GSM technology allows its users to determine the geographical position of the user of a mobile handset with a precision of between a few hundred yards and just a couple of yards. Individualised services using these location data of a GSM cell phone can be very useful, e.g., in assisting you to find the next restaurant of your choice, a fancy bar or a particular shop in a new town. Location-based services, however, can also be a high risk to privacy and data protection, in particular if somebody else tracks a cell phone without the user knowing it.

Under German telecommunications law, location data "collected or used in a telecommunications network" (i.e., cell tower data or Wi-Fi data) can only be processed and used for value added services if they are made anonymous or if this is done with the consent of … Continue Reading ››
Also published online on the Official Journal of the European Union website this morning is the Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on standards of quality and safety of human organs intended for transplantation. The conclusion of the EDPS is as follows:
"45. The EDPS has noted the initiative to ensure high standards of quality and safety for human organs intended for transplantation, which can be seen as part of the overall EC approach towards setting common standards to promote cross-border availability of healthcare services across Europe.

46. The proposal has already considered the data protection needs arising for the donors and the recipients of organs, especially with regard to the requirement for keeping their identities confidential. The EDPS regrets however … Continue Reading ››
Appearing online this morning on the Official Journal of the European Union website is the Opinion of the European Data Protection Supervisor on the Recommendation for a Council Regulation amending Regulation (EC) No 2533/98 of 23 November 1998 concerning the collection of statistical information by the European Central Bank. The conclusion of the EDPS is as follows:
"30. The EDPS notes the willingness to improve the exchange of statistical information between the ESS [Eurostat] and the ESCB [the European System of Central Banks] and the access for research purposes. Although it is welcome that such exchange and access may take place while ensuring strict confidentiality of the data, some clarifications are needed as regards the terminology used and the concepts covered by such exchange and access.

31. The EDPS has the following comments regarding the … Continue Reading ››
This is a short poem by Robert Frost, called " A Mood Apart":

Once down on my knees to growing plants
I prodded the earth with a lazy tool
In time with a medley of sotto chants;
But becoming aware of some boys from school
Who had stopped outside the fence to spy,
I stopped my song and almost heart,
For any eye is an evil eye
That looks in onto a mood apart.

In many ways the poem works as a touchstone for remembering why we have reason to fear being watched without our knowing, which we tend to lose sight of, and get drowned out by the nothing to fear nothing to lose lobby.

In the poem the narrator has withdrawn into a state of peaceful activity that has the quality of a daydream or reverie. While he is … Continue Reading ››
Computer Weekly, reporting on the Information Commissioner's Office finding that Ipswich doctor Paul Thomas had breached the Data Protection Act by failing to secure a computer containing patient information, gives a link to the undertaking that Dr Thomas was required to sign. This undertaking is a pledge to keep personal information secure in the future.

Datonomy wonders how many readers will feel slightly uncomfortable about this, since the undertaking contains the full details of the doctor's address which might just tempt a disgruntled or malevolent patient to hurl a brick through the window of the premises from which he practises.
It is all very well receiving a data breach notification, but what can you do with it to eliminate or mitigate damage of a data loss or resultant identity theft?

Another data breach yesterday ...

Consumers have various avenues open to them to investigate whether they have been directly affected by a data breach. They may firstly obtain a credit report from a credit reference agency to identify any unusual activity or credit taken in their name illegally. This is a statutory right and should cost only £2. Identity thefts may also be reported to the police, and a crime reference number obtained. Consumers may also put a freeze on their bank accounts, or notify the fraud prevention teams at their bank to be on alert for suspicious activity.

Consumers may also register with the CIFASContinue Reading ››
The BBC reports today on the Conservative promise of huge cost savings for the National Health Service, achieved by scrapping the current plans for a central database of patient records. In place of the intended mega-database the Conservatives offer
* storage of electronic medical notes locally by general medical practitioners and hospitals, with patients having online access to their medical records;
* hosting by Google or Microsoft;
* each patient would have a username and password and could update his or records by adding, for example, information on blood pressure and cholesterol levels;
* a choice for each NHS trust of the computer system it uses.
Predictably the the government has argued that the Conservatives' plans raise concerns about patient confidentiality.

Datonomy is unhappy both with the present plans and with the alternative. Given the woeful record of the … Continue Reading ››