In "Mandatory reporting of missing laptop data considered" Conor Lally, writing in the Irish Times today, reports that the Irish Minister for Justice Dermot Ahern is considering introducing mandatory reporting when personal data goes missing on stolen or lost laptop computers and other devices. The proposed legislation would apply not only to Government departments but also to all other State agencies, as well as banks and other entities.

The Ahern proposal is an attempt to restore confidence following the revelation that some 35 Government devices containing the personal data of members of the public have been lost or stolen this year. The loss of any such device would be reported to the Data Protection Commissioner; in major cases the public would be informed too.

Although Ireland's data protection laws comply with European standards, only three Government departments have fully encrypted their devices. … Continue Reading ››
Here's a fun article: "Fifteen Ways to Lose Your Database" by Peter Mitteregger, European Vice President of CREDANT Technologies. The quick overview of the 15 ways is listed below. Before you read them, cover your screen. Then (i) see how many you can work out for yourself; (ii) once you've read the list, see how many you can add; (iii) see if you can spot the links between the ways of losing a database and the protection conferred by the data protection legislation.
"1. Employees able to access a database regardless of their need to do so, with sight of complete records including information that they do not necessarily need to see;
2. Unrestricted downloading of the database to removable media;
3. Employees able to print individual records, or even the full database, in hard copy format;
4. Employees able to access records, in … Continue Reading ››
On 18 August the European Parliament published its 230-page legislative report: its full title is The Report on the proposal for a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation. The Parliament has published a provisional text of the proposal as adopted at this first-reading stage.

The Datonomy blog hopes to bring further information on the progress of this set of proposals as it unfolds.
From the Information Commissioner's Office comes news that highly respected British retail chain Marks & Spencer has been reprimented for wrongly blaming the Data Protection Act for a customer relations malfunction. What happened was that a Marks & Spencer employee told the mother of a seven year old child that the store staff could not talk to her about the delivery of her son’s Superman suit because it would infringe his data protection rights. While it is right for any organisation to be careful before releasing personal information, this case demonstrates an absence of common sense. In the circumstances it was obvious that the seven year old child would not have ordered the Superman suit himself. Marks & Spencer was not being asked to release any personal information: it was simply being told that a belt was missing from the order.
In "Why self-deleting data may be the solution", Data Strategy editor David Reed comes up with the appealing thought that now may be the time to invent self-deleting data. He writes:

"Records that automatically removed themselves from a database after a given period of time would answer some critical issues currently facing the data industry -- growing customer resistance to providing personal information, compliance with the Data Protection Act, even respecting individual Human Rights.

... consider the current debate over retention of DNA profiles of innocent people. The UK already has the largest DNA database in the world and the idea has even been floated of capturing genetic data on everybody at birth. Yet a citizen's inquiry set up by the Human Genetics Commission recently not only rejected universal coverage, but also urged that the innocent - and criminals with spent convictions - should have their profiles deleted. Instead of having … Continue Reading ››

In "Cloud computing takes hold despite privacy fears" Heather Havenstein (Computerworld) 09/15/2008 writes for Networkworld that, although computer users are increasingly making use of 'cloud computing', availing themselves of web-based computer software applications packages and storage facilities, many have become increasingly concerned about the security of their personal data, according to a study released late last week from the Pew Internet & American Life project. According to that study
* 69% of online users practised one or more forms of cloud computing;
* 56% use webmail services like Hotmail or Gmail;
* 34% store photos online;
* 29% use online applications like Google Document or Adobe Photoshop Express.

However, the convenience and ease of use has its downside too. According to a spokesman for Pew:
"Even as large numbers of users turn to 'cloud computing' applications, many may lack a … Continue Reading ››
The Olswang Technology Update for the Third Quarter was released last week. The text is available as a pdf file here. It contains, among other things, a short feature entitled "Increased inspection powers and higher notification fees?". The abstract is as follows:
"The Government has been consulting on changes which, if implemented, will impact all data controllers. These include proposals to increase the Information Commissioner's inspection powers and to introduce sliding scale notification fees. Organisations "opting-in" to good practice assessments would be given immunity from the new fines for data protection breaches, which are likely to be introduced next year".
If you would like to receive subsequent issues of this Update regularly, please email Marc Dautlich here.

this blog discusses data protection law, practice and problems