Personuppgiftslagen – Virtual Shadows

PII Collection – Purpose Limitation & Proportionality

19 March 2015

21:07

Leave a comment on PII Collection – Purpose Limitation & Proportionality

I’ve been publishing on the subject of personal privacy since 2007, and finally, now, in 2015 I decided to take my CIPP/E. The CIPP credential says you know privacy laws and regulations and how to apply them according to the International Association of Privacy Professionals (IAPP).

Why did I take this certification? After all I have a Masters Degree in Information Security in supposedly the most famous (in this subject) globally, with the Royal Holloway University of London (RHUL). I also have an MBA with Henley Management School (University of Reading). On top of 20 years of rich experience in IT and IS, it looks as though I am in the league of ‘over-qualified’ and then ‘what next?’. Or am I?

No! I am driven by a desire to ‘fix the Swedish ID promiscuity problem’. (There is more on this in my blog, lots of posts.) I took CIPP/E to get a toolkit that I could use to stop, my and your Swedish ID, being publicly sold online without my or your consent! So now I finally understand what the problem is, and I believe I can solve this, to finally squash this conflict between ‘freedom of information’ laws and ‘PuL’. Watch this space…..

In Sweden 6 of 10 digits of personal ID is public by law

by Karen

18 May 2014

08:27

1 Comment on In Sweden 6 of 10 digits of personal ID is public by law

Identity, Information Privacy, Legislation, Sweden, TRACE

credit reporting agencies, Data Inspectorate, Datainspektionen, identity fraud, Kreditupplysningslagen, Kronofogdemyndigheten, KuL, personal information, Personuppgiftslagen, PII, PuL, series, Skattemyndigheten, Swedish residents

This makes you vulnerable to identity theft. Swedish residents have no legal right to protect their personal identifying information (PII) which includes the first 6 digits of the 10 digits (AAMMDD-xxxx) of Swedish IDs. Except is if you have a protected identity. Following is the response I received from one of the credit reporting agencies that I contacted.

“We are a credit reporting agency with permission from the Data Inspectorate (Datainspektionen). The data in our database are and should be a reflection of public databases retrieved from authorities such as tax authorities (Skattemyndigheten), payment remarks and debt collecting agencies (Kronofogdemyndigheten), and the bureau of statistics (SCB). Public data means that anyone can contact the respective government authority and get the same information there. We are by the Credit Information Act (Kreditupplysningslagen) required to make changes in our database to correct faults, but you have no right to be omitted from the register. All residents in Sweden who are over the age of 16 are included.

Protected Identity is the only way to hide the address and other personal information with the authorities, and thus also with us, and it may be issued through the tax or police authorities. Once an identity has been protected the data is hidden automatically in our system.”

This was in response to the following request I made.

I would like to kindly request that you do NOT share my personal information with third parties that make money from my personal identifying information, an example is ‘birthday.se”. Due to the sharing of my PII the first 6 digits of my Swedish ID is public, consequences are that it makes me vulnerable to identity fraud.

Can you please confirm that this is done. If not would be be kind enough to give me enough information to understand why not?

Watch out for your identity – if you live in Sweden

by Karen

9 May 2014

15:14

5 Comments on Watch out for your identity – if you live in Sweden

Identity, Legislation, Sweden

Data Protection directive, identity fraud, identity theft, Kreditupplysningslagen (KuL), KuL, Personal Identifying Information, Personuppgiftslagen, Personuppgiftslagen (PUL), PII, PuL, ratsit

Hopping mad you should be if you are a Swedish resident, after taking a visit here http://www.ratsit.se, and search for your name. This is against the Data Protection directive, of which Personuppgiftslagen (PUL) is the legal enactment of. I am so bored of asking to have my name removed, only for it to pop up again later, and now I see that it is impossible to remove your personal identifying information (PII) (http://www.ratsit.se/Content/FaqSearch.aspx)… it is PUBLIC for all to see forever! What a smorgasbord for identity thieves!

I can see how old you are, where you live and the first 6 digits of 10 digits from your Swedish ID!

It seems to be that the Kreditupplysningslagen (KuL) has priority over PuL. In PuL you have a right to personal privacy. You should be informed who has had access, or even viewed your personal information. Now KuL does inform you when a request is made for your creditworthiness, but it doesn’t tell you about who has viewed your Personal Identifying Information (PII) through www.ratsit.se who they share your PII with, for example. Your PII includes your date of birth, where you live, etc…

I am going to make an official compliant to the Datainspektion. If you are interested to add yourself to a petition to support me in this, please Like this Post here on the blog direct, or on LinkedIn or FB status update, wherever you happen to pick this up.

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30