, with the participation of guests who represent leading figures from whithin the IT sector.

One of these debates is on data security and public confidence. You can access the video (which lasts 7 minutes and 16 seconds) and read the BCS's blurb for it here. Further details may be obtained from Geocast's Kirk Friis.
According to the Curia Diary, the Court of Justice of the European Communities is scheduled to give its ruling in Case C-553/07 College van burgemeester en wethouders van Rotterdam v M.E.E. Rijkeboer, a reference for a preliminary ruling from the Dutch Raad van State, on Thursday 7 May. To refresh readers' memories, the question referred is this:
"Is the restriction, provided for in the Netherlands Law on local-authority personal records, on the communication of data to one year prior to the relevant request compatible with Article 12(a) of Directive 95/46 ... on the protection of individuals with regard to the processing of personal data and on the free movement of such data, whether or not read in conjunction with Article 6(1)(e) of that directive and the principle of proportionality?".
Datonomy post on the Advocate General's Opinion here
The advice issued by the ICO on Street View is interesting and symptomatic, in my view, of some underlying difficulties (see my previous post). It has never been clear to me whether the IC is saying, in this type of advice – when in difficulty with the balancing tests required by the rules apply common sense; or whether – when the outcome is likely to be unsatisfactory either way, forget about the rules and apply common sense instead. Clearly it would be an odd thing for the Regulator to admit, even implicitly, that there are some circumstances where you must forget about the data protection rules and use some other method to arrive at a decision.

The IC is also using common sense in another sense in this advice, by saying that it must be the sense of the new world and not the old one. Thus “It is … Continue Reading ››
The Information Commissioner's Office issued this statement yesterday concerning Google's controversial Street View service:
"Common sense on Street View must prevail, says the ICO
The Information Commissioner’s Office (ICO) has published new advice on Google Street View in response to a complaint from Privacy International.
David Evans, Senior Data Protection Practice Manager said: “As a regulator we take a pragmatic and common sense approach. Any images of people’s faces or number plates should be blurred. We emphasised the importance of blurring these images to protect people’s privacy and limit privacy intrusion. Google must respond quickly to deletion requests and complaints as it is doing at the moment. We will be watching closely to make sure this continues to be achieved in practice.
“However, it is important to highlight that putting images of people on Google Street View is … Continue Reading ››
On Wednesday I attended the first morning of this year's conference of BILETA (the British and Irish Law, Education and Technology Association) which was held at the University of Winchester.  One of the parallel sessions, Privacy I, featured three papers that were of great interest to anyone concerned with data protection. They were
* "The end of the purpose-specification principle in data protection?" by Joseph A. Cannataci and Jeanne Pia Mufsud Bonnici from the University of Malta. This paper reviews, among other things, the manifestation of the principle of "let's collect the data first, then think what we can do with it" and the current state of debate;

* "The European debate on IP addresses -- using a hammer to drive a screw?" by the Leuven-based team of Eleni Kosta, Lexi Pimenidis and Jos … Continue Reading ››