From the Information Commissioner's Office comes news
that highly respected British retail chain Marks & Spencer has been reprimented for wrongly blaming the Data Protection Act for a customer relations malfunction. What happened was that a Marks & Spencer employee told the mother of a seven year old child that the store staff could not talk to her about the delivery of her son’s Superman suit because it would infringe his data protection rights. While it is right for any organisation to be careful before releasing personal information, this case demonstrates an absence of common sense. In the circumstances it was obvious that the seven year old child would not have ordered the Superman suit himself. Marks & Spencer was not being asked to release any personal information: it was simply being told that a belt was missing from the order.
In "Why self-deleting data may be the solution", Data Strategy
editor David Reed comes up with the appealing thought that now may be the time to invent self-deleting data. He writes:
"Records that automatically removed themselves from a database after a given period of time would answer some critical issues currently facing the data industry -- growing customer resistance to providing personal information, compliance with the Data Protection Act, even respecting individual Human Rights.
... consider the current debate over retention of DNA profiles of innocent people. The UK already has the largest DNA database in the world and the idea has even been floated of capturing genetic data on everybody at birth. Yet a citizen's inquiry set up by the Human Genetics Commission recently not only rejected universal coverage, but also urged that the innocent - and criminals with spent convictions - should have their profiles deleted. Instead of having … Continue Reading ››
In "Cloud computing takes hold despite privacy fears" Heather Havenstein (Computerworld) 09/15/2008 writes for Networkworld
that, although computer users are increasingly making use of 'cloud computing'
, availing themselves of web-based computer software applications packages and storage facilities, many have become increasingly concerned about the security of their personal data, according to a study released late last week from the Pew Internet & American Life
project. According to that study
* 69% of online users practised one or more forms of cloud computing;
* 56% use webmail services like Hotmail or Gmail;
* 34% store photos online;
* 29% use online applications like Google Document or Adobe Photoshop Express.
However, the convenience and ease of use has its downside too. According to a spokesman for Pew:
"Even as large numbers of users turn to 'cloud computing' applications, many may lack a … Continue Reading ››
Technology Update for the Third Quarter was released last week. The text is available as a pdf file here
. It contains, among other things, a short feature entitled "Increased inspection powers and higher notification fees?". The abstract is as follows:
"The Government has been consulting on changes which, if implemented, will impact all data controllers. These include proposals to increase the Information Commissioner's inspection powers and to introduce sliding scale notification fees. Organisations "opting-in" to good practice assessments would be given immunity from the new fines for data protection breaches, which are likely to be introduced next year".
If you would like to receive subsequent issues of this Update regularly, please email Marc Dautlich here
The Fair and Accurate Credit Transactions Act 2003 (FACTA
) lets consumers request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies (Equifax, Experian and TransUnion). In cooperation with the Federal Trade Commission, the three major credit reporting agencies set up the website, annualcreditreport.com, to provide free access to annual credit reports. This Act also contains provisions to help reduce identity theft, enabling individuals to place alerts on their credit histories if identity theft is suspected, making it more difficult to effect fraudulent applications for credit. Additionally this legislation requires secure disposal of consumer information.
Financial institutions face a mandatory deadline of 1 November 2008
by which they must comply with FACTA's Red Flag Rules
(for which see FACTA, ss 114 and 315). These rules apply to a broad list of businesses including … Continue Reading ››
The UK Information Commissioner's Office (ICO
) is urging organisations not to hide behind the Data Protection Act in order to avoid compliance with data requests from individuals. This call was made during Stupid Aid Week (1-5 September), which highlighted various widely-held myths such as the belief by some organisations that data protection stops them giving out any personal information, or prevents them from dealing with certain types of enquiries.
called "Overcome stupidity in the world around you", launched during Stupid Aid Week by the Flexible Thinking Forum, listed various data protection "duck outs". These included parents not being allowed to take photos of their child at a nativity play, teachers unable to promote the successes of pupils in the local media, and priests prevented from praying for an ill person by name during mass.
David Smith, deputy commissioner at the Information Commissioner's Office, said:
Continue Reading ››
Stephanie Bodoni (Bloomberg) reports that EU Justice Commissioner Jacques Barrot has welcomed Google Inc.'s decision to halve the time it stores information on users' search records. He describes this as "a step toward complying with EU privacy and data protection laws". Google said this week it will keep data for nine months, instead of the minimum 18-month period it introduced last year. Both US and European law and policy makers have argued that search engines keep too much personal data for too long and with little oversight of how they use them. The EU target for retained personal data remains six months.