During the Christmas period most people invariably experience the sensation that, with hindsight, their credit cards have been exposed a little too much for their liking. According to a report in the Lancashire Evening Post this week (click here), consumers who use MBNA credit cards may have another reason to worry about their credit cards, aside from the usual fears about excessive Christmas spending. This is because the personal details of thousands of MBNA customers have apparently fallen into criminal hands after a Preston based contractor of MBNA had a laptop stolen with unsecured cardholder data stored on the machine.

The company confirmed that customer information had been "compromised" at one of their vendors earlier this month but claimed that stolen information did not contain any PIN numbers. Despite this, the fear is that criminals could use the data for identity theft, a … Continue Reading ››
The European Court of Justice ruling in Case C-202/09 Commission of the European Communities v Ireland slipped by at the end of November without Datonomy noting it. It's a very short ruling, in which the court dispensed with an Opinion from the Advocate General, and it contains no rocket science. According to the judgment on the Curia website,
"1 By its action, the Commission of the European Communities asks the Court to declare that, by failing to adopt the laws, regulations and administrative provisions necessary to comply with Directive 2006/24 ... on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC ... or in any event by failing to … Continue Reading ››
On Friday 18 December, a new piece of EU legislation affecting data protection was published on the Official Journal website: it's the neatly-named Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws. It's not an easy read: its 26 pages contain nearly 11 pages of recitals (76 of them in all) and four pages of annexes. To give you a flavour of its relevance to data protection issues, Datonomy quotes from the following recitals:
"(51) Directive 2002/58/EC (Directive on privacy … Continue Reading ››
Council Decision 2009/968/JHA of 30 November 2009 adopting the rules on the confidentiality of Europol information was published yesterday on the website of the Official Journal of the European Union. As the title suggests, it has some relevance to data protection. Article 10 refers to 'Basic protection level, classification levels and security packages' and reads, in relevant part:
"1. All information processed by or through Europol, with the exception of information which is expressly marked or is clearly recognisable as being public information, shall be subject to a basic protection level within Europol and in Member States.

2. In accordance with Article 3 [which imposes on Member States the responsibility to make sure that Europol information is protected to the level specified in these rules], Member States shall ensure the application of the … Continue Reading ››
Swift scholars are agog at the discovery of a manuscript apparently intended for Part Three of Gulliver’s Travels into Remote Nations, where Gulliver visits the Academy of Lagado. In the published version, the Academy houses an assortment of Utopians and Professors, including the Projectors (scientists) one of whom is conducting experiments to extract Sun-Beams from Cucumbers, to be stored in glass Vials, and let out to warm the air during raw inclement summers.

In the recently discovered manuscript, Gulliver also visits a Council of Negotiators at the Academy; the function of which is to promulgate Grand Edicts for the Harmonisation of the Universe, and the Protection of Mankind and all Creatures. He is accompanied by a Most High Official, a HORSE in the manner of the Emperor Caligula; and not a Houhynhym (See Part Four).

Gulliver is shown one such Edict, for the Protection of Mankind from the … Continue Reading ››
Datonomy has been reflecting on the danger of payment processing and the risk that faces both retailers and their customers at this time of goodwill to all men (and large, frequent card transactions). The Heartland payment systems security breach is almost a year ago now yet there is a danger that the lessons will be forgotten. Heartland had over 130 million credit and debit card details stolen by SQL injection – a relatively well-known code injection technique. Due to the nature of Heartland's business, 1,000s of small retailers were affected along with the larger players such as the 7-eleven chain.

Datonomy has been discussing the impact of data loss for retailers with its sister blog Fashionista-at-law. Retailers can be a particular target for computer hackers due to the sensitive customer information they carry. As well as payment data, retailers can potentially hold customers' address, … Continue Reading ››
Datonomy thought readers would be interested to learn of the ICO's latest consultation, which concerns a draft Personal information online code of practice, officially published on 9 December. The code offers practical guidance on the ICO's interpretation of the DataProtection Act principles as they apply to a number of practical technical issues - including the extent to which IP addresses can be "personal data", cookies, and the use of privacy settings. Another issue addressed is the collection of data from children and other vulnerable people, especially in a marketing context. Datonomy is pleased to see the ICO going further to tackle practical questions of interpreting the DPA, in a very user-friendly way. The ICO is also open to suggestions as to whether there are other questions the guidance should address.
In keeping with its online theme, the consultation is genuinely interactive as it allows responses … Continue Reading ››