Archive for the ‘Data Protection’ Category
By Olivia - Thursday, November 12th, 2009
We’re not talking in the Glenn Close sense ……..
75% of employers are concerned about potential reprisals from employees who have recently left their organisations, according to the Ernst & Young 2009 Global Information Security Survey. This canvassed the view of 1900 senior execs and found that fear of data theft and attempts to disable IT systems are rife. 55% of those questioned indicated that compliance costs are now accounting for moderate to significant increases in their overall IT security costs. A high proportion have or are considering using encryption technology on Company laptops.
Posted in Data Protection, Miscellaneous | No comments »
Similar Posts:
By Olivia - Tuesday, June 9th, 2009
To be forewarned is to be forearmed …….. a new mobile telephone directory service goes live next week on 18 June. The directory (118800.co.uk) claims that it will connect users, for a £1 fee, to any British mobile telephone number. Users will call the service and ask to be connected to a mobile phone number. The service then calls the number and asks for permission to connect the call. The call will not be connected if the end user disagrees and numbers will not be given out. There is an opt out whereby you can inform the directory by text or phone that you do not wish your number to be included. But, you will be charged standard network rate for the pleasure of doing so. One obvious cause for concern is the number of mobiles owned by children. The directory will not include numbers of under 18’s but if parents have given their mobiles to children to use they will have to text/phone from their phone to exclude them. From a Data Protection Act angle, the service must obtain consent from individuals concerned in order to comply. They are therefore asking people to sign up on their website and otherwise, will ask people to opt in or out when someone first tries to get hold of them. A useful tool to keep us all connected or a step too far and infringement of our privacy? Time and personal opinion will tell.
Posted in Data Protection | No comments »
Similar Posts:
By Philip - Tuesday, January 27th, 2009
Well as we know conducting any business online carries with it enormous benefit and some risk. The recruitment website, Monster.co.uk, has just announced that all of its users’ personal data has been accessed and copied by unauthorised persons. Read it here.
Posted in Data Protection | No comments »
Similar Posts:
By Liam - Wednesday, October 22nd, 2008
This article reports an experiment that lured a surprising number of people to send their CV to a fake company and in the process, revealed enough sensitive information about themselves to leave the potential for their identity to be cloned.
What is interesting is the fact that a quick search of the website would have revealed the Company was fake. The fact that the candidates who sent in their CV’s didn’t realise this shows the shocking lack of research many employees do (or should I say don’t do?) about their prospective employer. Applicants’ prospects of securing a new job are increased significantly if they can show some knowledge of the Company for whom they are applying to work. Some research into future employer’s solvency is also a good idea. Why leave a secure job with a financially secure company where you have statutory employment rights to go to a new job where you will have no statutory employment rights and the company may be on the rocks?
Posted in Confidentiality, Data Protection | 1 comment »
Similar Posts:
By Emma - Wednesday, August 20th, 2008
The Home Office has launched a consultation paper seeking to require telephone and internet companies to keep details of personal text, email and internet traffic for a minimum of 12 months so it can be used in connection with criminal investigations and other threats to public safety.
The proposals will cover the retention of details of personal internet and text traffic but not content. The data will be available to public bodies. The impact on the internet and telephone industry will be significant in terms of the cost of storing of the data.
This measure is to bring into force a European directive covering the collection of personal data. The consultation is open until 31 October 2008.
See more here.
Posted in Data Protection | No comments »
Similar Posts:
By Liam - Wednesday, June 13th, 2007
From time to time we get asked questions about the Data Protection Act 1998. One requirement of the Act, is that all Data Controllers (people who process personal data, which includes most if not all businesses as well as clubs, societies, local authorities etc.) must register with the Information Commissioner. Full details are available here and it costs £35.00.
I have known people to receive threatening looking notices from scammers that purport to be an official body and threatening tough enforcement action and fines if the recipient doesn’t register under the Act using their service (usually at a cost of 3 or 4 times the Information Commissioner’s fee). The legal requirement is to fill in a simple form and send it with £35 to the Information Commissioner.
Posted in Data Protection | No comments »
Similar Posts:
By Liam - Monday, April 30th, 2007
Under the Data Protection Act 1998 (DPA) there is a transitional period for manual (i.e. non computerised) data. The exemption exempts data from:
- the Frist Principle except Part II, Schedule I, paragraphs 2 and 3 of the fair processing requirements of the Act (3.1.7.1)
- the Second Principle (3.2 - processing for specified and lawful purposes)
- the Third Principle (3.3 - processing not to be excessive),
- the Fourth Principle 3.4 - data to be up to date and accurate)
- the Fifth Principle (3.5 - data not to be kept for excessive time)
- section 14 subsections (1) to (3) (court orders to deal with inaccurate data)
(the references in brackets are to paragraphs in the ICO guide)
This exemption ends on 23 October 2007. Until that date, manual data that was in manual system before 24 October 1998 is exempt from the above provisions of the DPA. Data added on or after 24 October 1998 is not (and never has been) exempt, and neither is data where the way in which the data is processed has changed since October 1998.
What does this mean? We recommend that you firstly identify what data you hold that is subject to the DPA. Once you have done this, check whether you can comply with all aspects of the DPA (in particular the 8 principles) and within the necessary time limits (e.g. 40 days for Subject Access Requests). If you can comply with the 8 principles using manual filing systems, we cannot see a problem with this. However, very large manual systems may have problems complying with certain provisions such as time limits or security requirements.
Posted in Data Protection | 1 comment »
Similar Posts:
