In previous posts, Datonomy has suggested a definition of informational privacy based on autonomy, in other words, the ability to control who has access to personal information, and for what reasons. This approach does not tell us, though, how we distinguish between different kinds of personal data; this distinction will obviously play a big part in which data we worry about other people having access to. And presumably we do worry about access to sensitive personal data, as defined in Directive 95/46/EC.

But what are sensitive data? What does sensitivity amount to? And do we get a better sense of that if we think of it as Cultural Identity data?

Identity is a concept that goes well beyond the instrumental sense we are accustomed to in our field, as in the Identity Card. Today, Identity is the way to talk about the key cultural meanings in an individual’s … Continue Reading ››
The Data Protection Commissioner in Malta has given his first decision, following a lively local dispute concerning the future of the premises of the Siggiewi Labour Party Club, which has since been handed over for use as a centre for the elderly.

From the article in The Times of Malta it's not entirely clear what the alleged breach consisted of, but the Commissioner dismissed the complaint anyway and it's plain that the matter has stirred up substantial interest: this news item has already attracted a number of readers' comments, both in English and in Maltese.
That's what the Information Commissioner's Office are trying to find out with the launch of a research project earlier this month aimed at building a business case for investing in proactive privacy protection.

According to "The Privacy by Design report" commissioned by the ICO in 2008, (available here), a major barrier to businesses investing in privacy-friendly systems and business processes is the absence of an effective business case for doing so. In other words, making sure an organisation has implemented necessary processes and procedures to protect privacy and the security of their data is perceived as an expensive exercise with little benefit. Perhaps that's why some organisations choose to assign data protection and privacy such a low priority, the logic being - why spend money now to implement safeguards when we can tackle issues if and when they arise?

Continue Reading ››
We recently posted that the German Government, in a reaction to several scandals regarding illegal trade with address lists, put forward a draft Amendment to the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) which aimed to abolish the so-called "list privilege" ("Listenprivileg").

Under this exception from the general consent requirement, certain personal data such as name, address and job title, if pooled in a list covering a group of people, may be used for a company's own marketing purposes and transferred to third parties for advertising and marketing without the specific prior consent of the customer.

What followed were months of hefty controversy between privacy advocates and interest groups; the latter claiming that such limitations on direct marketing would seriously harm whole industry sectors. Then, in virtually the last days before parliamentary recess in July 2009, the German Parliament (Bundestag) and the Upper Chamber … Continue Reading ››
Datonomy talks to Harry Taylor of Harry Taylor Consulting Ltd, an independent consulting actuary and management consultant with over 30 years commercial experience of insurance, pensions, investment and banking, about the FSA and data security:

It is clear the FSA are taking a tougher line on regulatory breaches with higher and more punishing fines.

As long ago as March 2009 the Financial Times reported on comments by FSA Chief Executive Hector Sants responding to accusations that the FSA has not been sufficiently tough on insider trading and other financial crimes. Mr Sants said: “There is a view that people are not frightened of the FSA. I can assure you that this is a view I am determined to correct. People should be very frightened of the FSA.” His comments came after the FSA faced heavy criticism for its scrutiny … Continue Reading ››
According to a letter from the Tribunals Service of 4 August 2009, an as-yet unspecified date in January 2010 has been fixed for the metamorphosis of the Information Tribunal into a First-tier Tribunal and an Upper Tribunal, thus implementing Part 1 of the Tribunals, Courts and Enforcement Act 2007.

The appellate functions of the Information Tribunal in relation to the Data Protection Act 1998 and Freedom of Information Act 2000 will both be transferred to this structure and assigned to chambers within the new tribunals. A new set of Tribunal Rules is expected later this year.

Indian cricket's governing body, the BCCI, has become the latest critic of the controversial "whereabouts rule" adopted by the World Anti-Doping Authority (WADA). As I described in my previous post, the rule requires all elite sports men and women to provide information about where they will be for an hour every day for the next 3 months, and has prompted a number of questions as to its proportionality.

Whilst other athletes and sporting bodies have tended to object first to the lack of freedom it affords them, perhaps citing privacy concerns second, it is notable that the main issue which the BCCI has focussed on is the security of its players. Cricket in India is perhaps the most fanatically supported of any sport in any country in the world, to the extent that star players reportedly consider their security, and even their … Continue Reading ››