Thursday, August 28, 2008
Wednesday, August 27, 2008
On April 28, 2008, the European Data Protection Supervisor Peter Hustinx released a policy paper entitled “The EDPS and EU Research and Technological Development”, according to which privacy and data protection requirements should be introduced as soon as possible in the life cycle of new technological developments. Hustinx stated that the principle of “privacy by design” should represent an inherent part of the European Commission’s 7th Framework Program. The EDPS plans to assist the Commission in the evaluation of data protection issues of project proposals, promote the education of managers and designers, contribute to research advisory boards, and advise companies in order to ensure that privacy and data protection issues are included at an early stage in technology research and development projects.
Tuesday, August 26, 2008
"PIAs are a process of ensuring that privacy concerns are identified at the early stage of an initiative so that these can be addressed and safeguards built in rather than bolted on as an expensive afterthought. We have called for the use of these in the past with major public policy developments like ID cards and reinforced the need for these impact assessments in evidence to parliamentary enquiries and in our other publications such as the Information Sharing Framework Code of Practice.PIAs go wider than simply a data protection compliance check and are aimed at looking at all aspects affecting privacy. The approach we are recommending involves a number of elements including an initial screening process and, depending upon the results,
twopossible levels of assessment (small scale and full scale) together with a data protection law checklist. The important thing about PIAs is the process of undertaking the assessment where the organisation considers the impact on privacy and whether there are more privacy friendly alternatives. Although a report is produced at the end and is usually published this is will not be subject to an approval process by the ICO."
Other than the handbook, some of the basic procedures still need to be addressed:
1) WHO are your data protection officers? HOW regular is the training about data protection laws?
2) What are the security procedures? Do we understand the data protection principles laid down under the Data Protection Act 1998? In particular, the 7th Data Protection principle that provides that "appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
3) What are the complaints procedures? How many data subject access requests do we have? Do we keep a regular record? Is personal information accessible on the internet?
Privacy compliance check is available here, but certainly more needs to be done not simply at an organisational level, but also a recognition that privacy (storage of personal information) should be kept securely.
Saturday, August 23, 2008
This is quite a good search engine and shows all the relevant searches. Not sure why other search engines including Google have not cottoned on to this. Might as well start using this from now on!Ixquick is a meta-search engine (www.ixquick.com) which
forwards search requests of its users to several search engines, gathers and
combines their results and presents the results to the requesting users. Privacy
is ensured by using several data-minimization techniques: personal data like IP addresses are deleted within 48 hours, after which they are no longer needed to
prevent possible abuse of the servers. The remaining (non-personal) data are
deleted within 14 days. Ixquick serves as a proxy, i.e. IP addresses of users
are not disclosed to other search engines.
Friday, August 22, 2008
"Details of 84,000 prisoners in England and Wales were lost by private firm PA Consulting. The Home Office said a full investigation was being conducted.
The information commissioner's office described it as "deeply worrying".
PA Consulting has searched its premises and looked at CCTV recordings in an attempt to recover the missing memory stick - a commonly used portable storage device for computer files. It is not clear how it came to be lost."
Probably worth reading Ubisurv's comments on this.
Minister of Justice calls for stricter privacy laws after data trade scandal
After the incident, the Federation of German Consumer Organisations (VZBV) appointed a journalist to conduct an undercover research on the trade of personal data. “We instructed a journalist to find out how easy it would be to buy German citizens’ personal data on the internet”, a VZBV spokesperson explained to DataGuidance on 20 August 2008. “Within hours, our investigator was offered a database containing the personal data of 6 million people and the bank details of 4 million people for EU 850”.
Thursday, August 21, 2008
"Section 78 inserts a new defence into section 55 of the Data Protection Act 1998. The defence applies when a person acts for journalistic, literary or artistic purposes with a view to the publication of journalistic, literary or artistic material and in the reasonable belief that their actions were justified as being in the public interest." (notwithstanding Pepper v Hart, will need to read through Hansard to look into the background of this as to why this amendment is necessary)
Thursday, August 07, 2008
Monday, August 04, 2008
"The Council of Europe Convention on Data Protection, for the first time since it was opened for signature in 1981, is inviting non-European countries with data protection laws to sign and ratify it. The Convention’s Consultative Committee recommended “that non-member states, with data protection legislation in accordance with Convention 108, should be allowed to accede to the Convention”, and it “invited the Committee of Ministers to take note of this recommendation and to consider any subsequent accession request accordingly”. The Committee of Ministers, on 2 July 2008, “agreed to examine any accession request in the light of this recommendation” and “instructed the Secretariat to disseminate information about the Convention”.
"Google's Street View service has received the blessing of UK privacy watchdog the Information Commissioner, who has said that the safeguards Google has put in place for people's privacy are 'adequate'.
The Street View service works by taking photographs of a city's streets and publishing them together so that they form a kind of photo-map of a city. It has raised privacy concerns because people are identifiable in the photos.
Google, though, has always said that it will change the service according to the privacy laws of the countries in which it operates. Cameras gathering data for the service have been spotted for the first time on UK streets in recent weeks.
We are satisfied that Google is putting in place adequate safeguards to avoid any risk to the privacy or safety of individuals, including the blurring ofvehicle registration marks and the faces of anyone included in Streetview images," said a statement from the Information Commissioner's Office (ICO)."