Data Protection Act: Section 35

August 16, 2008 — 585

35 Disclosures required by law or made in connection with legal proceedings etc

(1) Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.

(2) Personal data are exempt from the non-disclosure provisions where the disclosure is necessary—

(a) for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or

(b) for the purpose of obtaining legal advice,

or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

————————

Relevant Articles

Civil Procedure Rules Part 35

 

Tags:
Posted in Data Protection Act. Tags: , , . No Comments »

Select Committe Report: ICO

August 15, 2008 — 585

Following a call for evidence, by the House of Lords, for their investigation and report entitled “The Impact of Surveillance and Data Collection upon the Privacy of Citizens and their Relationship with the State several different bodies and individuals provided their expertise, including GeneWatch, the Royal Engineering Academy, and ARCH. On 8th July 2007 Richard Thomas of the ICO submitted a report to House of Lords on the issue. The full report is available here.

Highlights from the report include:

  • The commissioner believes that the risks of excessive surveillance are with us today.
  • The risks to individuals [privacy]….. are evident and positive action is required to ensure that these risks do not manifest themselves and that unwarranted harm does not occur.
  • The Commissioner proposes that the Committee gives particular consideration to the following measures:

    1. Mandatory privacy impact assessments by government departments.

    2. Requirements to have codes of practice in place for pro active information sharing in the public sector.

    3. Proper consultation with the Commissioner before significant new developments.

    4. Increased audit and inspection powers for the Commissioner.

    5. Effective penalties for serious disregard for the requirements of the data protection principles.
Posted in DNA, Data Protection Act, Fingerprint Scanners, data retention. Tags: , , , . No Comments »

Select Committee Report: BCS

August 15, 2008 — 585

As part of the House of Lords select committee investigation into privacy, entitled “The Impact of Surveillance and Data Collection upon the Privacy of Citizens and their Relationship with the State numerous bodies and individuals were asked to report on their areas of expertise. One of these was the British Computing Society – BCS.

Their official report, submitted in 2007, made several statements and went into a degree of detail about the use of technology in the

Whilst BCS supports the need for efficient public services which fully utilise the technology available, and understands the concerns which lead to the increase in surveillance measures, it is extremely perturbed about the increasing (although not deliberate) power of the state vis-à-vis the citizen as surveillance measures proliferate and data collection increases.”

This is not the only report to the House of Lords highlighting the problems with the current surveillance society, the GeneWatch report had similar criticisms,

BCS Report

 

 

 

 

 

 

Posted in DNA, Data Protection Act, Fingerprint Scanners, data retention. Tags: . No Comments »

Junk Mailers Complain about the Electrol Register

August 13, 2008 — 585

The Incorporated Society of British Advertisers (ISBA) has complained that the Data Protection Act (DPA) will stop the junk mailers – the people who send out millions of junk mail adverts every year (the industry name for it is direct mail) – from doing their job

Updates to the DPA means that marketing people can no longer use the electoral register as means to send our huge volumes of marketing material.

With no hint of irony the ISBA stated that the electoral register allows to be environmentally friendly. As it allows them to target people (rather than empty address), and if they can no longer use the electoral register they may get a few wrong houses.

One could argue that sending out millions of unwanted letters with a very low success rate(1% to 2%) was not the most environmentally friendly method of advertising in the world.

Should you want to avoid junk mail here are some tips

Source Article

Posted in Data Protection Act. Tags: . No Comments »

Data Protection Act: Section 40

August 10, 2008 — 585

Under Section 40 of the DPA the ICO can issue “Enforcement Notices” against companies and agencies. So far the ICO has done this against a variety of bodies including the NHS, and most famously the HMRC following the CD debacle.

Section 40 DPA – Enforcement notices

(1) If the Commissioner is satisfied that a data controller has contravened or is contravening any of the data protection principles, the Commissioner may serve him with a notice (in this Act referred to as “an enforcement notice”) requiring him, for complying with the principle or principles in question, to do either or both of the following—

(a) to take within such time as may be specified in the notice, or to refrain from taking after such time as may be so specified, such steps as are so specified, or

(b) to refrain from processing any personal data, or any personal data of a description specified in the notice, or to refrain from processing them for a purpose so specified or in a manner so specified, after such time as may be so specified.

(2) In deciding whether to serve an enforcement notice, the Commissioner shall consider whether the contravention has caused or is likely to cause any person damage or distress.

(3) An enforcement notice in respect of a contravention of the fourth data protection principle which requires the data controller to rectify, block, erase or destroy any inaccurate data may also require the data controller to rectify, block, erase or destroy any other data held by him and containing an expression of opinion which appears to the Commissioner to be based on the inaccurate data.

(4) An enforcement notice in respect of a contravention of the fourth data protection principle, in the case of data which accurately record information received or obtained by the data controller from the data subject or a third party, may require the data controller either—

(a) to rectify, block, erase or destroy any inaccurate data and any other data held by him and containing an expression of opinion as mentioned in subsection (3), or

(b) to take such steps as are specified in the notice for securing compliance with the requirements specified in paragraph 7 of Part II of Schedule 1 and, if the Commissioner thinks fit, for supplementing the data with such statement of the true facts relating to the matters dealt with by the data as the Commissioner may approve.

(5) Where—

(a) an enforcement notice requires the data controller to rectify, block, erase or destroy any personal data, or

(b) the Commissioner is satisfied that personal data which have been rectified, blocked, erased or destroyed had been processed in contravention of any of the data protection principles,

an enforcement notice may, if reasonably practicable, require the data controller to notify third parties to whom the data have been disclosed of the rectification, blocking, erasure or destruction; and in determining whether it is reasonably practicable to require such notification regard shall be had, in particular, to the number of persons who would have to be notified.

(6) An enforcement notice must contain—

(a) a statement of the data protection principle or principles which the Commissioner is satisfied have been or are being contravened and his reasons for reaching that conclusion, and

(b) particulars of the rights of appeal conferred by section 48.

(7) Subject to subsection (8), an enforcement notice must not require any of the provisions of the notice to be complied with before the end of the period within which an appeal can be brought against the notice and, if such an appeal is brought, the notice need not be complied with pending the determination or withdrawal of the appeal.

(8 ) If by reason of special circumstances the Commissioner considers that an enforcement notice should be complied with as a matter of urgency he may include in the notice a statement to that effect and a statement of his reasons for reaching that conclusion; and in that event subsection (7) shall not apply but the notice must not require the provisions of the notice to be complied with before the end of the period of seven days beginning with the day on which the notice is served.

(9) Notification regulations (as defined by section 16(2)) may make provision as to the effect of the service of an enforcement notice on any entry in the register maintained under section 19 which relates to the person on whom the notice is served.

(10) This section has effect subject to section 46(1).

Tags: ,
Posted in Data Protection Act. Tags: , . No Comments »

European Data Protection Supervisor

August 4, 2008 — 585

Peter Hustinx is the 1st and current European Data Protection Supervisor.

He was appointed by the Council of Ministers and the European Parliament in January 2004 to be the first European Data Protection Supervisor. This position is basically the same as that of the ICO within the UK, and within each member state, but the role is at a European level rather than a national level.

European Data Protection Supervisor has three main roles,:

Supervision, monitoring and ensuring compliance with data protection rules where they apply to the institutions and bodies, the Commission, agencies, the Council and Parliament, etc. This is about data
processing by the institutions and bodies.

Consultation on legislation and policies with an impact on data protection. Hustinx described this role as “whenever the Commission adopts a proposal for legislation with an impact on data protection it is under an obligation to send that proposal to me and my office for advice, which is then part of the discussion in Parliament and Council”
Co-operation, with national authorities and with the joint supervisory bodies in the police and judicial bodies.

Posted in Data Protection Act. Tags: , , . No Comments »

Accountant Prosecuted under the DPA

July 31, 2008 — 585

A Whitechapel-based accountant has been prosecuted and fined for breaching the Data Protection Act.

Aziz Arian of Arian & Co Accountants must pay over £900 in fines and costs for failing to notify the Information Commissioners’ Office that the firm processed individuals’ personal information.

It is the third prosecution of an accountancy firm this year.

‘Notifying as a data controller under the Data Protection Act is an important obligation for all organisations which process personal information,’ said Mick Gorrill, assistant commissioner at the ICO

Original Article

Posted in Data Protection Act. Tags: , . No Comments »

Police told to delete old records

July 27, 2008 — 585

On 20th July 2008  an information tribunal ordered the Greater Manchester Police, and Humberside, Staffordshire, Northumbria and West Midlands police forces to delete details of people who complained about previous petty convictions being kept on file.

Details of crimes can be kept on record for up to 100 years, some of the instances of petty details kept include:

  • Humberside Police: Theft of a 99p packet of meat in 1984.
  • West Midlands Police: Theft which took place more than 25 years ago for which the individual was fined £25.

The case was bought, because a woman who stole £100 from a cash machine in 1983, but has never been in trouble with the police since, had trouble with a visa application 25 years later as the the Grater Manchester Police (GMP) retained her details.

Initially the woman complained to the ICO, who agreed that the force were breaking the data protection laws. The original complaints, by the woman in relation to the GMP, and complaints against the four other forces were were upheld by the ICO on 8th, 16th, 15th and 16th August and 15th November 2007.

The GMP then appealed the ruling to the information tribunal. However this month the information tribunal upheld the ruling and dismissed the complaint. The complaints brought by the other people, against the other 4 forces, were also upheld.

The tribunal was told that that offenders who kept out of trouble 20 years after a conviction were statistically only 0.8 per cent likely to re-offen. The judgment by the tribunal, totaling a 50-page written judgment, states that the forces should not have kept information on file about offences which had taken place so long ago and were ‘no longer relevant’.

A GMP spokeswoman said: “We are considering the implications of the tribunal ruling and our possible routes of appeal.”

The Association of Chief Police Officers, which represents police forces across the country, warned the decision could overturn guidelines introduced after the Soham murders in 2003, and stated “We will now take some time to discuss these implications with the service and decide on the most appropriate course of action.”

There were several complaints about Ian Huntely,  and these complaints were were reported to police about the school caretaker Ian Huntley but not passed on to his employers during the vetting process.

For some reason the police believe that they should be able to record all information, about all people, and keep it forever, and then pass it on to other people, when the “suspect” applies for jobs, visas, or the like. This information that they want to keep and pass on is not just current, or evidence proved in a court, but hersay and rumor.

Articles: Wigan Today and Manchester Evening News

Full Judgment

Posted in Data Protection Act, data retention. Tags: , , . No Comments »

Legislation Relating to Data Retention in the UK

July 27, 2008 — 585

The following laws in the UK Relate to data retention

Posted in Data Protection Act, ISP Data Retention, UK Law. Tags: , . No Comments »

PNC – Police Database Errors

July 10, 2008 — 585

In 2006 it was reported that almost half of all police forces that were audited by the HM Inspector of Constabulary – HMIC – were found to have errors in their police databases

Sir Michael Bichard’s enquiry into the intelligence failures leading up to the murders of Soham school girls Holly Wells and Jessica Chapman led to a 2004 report that recommended measures to improve the quality and timeliness of data input into the Police National Computer (PNC). HMIC’s audits of Britain’s 51 police forces were subsequently trained through Bichard’s lens.

The “progress report” published yesterday was meant to demonstrate how well the Home Office had responded to Bichard by making police data more reliable. It showed how there was a long way to go before police data could be treated as gospel.

“HMIC has commenced direct communications with 13 forces which are causing varying degrees of concern in relation to their actual performance or their general direction of travel,” said the progress report.

It noted evidence provided by HMIC audits about the timeliness of data input into police computers.

Almost a third of British forces were not meeting tough statutory targets for inputting data about arrests and summons on the computer in time, it said, drawing its data from the completed audits of data quality and related working practices HMIC has done of British police forces.

It also noted that 39 per cent of forces were not inputting records of court proceedings within statutory deadlines.

But it skirted over the other key data concern for Bichard, that of data quality. Error rates of between 15 and 86 per cent were identified in police data in the years before the Soham murders. Data errors are still a problem, as demonstrated by recent string of reports about the Criminal Records Bureau, which draws its data from the PNC.

The most recent PNC audit report published by HMIC, that of Avon and Somerset Constabulary, noted that 22 per cent of records that had already been checked by supervisors still contained an error. The error rate concerned a sample of records input in recent months. Old data, which might contain more errors, is not audited.

Full Article

Posted in Data Misuse, Data Protection Act, UK Law. Tags: , , . No Comments »
« Older posts
Newer posts »