a fun article: "Fifteen Ways to Lose Your Database" by Peter Mitteregger, European Vice President of CREDANT Technologies. The quick overview of the 15 ways is listed below. Before you read them, cover your screen. Then (i) see how many you can work out for yourself; (ii) once you've read the list, see how many you can add; (iii) see if you can spot the links between the ways of losing a database and the protection conferred by the data protection legislation.
"1. Employees able to access a database regardless of their need to do so, with sight of complete records including information that they do not necessarily need to see;
2. Unrestricted downloading of the database to removable media;
3. Employees able to print individual records, or even the full database, in hard copy format;
4. Employees able to access records, in … Continue Reading ››
On 18 August the European Parliament published its 230-page legislative report
: its full title is The Report on the proposal for a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation. The Parliament has published a provisional text of the proposal as adopted at this first-reading stage.
The Datonomy blog hopes to bring further information on the progress of this set of proposals as it unfolds.
From the Information Commissioner's Office comes news
that highly respected British retail chain Marks & Spencer has been reprimented for wrongly blaming the Data Protection Act for a customer relations malfunction. What happened was that a Marks & Spencer employee told the mother of a seven year old child that the store staff could not talk to her about the delivery of her son’s Superman suit because it would infringe his data protection rights. While it is right for any organisation to be careful before releasing personal information, this case demonstrates an absence of common sense. In the circumstances it was obvious that the seven year old child would not have ordered the Superman suit himself. Marks & Spencer was not being asked to release any personal information: it was simply being told that a belt was missing from the order.
In "Why self-deleting data may be the solution", Data Strategy
editor David Reed comes up with the appealing thought that now may be the time to invent self-deleting data. He writes:
"Records that automatically removed themselves from a database after a given period of time would answer some critical issues currently facing the data industry -- growing customer resistance to providing personal information, compliance with the Data Protection Act, even respecting individual Human Rights.
... consider the current debate over retention of DNA profiles of innocent people. The UK already has the largest DNA database in the world and the idea has even been floated of capturing genetic data on everybody at birth. Yet a citizen's inquiry set up by the Human Genetics Commission recently not only rejected universal coverage, but also urged that the innocent - and criminals with spent convictions - should have their profiles deleted. Instead of having … Continue Reading ››
In "Cloud computing takes hold despite privacy fears" Heather Havenstein (Computerworld) 09/15/2008 writes for Networkworld
that, although computer users are increasingly making use of 'cloud computing'
, availing themselves of web-based computer software applications packages and storage facilities, many have become increasingly concerned about the security of their personal data, according to a study released late last week from the Pew Internet & American Life
project. According to that study
* 69% of online users practised one or more forms of cloud computing;
* 56% use webmail services like Hotmail or Gmail;
* 34% store photos online;
* 29% use online applications like Google Document or Adobe Photoshop Express.
However, the convenience and ease of use has its downside too. According to a spokesman for Pew:
"Even as large numbers of users turn to 'cloud computing' applications, many may lack a … Continue Reading ››
Technology Update for the Third Quarter was released last week. The text is available as a pdf file here
. It contains, among other things, a short feature entitled "Increased inspection powers and higher notification fees?". The abstract is as follows:
"The Government has been consulting on changes which, if implemented, will impact all data controllers. These include proposals to increase the Information Commissioner's inspection powers and to introduce sliding scale notification fees. Organisations "opting-in" to good practice assessments would be given immunity from the new fines for data protection breaches, which are likely to be introduced next year".
If you would like to receive subsequent issues of this Update regularly, please email Marc Dautlich here
The Fair and Accurate Credit Transactions Act 2003 (FACTA
) lets consumers request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies (Equifax, Experian and TransUnion). In cooperation with the Federal Trade Commission, the three major credit reporting agencies set up the website, annualcreditreport.com, to provide free access to annual credit reports. This Act also contains provisions to help reduce identity theft, enabling individuals to place alerts on their credit histories if identity theft is suspected, making it more difficult to effect fraudulent applications for credit. Additionally this legislation requires secure disposal of consumer information.
Financial institutions face a mandatory deadline of 1 November 2008
by which they must comply with FACTA's Red Flag Rules
(for which see FACTA, ss 114 and 315). These rules apply to a broad list of businesses including … Continue Reading ››