We may pass your data to carefully selected third parties…

It started when I got a new Tesco credit card. The following day I went to an outlet retail park and bought a few T shirts from Cotton Traders, Craghoppers and similar stores. The next wednesday I received through the post a Craghoppers catalogue. I was intrigued. I’d used Craghoppers decades ago when I was young and fit but the only connection between me and them was my Tesco credit card. No-one in the retail park had asked for my address – they’d just taken payment. Had Tesco supplied my data to Craghoppers? I thought I’d find out. I made a subject access request to Craghoppers.

To  ‘customerservices@craghoppers.com’

Date Mon 18/04/2011 15:45

Dear Sir

My  address is xxxxxxxxxxxxxxxxxx. If you require anything further to validate this request please tell me.

Please supply me with any personal data you hold on me particularly about the mailing I have just received from you with the media code CE14 and 51574/38122A  516 in the right hand corner of the label.

Please tell me from where you obtained my address. This includes “any information available to the Data Controller as to the source of those data”. (Section 7 (1) (c) (ii) of Data Protection Act 1998).

Regards

Dear Mr xxxxxxxxx

Thank you for your recent email. The only information on our system is your name, address and details of an order you recently placed with us. It appears that until you placed this order none of your details were on our systems, this would indicate that the mailing data for the catalogue you received was sourced from a third party whom you have given permission to share your data. Your account now on our system does not have any mailing options activated.

If we can be of any further assistance please do not hesitate to contact us.

Kind regards

Craghoppers Customer Service Team

Hmmm. This says (I think) that until I bought a shirt (I’m a sucker for shirts) on Monday 18th April at 1552 they didn’t have any personal data on me at all. How then did they send me a catalogue?

I didn’t ask for my mailing options to be de-activated.

I never give my permission for a 3rd party to share my data (I am a DP freak)

It seems someone out there who is not Craghoppers sent me a Craghoppers catalogue. Hmmm… there’s work to do. Little did I realise it would mean many subject access requests and a story of subterfuge and data sharing…

Read more at  http://www.actnow.org.uk/media/articles/sar2012.pdf

My cat’s got no nose

Actually he’s suffering from coughing fits, lack of appetite and lethargy (but that’s irrelevant to the story) and my current vet isn’t making an accurate diagnosis. We’ve had several consultations which all require payment usually £20, boxes of expensive cat food for sensitive stomachs at £1 a pouch (Co-op 30p), an x ray (£200), an injection (£35) and a series of blood test (£77). In total we’re approaching £500 but he’s not getting to the root of the problem.

What would you do if your child wasn’t getting the right diagnosis? You’d ask for a referral to a hospital or maybe a second opinion. You might even ask to see your child’s medical records. But what do you do with a cat? There is no cat hospital and as far as I know there are no specialists or consultants who take over where vets get stuck.

I asked the vet for my cat’s medical history so I could transfer to another vet. He said no. Obviously Data Protection Act doesn’t apply here as I know only too well but who owns my cat’s medical records. Could it be the cat? Is it me or is it the vet? I can’t try Freedom of Information although it would catch doctors so exactly how do I get my cat’s personal data? Is it in the gift of the vet? And if he feels that it would affect his commercial interest if he let a captive cash cat move to another provider can he just say no? Who has any rights here? I might have encountered a grumpy old vet but can I appeal to the commissioner? Which commissioner?

Meanwhile my cat is wasting away. I have no confidence in his current medical practitioner but cannot move to another. I can’t access his data; I can’t use any law to force handover of the data. It’s a catastrophe.

Answers please (and awful puns) to info@actnow.org.uk with Tiddles in the subject line.

Act Now and bag a book

Starting today and continuing for some weeks – the Act Now Book Draw.

We have a selection of books relevant to the information/surveillance law sector by some well respected authors. We intend to give one of these books away for FREE every week.

We will put names of all entrants in a hat and draw a winner every Wednesday at 9am. This week’s book is Data Protection Handbook by Peter Carey.

Click here to enter the draw. The first draw will be on 22nd February at 9am.

If you enter the draw and win, you give us permission to let others know that you have won (by e mail, on our website and by Twitter). If you do not want us to do this, please do not enter the draw. Any information we receive through this free draw will not be used for any other purpose.

FOI and Datasets


 The Protection of Freedoms Bill, currently at the Report stage in the House of Lords, will amend the Freedom of Information Act 2000 so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. However this may also bring an opportunity to raise some much needed revenue. The key points are:

There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows its re-use where reasonably practicable.

  • Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
  • Publication schemes will in future contain a requirement to publish datasets, which have been requested, as well as any updated versions.
  • Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.
  • Public authorities will be able to charge a fee for allowing re use of any datasets containing copyright material.

If you want to know more click here to read Ibrahim Hasan’s detailed article.

FOI Update Workshop  – This and other FOI developments and cases will be discussed in our forthcoming FOI Update workshops in London and Manchester: http://www.actnow.org.uk/courses/Freedom_of_Information

NEW FOI Podcast – Episode 27

In this episode Ibrahim Hasan discusses FOI developments and decisions during September and December 2011. This includes Commissioner and Tribunal decisions on:

  • Information in private e mails
  • Section 11 and providing summaries
  • Vexatious requests
  • Empty properties
  • The Qualfied Person’s Opinion
  • And disclosure of statistics

There is also a quick review of recent developments in the world of transparency and FOI. Click here to listen.

We have a few places left on our upcoming ISEB courses in Birmingham.

How to pass the ISEB certificate.

As we leave the exam season behind for a few months with over 50 Act Now candidates waiting on their results 2 months from now we think we’ve seen enough to offer a few words of advice.

Here are Ten Top tips and comments from candidates, certificate holders & former examiners that might help people thinking of attempting this.

  1. Take the big, expensive course. You knew we’d say that but there is the possibility of direct entry to the exam if you can satisfy ISEB that you have undertaken enough training but not many take the direct route. Those that do miss out on 5 or more days of networking, 5 or more days of practice questions, and many valuable tips from tutors, fellow candidates and previous candidates who have been through the process before. Some direct entry candidates have never seen an edpac sheet before, never written a practice essay, never experienced exam conditions and this takes 10% off their performance.

2. Attend every minute of every day of the course and do the Mock Exam. Experience shows that those who don’t pass often miss part of a day, don’t attend the mock exam, leave early because they have a train to catch  and miss out on valuable input.

3. Do all the work. If you’re given a homework then do it. If the tutor recommends to read a report or look up a web link do it.  We know and you know in your heart that “the dog ate my homework” is a lazy lie. If the question you should have done in detail turns up in the exam and you haven’t got the answer in your memory banks that’s 10% more.

4. Read the rubric. The exam paper asks you to answer section B questions with bullet points so don’t write an essay. It also asks you to answer section C questions with an essay so don’t use bullet points. It tells you which questions are compulsory and which are optional. Read the rubric. Some candidates don’t and this takes another 10% off.

5. Follow the instructions. There’s not enough room in this article to list every mistake here. Candidates are told to use the pencil to make horizontal marks in the grid to enter their candidate number. They use pens; they write the number in figures, they use diagonal lines, they also write in the date, the name of the exam (which they often get wrong), their own name etc.  They’re told to put a straight line through notes and include them with their answers – the use wiggly lines, strike them out, screw them up and put them in the bin. They are told to answer 4 out of 6 questions so they answer 3. (or 5 or in extreme cases 6). In a mock exam we found a candidate who used the pencil supplied for section A to write 20 pages of longhand.

6. Don’t annoy the markers. Make your script easy to read with spaces between points or paragraphs. The last thing a marker wants is a solid block of text 10 or 15 pages long.

7. Write legibly. Always avoid alliteration. Never use a long word when a diminutive one will do. Spell proper and don’t make grammar mistakes.

8. Use some common sense. We’ve heard of candidates arriving after the exam has started or leaving before the end. Candidates who’ve attended a DP revision session and chosen to sit a FOI exam.

9. Don’t think you can get through by just attending the course. You have to put the work in. Reading and revision pays dividends.

10. Finally tales of the unexpected. We know of candidates who have been doing the job for years and doing it very well who have failed to pass even after 2 attempts. We also know of candidates who confused the subject information provisions with the duty to confirm or deny yet manage to pass. It’s not a lottery but you can improve your chances of passing by learning from others who have been through it.

Enjoy your exams. Our ISEB courses are available throughout the UK every quarter. You know where we are. Our next courses are in Birmingham starting in late February.

What’s green & white and doesn’t sound like a Parrot.

My new i phone….

Google has decided it will change its privacy policy, well not so much change as start to enforce it. Basically all the information it has about you will be shared all across the Google platform unless you say no. This is a simplistic analysis and a much better one is at http://preview.tinyurl.com/7hb9jtg but Apple has decided on a different strategy.

They’ve implemented a new product called Siri. It allows you to talk to your i phone and set up meetings, send messages, add reminders etc all by just talking. It sends to Apple your first name, your nickname, your address book contacts, name, nicknames and relationship with you and your music preferences etc.  It’s grreeat.

Unfortunately it also renders my car’s hands free device useless in fact it turns it into a hands on device. I do the same as I usually do when driving – press a green button say who I want to phone and my Parrot dials the number. But with Siri on I go through the same routine and my car says to me “here’s that number you dialled” and requires me to locate my i phone, look at the screen and press the number to confirm it got it right and actually dial it (while crashing into the back of the car in front of me). I’ve gone from a hardcore parrot that did everything I wanted to a nanny Parrot that won’t allow me to do anything at all. (Sounds like a Disney movie with Robin Williams in the lead role).

It also allows me to moan “I was hands free and legal until Apple stepped in…”

No problem. I’ll turn off Siri while I’m in the car then it will work. Success. Why was I fretting? Such a simple fix.

Then I read the bumph on my phone about Siri and it says. “If you turn off Siri Apple will delete all your user data as well as your recent voice input data.”

So the database I’ve been building up which helps Siri know me and serve me as a good slave should is deleted from Apple’s database when I turn off Siri to use the hands free parrot in my car. Google keeps all my data forever even though I don’t want it to but Apple deletes it the instant I stop using one of its products. Every time I enable Siri again it’s like teaching a baby to speak.

No parrots were harmed in writing this article. And before you ask.  This parrot is no more! He has ceased to be! ‘E’s expired and gone to meet ‘is maker! ‘E’s a stiff! Bereft of life, ‘e rests in peace! If you hadn’t nailed ‘im to the perch ‘e’d be pushing up the daisies! ‘Is metabolic processes are now ‘istory! ‘E’s off the twig! ‘E’s kicked the bucket, ‘e’s shuffled off ‘is mortal coil, run down the curtain and joined the bleedin’ choir invisible!! THIS IS AN EX-PARROT!!

Cloud Computing and Data Protection

The issue of cloud computing has been getting huge coverage in recent years for a number of reasons – like the new cookie rules, the word ‘cloud’ offers journalists the opportunity to come up with easy punning headings about “storm clouds” or “cloudy outlook”. Moreover, with a myriad of different companies large (Apple, Microsoft, Google) and small offering a variety of cloud products to both organisation and consumers, the horizon is clouded (see what I did there?) with press releases, interviews and advertorials, all designed to persuade people to part with their data. What are the Data Protection implications?  This article focuses on the practical issues that an organisation needs to take into account when thinking about cloud computing.

Read More Here

DP & FOI. Coming to a school near you.

It may have sneaked under the radar in and around Xmas but an FOI request in Wales to schools produced some alarming stats.

There are at least 2,840 cameras in schools across Wales, one school in Cardiff has 40 cameras for around 190 pupils. Just over a third of all the schools in Wales responded to the Freedom of Information Act request asking about CCTV use on their premises. That means that two thirds don’t do CCTV or worse than that they didn‘t realise they had to reply to FOI requests.

Of the 602 that replied, 519 provided some or all of the information requested while 83 refused to answer any of the questions.

Of those surveyed, 54% admitted they had not given full information about the location of cameras and times they were filming to parents.

This is neither rocket science nor brain surgery. If you use CCTV cameras you tell people likely to be filmed that you are doing it. It’s called fair processing and is Principle 1 of the Act. The simple solution is putting up signs at every entrance to the school grounds saying that filming is taking place and why. Design them yourself if you feel like it or you can buy them cheaply from many office suppliers. What you don’t do is not tell parents & pupils that you’re filming. Failure to comply with a principle can lead to a criminal offence. Principle 1 says processing should be Fair and Lawful.

Furthermore if someone asks a question using Freedom of Information about a process (CCTV) that should be part of a fair processing notice and 83 schools refuse to answer some-one somewhere should ask to see their refusal notices (sounds like FOI request to me) as there are no real grounds for refusing as the information should already supplied to Parents & Pupils. Doesn’t the commissioner have the power to issue an enforcement notice without a complaint if he feels there is an issue that needs addressing? Is 83 schools a big issue?

See the report and the spreadsheets that support this at http://tinyurl.com/78bydsw

But before we all harrumph at the standard of compliance with Information Law in welsh schools let’s ask our local school some simple questions.

  • Can I see your Publication Scheme?
  • Please give me a copy of your Privacy policy.
  • Do you use CCTV in the school?
  • Can I see a copy of your Notification?

You should get 4 answers by return all reassuring you that your local school knows what it’s doing. One missing or a long delay and you know something just ain’t right.

If you want to be more sneaky you can see if your local school has notified their processing to the ICO by searching the register of Data Controllers. You may be surprised. At a course in the North East a few years ago we had over 30 schools in the audience. I suggested that at coffee break we could get online and check a few schools to see if they were on the ICO’s register. We tried 6 before we found one who had done it. (An offence – Section 17 followed by Section 21).

Act Now has a briefing for schools on DP & FOI. Half a day at venues throughout the UK. We also have online courses in this area. See http://www.actnow.org.uk/courses/Schools

Exit mobile version
%%footer%%