LWC 24/7      Press      Articles      News      Careers    
 




Archives:
  • November 2007
  • December 2007
  • January 2008
  • February 2008
  • March 2008
  • April 2008
  • May 2008
  • June 2008
  • July 2008
  • August 2008
  • October 2008
  • November 2008
  • April 2009
  • June 2009
  • August 2009
  • October 2009
  • February 2010


    • Labels:
    •

     RSS feed

    If you would like to comment, please review our privacy policy and send an email to comments@leewhiteconsultants.com.

    Comments will be moderated and can be edited for length and clarity.


    LWC 24/7 Blog

    3 February 2010

    The ICO's new power

    PowerThe UK's Information Comissioner's Office (ICO) has sharper teeth now to deter personal data security breaches - it can now serve monetory penalties of up to 500,000GBP to organisations for breaches of the Data Protection Act. The power is designed to deal with serious breaches of the Data Protection Act.

    According to the ICO, for a data breach to attract a monetary penalty there must have been a serious breach that was likely to cause damage or distress and it was either deliberate or negligent and the organisation failed to take reasonable steps to prevent it. It gave the following examples:

    Damage
    Following a security breach by a data controller financial data is lost and an individual becomes the victim of identity fraud.

    Distress
    Following a security breach by a data controller medical details are stolen and an individual suffers worry and anxiety that his sensitive personal data will be made public even if his concerns do not materialise.

    Deliberate
    A marketing company collects personal data stating it is for the purpose of a competition and then, without consent, knowingly discloses the data to populate a tracing database for commercial purposes without informing the individuals concerned.Now, this is a major step forward for a data protection authority (DPA), and it is about time.Unfortunately, at the moment, there are big differences regarding the position of the DPAs in the member states and not all the DPAs have the same power. According to the Article 29 Data Protection Working Party, this is because of differences in history, case law, culture and the internal organization of the member states.

    Moreover, article 28 of Directive 95/46/EC lacks precision in several aspects, and has, to a certain extent, been poorly implemented in some jurisdictions -resulting in noticeable differences between the member states regarding, amongst others, the position, resources and powers of DPAs.In any case, with the growth of technology and globalisation, strong supervision and effective powers are needed by DPAs in addition to their current powers.

    In Belgium, 97% of organizations' websites are non-compliant . If so, then the question is whether internally, these organizations are adhering to the data protection law.

    Perhaps it is necessary for its Privacy Commission to be given a similar sanctioning power as that of the ICO. At the moment, the Privacy Commission has no teeth. Its powers are limited to advising, recommending and handling complaints. Coupled by the public's lack of awareness on data protection - which results in lesser complaints than the reality of the situation, many organizations abuse the situation and operate without fear or respect for the data protection law.It is hoped that someday soon, this will change.

    Labels: , ,

    posted by Legal Observer on Wednesday, February 03, 2010  0 Comments

    14 October 2009

    House for Sale

    You are in search of a house. You visit real estate agents, you drive around, you enter the World Wide Web.

    The Internet. A good place to gather as much information as you need without having to leave your home. Perfect. Let's get started.
    You begin your search using the search engines available. Hundreds and thousands of links appear on your screen giving you information about houses available for sale, for rent, and other connected information. You are pleased.

    You dig deeper - looking for the right area, for the right number of rooms, for the best price.

    Ah, you finally find a few potentials in these websites.
    You begin contacting the agent or the property owner via email or the contact form.

    You divulge your personal information such as name, email address and contact number for a viewing.

    At the same time, note that the property owner has given his personal information such as name, address of the house for sale/rent, email address and contact number on the website too.

    Basically, if you have used the website's contact form, then that website has collected your personal information. It now has both yours and the property owner's personal information.

    You wait for an answer.

    Some time later, one of the property owners contacts you - surprised that you have his contact information and asking about his house which has been sold - 2 years ago!

    Another email you receive is from the postmaster stating that the message you have sent has been delayed - the email address is probably no longer in use.

    Now think. What is the website doing with all these personal information stored? Why isn't old information being removed? Contact information and pictures of houses of property owners who have sold their houses ages ago are still advertised on the website and misleads the visitor. And through this misleading information, the website collects your personal information as well. So what is going to happen to your personal information? Are third parties getting hold of your personal information? There is no privacy statement informing you of the handling of your data. You contact the website but you receive no answer.

    The property owner is also not happy. He contacts the website for his information to be removed. Days later, he checks the website. His information is still there! Spammers happily clog his mailbox using his email address advertised on the website and he keeps getting phone calls about his sold house.

    It is a nightmare.

    Labels: , , ,

    posted by Legal Observer on Wednesday, October 14, 2009  0 Comments

    14 August 2009

    Tattletale gadgetry

    Location based servicesWe have all gotten so used to our gadgets that we are willing to sacrifice basic human rights to get our hands on them. People do not always know the value of their personal data, or value it so low that they are willing to give it up for peanuts (or a chocolate bar).

    Often it is ignorance, and we are not aware that our gadgets or services are giving away important personal data. And then there are those of us who are aware of this fact, and are counting on our provider to treat our personal data properly, or at least according to their privacy statement, which of course we check thoroughly before buying or starting to use such gadget or service.

    A few examples:
    • Mobile phone
      Did you know that our mobile phones are 'anonymously' tracked for a range of services?
      For example: the traffic report, which informs you of the total length of traffic jams in your country, calculates such information based on tracking of mobile phones, checking how fast the phones are moving - if at all - from point A to point B.
      The mobile phone service providers promise us that the information they gather is anonymized before use.

    • Location based services
      You can now surf from your mobile phone to a service such as Google Maps which calculates your position - possibly using your built in GPS receiver - to inform you of the services that are available in your immediate vicinity.
      This of course, requires that your location is sent to the service provider first.
      It was recently discovered that some of the new generation smartphones covertly sends important information back to the manufacturer on a daily basis.

    • High street store loyalty card (and other credit cards)
      We are lured into using these cards, because they make us feel pampered by giving us a few small perks which the other customers do not get.
      Of course, every time you use the card, the store registers what you buy, how much you buy, where, when and how often you buy.
      Using this data, they can, through data mining techniques deduce a lot of information about you and your family: if you respond properly to their campaigns, if and when you deviate from your routine (holidays?), how loyal you are to certain brands, financial information, ...
      This information is then, amongst others, used - by the store itself or third parties - for targeted campaigns.
    • Mobile Payments
      So convenient, we do not have to use coins anymore, or card. We can simply sms a message and the amount we want to pay for is automatically charged to our mobile phone bill.
      Think a little bit further, and you'll know who will get their hands on the personal data hovering in the chain between you and the receiver of the payment.
    I know that we cannot and should not stop technological evolution, but we need to ensure that every party involved treats personal data properly and always informs and gives the owner access to their personal data - which in the end remains their most personal property.

    Labels: , , ,

    posted by IT Observer on Friday, August 14, 2009  0 Comments

    9 June 2009

    Your Personal Data is Priceless

    Ever wondered how much your personal data are worth in the open market? Are you even aware that your personal data are being traded by and between companies and may be easily bought by criminals? Well, be assured that there is a price tag on your data.

    If you take a look at the Swipe Toolkit Data Calculator, you will see the value of each piece of personal data. According to this tool, a date of birth is worth US$2.00 in the open market, while a postal address is worth US$9.95. Now, imagine how much your personal data is worth in total? According to Ezine Articles, the price of personal data has dropped in the recent years. This only means access to your data is becoming increasingly easy; your identity is very highly likely to be stolen.

    The general public fail to see that their personal data is priceless, and what are the consequences for not safeguarding their data. Identity theft has become a rampant crime (it is no longer a matter of "if it happens to you" but "when it happens to you"), and does not take an intelligent hacker to profile a person. The problem lies in the lack of education given to the public about identity theft, and that their personal data is the weapon in this crime. By not protecting our data we are aiding these criminals - can you blame these criminals when your identity is stolen?

    The government and the media play an important role in creating awareness in the public on these matters, as well as educating them on the importance of protecting their privacy; how they should do so; and the technologies around that are used to monitor and to gain access to their data. The BBC is to be commended on its new programme called Who's Watching You? that investigates surveillance in the United Kingdom. Programmes such as these raise awareness that we are being watched, and make us value our privacy and the protection of our personal data for sad to say, our personal data is not so private.

    So, the key point here is that the public must be educated on the value of their personal data, and organisations such as the Privacy Commission and the media ought to play an active role. Unfortunately, the current situation in Belgium is such that privacy is the last thing on anyone's mind. Try calling your phone company and find out how it protects the personal data it collects from you. Look at a website and see if there is a privacy statement available - it is after all, the first positive step towards upholding your privacy. You will find very few are concerned about the proper handling of personal data. Nevertheless, hopefully, you will enforce your right and put the necessary pressure on those who handle your personal data to take care of it. It begins with you.

    Labels: , , ,

    posted by A_Voice on Tuesday, June 09, 2009  0 Comments

    29 April 2009

    Privacy Always

    Economic crisis, downsizing, budget issues, bankruptcy. These seem to be some of the more common issues faced by many companies today - so much so that if one approaches them concerning P-R-I-V-A-C-Y, they would show you the front door!

    Who has the time to bother about someone's privacy and personal data when there are more "important" issues at hand? Perhaps at first glance, the protection of privacy seems minute at times like these, and even the data subject is not too concerned about the way his data is being handled - he has more pressing matters to think about such as the possibility of losing his job, going bankrupt and so on.

    Nevertheless, do take note that whilst these matters affect your way of living and demand your immediate attention, they are not permanent - and life will go on, even if it is not the way we wish it to be. On the other hand, privacy and personal data IS your life - be it on paper or in an electronic carrier, and once breached, can have a lasting negative effect greater than we can imagine. Remember, the right to privacy is sacred, and should be protected - even in times of difficulty, because when the economic sun is shining again, you'll be glad you did.

    Labels: , , ,

    posted by Legal Observer on Wednesday, April 29, 2009  0 Comments

    This page is powered by Blogger. Isn't yours?
     

      Contact

    Legal Notice - Privacy Policy  

    © 2003-2010 Lee & White Consultants®. All rights reserved.