Come on now, innocent is innocent. These DNA profiles should be deleted, nothing less!
And anonymity does not guarantee that the DNA profiles cannot be linked back to the original person. There is some more posting on this somewhere on virtual shadows. Examples of how easy it can be.
What am raving on about here? Read more at guardian government computing.
I love this “A UK privacy authority has fined the solicitor behind ACS:Law £1,000 for failing to keep the personal data of at least 6,000 people secure.” Although the fine was pretty pathetic, it is still good to see numbers appearing against cost of lost personal and sensitive data as this helps us justify why we are needed! Read more at ZDNet.
What is more important is the loss to his reputation for his lax security, I can imagine that ACS business cost will be just a little bit more than £1,000 😉
Some interesting conflict. The EU is taking the UK to court for not taking appropriate measures to protect their citizens’s privacy i.e. the UK law does not protect personal privacy as strongly as EU laws demand. Most of this has come about because of the use of Phorm in the UK. Phorm invented a technology for ISPs to use to track users’ web use in order to serve them ads that were related to the recorded internet activity. ISP BT used this technology without telling users, which led to complaints to UK regulators and the Commission that this broke privacy laws.
It is interesting because it highlights some flaws in the UK privacy laws. Read more at out-law.com
Background on Phorm follows (an extract from Virtual Shadows book):
“During 2008 there was growing controversy about interception of people’s web traffic in the UK. At the centre of the storm is the ‘patent-pending’ technology of a new company called Phorm. The drivers behind this are not government authorities but three of the main players in the telecommunications space. BT, TalkTalk and Virgin all signed up to use Phorm, which targets adverts to users based on users’ web browsing habits. Phorm’s proprietary ad serving technology claims to use anonymised ISP data to deliver the right ad to the right person at the right time, the right number of times. This means that end-users will receive advertising that is tailored to their interests in real time. Keywords in websites visited by a user are scanned and connected to advertising categories and then matched to particular adverts. That data may include sensitive personal data, because it will include the search terms entered by users into search engines and these can easily reveal information about such matters as political opinions, sexual proclivities, religious views and health.
Phorm anonymises identities: each user is given a persistent random ID, so that each time they browse, the same ID is used to collect information on their habits over a period of time, but Phorm cannot see the link between this ID and the natural identity. Phorm uses the ID to deliver tailored advertisements in their browser. This ID is used to distinguish the user from the millions of others on the internet and it does not contain any information about the user themselves or their computer. Users will have the choice to opt-in or opt-out of this service. TalkTalk has said it intends to make Phorm an opt-in system, whilst as of Spring 2008 the two other ISPs had not yet decided.
If a user is given a persistent ID, this means that whenever the user accesses the ISP, the ISP can see the link between the assigned ID and the user’s natural identity. The persistent ID is not encrypted as it is in the form of a cookie. To ensure ‘separation of duty’ the system will enable the ISPs to prevent Phorm from knowing the user’s natural identity. This means that the ISPs will hold the persistent ID assigned to natural users and Phorm will receive the browsing habits attached to the persistent ID. If this is the case one could argue that the Phorm system is not based on anonymity, but it is in reality based on controlling the release of information.
According to an open letter sent to the UK Information Commissioner on 17 March 2008 (Fipr 2008), the Foundation for Information Policy Research4 have claimed that the online advert system Phorm is illegal and contravenes RIPA.
Fipr believes Phorm contravenes the Data Protection Act, in that users have to opt-out rather than opt-in, and RIPA, which makes the interception of any transmission across a public telecommunication system illegal without the explicit consent of users. (Exceptions are when police are investigating a serious crime such as kidnapping and need to listen in to conversations between a family and the criminals, although even they must first obtain an authorisation under RIPA.)”
This really is NOT cool. UK companies, instead of investing in taking the privacy of personal data seriously, i.e. by implementing controls that prevent unauthorized access, they are taking out insurance policies to protect themselves from the ensuing damages that could follow. According to Beer, of the UK companies that had insurance protecting against “theft or misuse of assets such as electronic data or customer records”, an enormous 83% had successfully made a claim on the policy, compared with only 13% globally. Read more: Companies turn to insurance as data-loss safety net at PC Pro
I missed a flight with a baby in tow just end of July, and wondering how well I would have passed this test after having no choice but to wait in Stansted airport the whole day before I was allowed to check in ;-(
I am surprised that this has not be the case before. After all the EU Directive on DP states that the data subject should have the right to access records held on them, providing the request is reasonable, and this has been codified as the DPA in the UK.
Anyhow good that things are going in the right direction.
Wow, I love this news that UK’scoalition government will be keeping their promises to “reverse and restrain many of the surveillance systems that have marked its citizens out as the most watched in the world,” THINQ.co.uk reports. Plans include scrapping the National Identity Register and ID card, as well as biometric passports, and expanding the Freedom of Information Act. Other coalition commitments include removing innocent people’s records from the DNA database, regulating the use of CCTV and halting the prior government’s plan to retain national records of e-mail and communications data.
This will include a proposal to “outlaw” the finger-printing of children at school “without parental permission”. It will be interesting to see how they pan out in the statistics department for Privacy International “Most surveyed countries report” in a couple of years 🙂
Oh dear, Google is in trouble…. they have been -surprise, surprise- criticized by privacy commissioners around the world on their privacy, or lack of privacy practices 😉
Read more at The New York Times. btw. I need to thank Jack for his tweet on this 🙂
Who’s going to Infosec on 27th April? I will be there and would be great to meet. I hope to be in the Portcullis around lunchtime 😛
I was reading again the article published in the BCS ITNOW issue for summer 2009 and thought it prudent to reiterate some grounding principles that drives their Personal Data Guardianship Code.
Government autorities should be asking “If we link these databases will it help the public or just make our administration easier?”
“Will our adminstration actually be better or cheaper if the data in these linked databases is inaccurate or the linkages are incorrect?”
And finally each person to question “I only want to buy a ticket so why do they want to know my ethnic origin, gender, marital status?”