Sunday, February 08, 2009

Surveillance Report

The House of Lords Constitution Committee has recently published a report discussing the expansion of 'surveillance society', reiterating the warning that the right to privacy is being undermined by pervasive and routine electronic surveillance and collection of personal data:

The report makes over forty recommendations, including statutory regulation of the use of CCTV cameras, a clear legislative framework for the DNA database, a review of the provisions of the Regulation of Investigatory Powers Act, and amendments to the Data Protection Act to provide for 'privacy impact assessments' before any new surveillance regime is introduced. A complaints procedure for breaches of Article 8 should be established, and "where appropriate", legal aid should be made available for Article 8 claims. Compensation should be paid to the victims of "unlawful surveillance" by public authorities. The report also endorses tighter controls within government and a new joint parliamentary committee on surveillance and data powers, to which the Information Commission, whose powers should be strengthened, could report.

Source: 5RB

Open Rights Group considers this in more detail.


DS Breaches

According to the latest findings, data breaches appear to become a common occurence:

The personal information of UK citizens is being lost and stolen at an unprecedented rate, the UK’s privacy watchdog said today. Nearly 100 data breaches were reported to the Information Commissioner’s Office (ICO) in the last three months alone, with millions of bank details, addresses, emails, private health information and employee salary statements lost or stolen in 2008. Data breaches jumped by 36 per cent last year, the ICO said. Personal information is now lost - on average - more than once a day.

In June, Virgin Media lost a CD containing private information on more than 3,000 customers while a hospital in Wembley recently had two computers stolen which contained the unencrypted details on 400 patients. Richard Thomas, the Information Commissioner, said it was “unacceptable” that private companies - responsible for 112 of the 376 data breaches last year - could not be investigated by the ICO without their permission.

Source: The Times, 8 Feb. 2009

Ensuring technical security standards by organisations is covered under the 7th data protection principle within the UK Data Protection Act 1998. Getting a privacy audit (or a privacy impact assessment test) of the organisation's technical security procedures would be a starting point. More details can be found on the ICO website.