ICO fines Nursing and Midwifery Council

February 22, 2013

On 12 February the ICO  issued the Nursery and Midwifery Council a £150,000 fine for breaching the data Protection Act.

The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. The  ICO  found the information was not encrypted.

According to the ICO press release David Smith, Deputy Commissioner and Director of Data Protection, said:

“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.
While many organisations are aware of the need to keep sensitive paper records secure, they forget Read the rest of this entry »

Anonymising personal data need not guarantee privacy, says ICO

November 25, 2012

In a recently released code of practice the UK’s Information Commissioner’s Office states that data anonymisation does not have to provide a 100% guarantee to individuals’ privacy in order for it to be lawful for organisations to disclose the information. The ICO has released a code of conduct regarding anonymisation.

Organisations that anonymise personal data can disclose that information even if there is a “remote” chance that the data can be matched with other information and lead to individuals being identified. Organisations that take action Read the rest of this entry »

Greek journalist arrested for breach of data protection law

October 30, 2012

In New Twist in Greek Tax Saga the Wall Street Journal reports on a disclosure by a journalist, Costas Vaxevanis, of private financial details of several thousand Greeks with Swiss Bank Accounts and his subsequent arrest.  The story provides:

 ATHENS—Greek authorities arrested a celebrated investigative journalist Sunday after his magazine disclosed the names of several thousand Greeks with Swiss bank accounts, including members of the country’s political and business elite, a development that comes as an embarrassment to the government and will put more pressure on it to crack down on the country’s chronic tax evasion.

The arrest of the publisher of Hot Doc magazine is the latest bizarre twist to a weekslong saga that has gripped the country and concerns over the attempts of the Greek government to track down alleged tax evaders from a list of names French authorities provided to them.

The publisher, Costas Vaxevanis, was later released Read the rest of this entry »

UK Council fined £120,00 over data breaches

October 27, 2012

Zdnet reports that Stoke-Trent-City Council has been fined heavily for releasing sensitive data in breach of the data protection legislation.  It is found here. The report provides:

Stoke-on-Trent City Council has been fined £120,000 after it accidentally emailed sensitive data about a child protection case to the wrong person.

The 11 emails, sent on 14 December 2011, Read the rest of this entry »

Phillipines Data Privacy Act of 2012 takes effect today while last week Colombia enacted new data protection law

October 24, 2012

The Phillipines Data Privacy Act takes effect today.  It was signed into law on 24 August (see articles here and here).

The Act’s homepage is found here.

A useful general article on the subject is found in the Phillipine examiner on 31 August 2012 which provided:

With the advances in information technology, privacy in personal data has become illusory. For the right price or with good connections, private information disclosed in confidence to companies or government offices can be made available to or accessed by interested parties.

This is the problem that is sought to be minimized, if not eliminated, by Read the rest of this entry »

Draft Data Communications Bill attracts critisism that it may uncover wrong targets

October 21, 2012

The BBC reports in Draft Communications Data Bill: Powers may uncover ‘wrong targets’.  The bill was introduced to Parliament in June 2012.  It is found here.

It provides:

 Civil liberties campaigners describe the proposals as a “snooper’s charter”

Plans to monitor all Britons’ online activity risk uncovering “incompetent criminals and accidental anarchists” rather than serious offenders, the information commissioner has warned.

Ministers want to strengthen the law on internet data retention to help the police tackle security threats.

Christopher Graham said the “really scary people” could simply avoid detection by changing their behaviour.

But another leading watchdog said the proposed new powers were “essential”.

Under the government’s plans, currently being scrutinised by Parliament, service providers will have to store details of internet use in the UK for a year to allow police and intelligence services to access it.

Records will include people’s activity on social network sites, webmail, internet phone calls and online gaming.

Ministers argue Read the rest of this entry »

European Data Protection Supervisor v Republic of Austria: Data protection decision

In European Data Protection Supervisor v Republic of Austria the European Court of Justice found that EU countries that merely provide for their appointed data protection authorities (DPAs) to have “functional independence” does not constitute compliance with EU law.

The European Commission brought the action arguing that Austria had acted in breach of EU law by failing to allow its appointed DPA, the Datenschutzkommission (DSK), to act with “complete independence” from the Austrian Government.

In order to be said to have “complete independence”, DPA staff must not share the same offices as Government officials and the authority must not, by law, be required to provide Government officials with an “unconditional” access to information about its work, the Court said. In addition, the individual who heads up a DPA must not also hold a role within Government. However DPAs “need not be given a separate budget..in order to be able to satisfy the criterion of independence”.

The Court upheld Read the rest of this entry »