Analysis and Commentary about Data Protection, GDPR, FOI, Cyber Security and Surveillance laws
Author: actnowtraining
Act Now Training is Europe's leading provider of information governance training, serving government agencies, multinational corporations, financial institutions, and corporate law firms.
Our associates have decades of information governance experience. We pride ourselves on delivering high quality training that is practical and makes the complex simple.
Our extensive programme ranges from short webinars and one day workshops through to higher level practitioner certificate courses delivered online or in the classroom.
The Freedom of Information Act is under attack. What brought us the MPs’ expenses scandal and which has exposed public waste and bad decisions is now the focus of ill formed comment and criticism. Lord O’Donnell, Tony Blair and even David Cameron have all expressed regret and misgivings about FOI. This is all part of a move towards weakening FOI.
The current Post-Legislative Scrutiny will be used to undermine the principles of openness and transparency. Moving from qualified exemptions to absolute ones, introducing charges and reducing the costs limit are all being suggested. This will significantly weaken the Act and the publics’ right to know.
This is a dangerous moment for FOI. With the focus on austerity, and the media being busy in dealing with its own problems, it is time for all those who value democracy to voice their concerns and support the campaign to save FOI.
Act Now and let’s save FOI from Government meddling:
It started when I got a new Tesco credit card. The following day I went to an outlet retail park and bought a few T shirts from Cotton Traders, Craghoppers and similar stores. The next wednesday I received through the post a Craghoppers catalogue. I was intrigued. I’d used Craghoppers decades ago when I was young and fit but the only connection between me and them was my Tesco credit card. No-one in the retail park had asked for my address – they’d just taken payment. Had Tesco supplied my data to Craghoppers? I thought I’d find out. I made a subject access request to Craghoppers.
To ‘customerservices@craghoppers.com’
Date Mon 18/04/2011 15:45
Dear Sir
My address is xxxxxxxxxxxxxxxxxx. If you require anything further to validate this request please tell me.
Please supply me with any personal data you hold on me particularly about the mailing I have just received from you with the media code CE14 and 51574/38122A 516 in the right hand corner of the label.
Please tell me from where you obtained my address. This includes “any information available to the Data Controller as to the source of those data”. (Section 7 (1) (c) (ii) of Data Protection Act 1998).
Regards
Dear Mr xxxxxxxxx
Thank you for your recent email. The only information on our system is your name, address and details of an order you recently placed with us. It appears that until you placed this order none of your details were on our systems, this would indicate that the mailing data for the catalogue you received was sourced from a third party whom you have given permission to share your data. Your account now on our system does not have any mailing options activated.
If we can be of any further assistance please do not hesitate to contact us.
Kind regards
Craghoppers Customer Service Team
Hmmm. This says (I think) that until I bought a shirt (I’m a sucker for shirts) on Monday 18th April at 1552 they didn’t have any personal data on me at all.How then did they send me a catalogue?
I didn’t ask for my mailing options to be de-activated.
I never give my permission for a 3rd party to share my data (I am a DP freak)
It seems someone out there who is not Craghoppers sent me a Craghoppers catalogue. Hmmm… there’s work to do. Little did I realise it would mean many subject access requests and a story of subterfuge and data sharing…
Actually he’s suffering from coughing fits, lack of appetite and lethargy (but that’s irrelevant to the story) and my current vet isn’t making an accurate diagnosis. We’ve had several consultations which all require payment usually £20, boxes of expensive cat food for sensitive stomachs at £1 a pouch (Co-op 30p), an x ray (£200), an injection (£35) and a series of blood test (£77). In total we’re approaching £500 but he’s not getting to the root of the problem.
What would you do if your child wasn’t getting the right diagnosis? You’d ask for a referral to a hospital or maybe a second opinion. You might even ask to see your child’s medical records. But what do you do with a cat? There is no cat hospital and as far as I know there are no specialists or consultants who take over where vets get stuck.
I asked the vet for my cat’s medical history so I could transfer to another vet. He said no. Obviously Data Protection Act doesn’t apply here as I know only too well but who owns my cat’s medical records. Could it be the cat? Is it me or is it the vet? I can’t try Freedom of Information although it would catch doctors so exactly how do I get my cat’s personal data? Is it in the gift of the vet? And if he feels that it would affect his commercial interest if he let a captive cash cat move to another provider can he just say no? Who has any rights here? I might have encountered a grumpy old vet but can I appeal to the commissioner? Which commissioner?
Meanwhile my cat is wasting away. I have no confidence in his current medical practitioner but cannot move to another. I can’t access his data; I can’t use any law to force handover of the data. It’s a catastrophe.
Answers please (and awful puns) to info@actnow.org.uk with Tiddles in the subject line.
Starting today and continuing for some weeks – the Act Now Book Draw.
We have a selection of books relevant to the information/surveillance law sector by some well respected authors. We intend to give one of these books away for FREE every week.
We will put names of all entrants in a hat and draw a winner every Wednesday at 9am. This week’s book is Data Protection Handbook by Peter Carey.
Click here to enter the draw. The first draw will be on 22nd February at 9am.
If you enter the draw and win, you give us permission to let others know that you have won (by e mail, on our website and by Twitter). If you do not want us to do this, please do not enter the draw. Any information we receive through this free draw will not be used for any other purpose.
The Protection of Freedoms Bill, currently at the Report stage in the House of Lords, will amend the Freedom of Information Act 2000 so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. However this may also bring an opportunity to raise some much needed revenue. The key points are:
There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows its re-use where reasonably practicable.
Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
Publication schemes will in future contain a requirement to publish datasets, which have been requested, as well as any updated versions.
Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.
Public authorities will be able to charge a fee for allowing re use of any datasets containing copyright material.
If you want to know more click here to read Ibrahim Hasan’s detailed article.
In this episode Ibrahim Hasan discusses FOI developments and decisions during September and December 2011. This includes Commissioner and Tribunal decisions on:
Information in private e mails
Section 11 and providing summaries
Vexatious requests
Empty properties
The Qualfied Person’s Opinion
And disclosure of statistics
There is also a quick review of recent developments in the world of transparency and FOI. Click here to listen.
We have a few places left on our upcoming ISEB courses in Birmingham.
As we leave the exam season behind for a few months with over 50 Act Now candidates waiting on their results 2 months from now we think we’ve seen enough to offer a few words of advice.
Here are Ten Top tips and comments from candidates, certificate holders & former examiners that might help people thinking of attempting this.
Take the big, expensive course. You knew we’d say that but there is the possibility of direct entry to the exam if you can satisfy ISEB that you have undertaken enough training but not many take the direct route. Those that do miss out on 5 or more days of networking, 5 or more days of practice questions, and many valuable tips from tutors, fellow candidates and previous candidates who have been through the process before. Some direct entry candidates have never seen an edpac sheet before, never written a practice essay, never experienced exam conditions and this takes 10% off their performance.
2. Attend every minute of every day of the course and do the Mock Exam. Experience shows that those who don’t pass often miss part of a day, don’t attend the mock exam, leave early because they have a train to catch and miss out on valuable input.
3. Do all the work. If you’re given a homework then do it. If the tutor recommends to read a report or look up a web link do it. We know and you know in your heart that “the dog ate my homework” is a lazy lie. If the question you should have done in detail turns up in the exam and you haven’t got the answer in your memory banks that’s 10% more.
4. Read the rubric. The exam paper asks you to answer section B questions with bullet points so don’t write an essay. It also asks you to answer section C questions with an essay so don’t use bullet points. It tells you which questions are compulsory and which are optional. Read the rubric. Some candidates don’t and this takes another 10% off.
5. Follow the instructions. There’s not enough room in this article to list every mistake here. Candidates are told to use the pencil to make horizontal marks in the grid to enter their candidate number. They use pens; they write the number in figures, they use diagonal lines, they also write in the date, the name of the exam (which they often get wrong), their own name etc. They’re told to put a straight line through notes and include them with their answers – the use wiggly lines, strike them out, screw them up and put them in the bin. They are told to answer 4 out of 6 questions so they answer 3. (or 5 or in extreme cases 6). In a mock exam we found a candidate who used the pencil supplied for section A to write 20 pages of longhand.
6. Don’t annoy the markers. Make your script easy to read with spaces between points or paragraphs. The last thing a marker wants is a solid block of text 10 or 15 pages long.
7. Write legibly. Always avoid alliteration. Never use a long word when a diminutive one will do. Spell proper and don’t make grammar mistakes.
8. Use some common sense. We’ve heard of candidates arriving after the exam has started or leaving before the end. Candidates who’ve attended a DP revision session and chosen to sit a FOI exam.
9. Don’t think you can get through by just attending the course. You have to put the work in. Reading and revision pays dividends.
10. Finally tales of the unexpected. We know of candidates who have been doing the job for years and doing it very well who have failed to pass even after 2 attempts. We also know of candidates who confused the subject information provisions with the duty to confirm or deny yet manage to pass. It’s not a lottery but you can improve your chances of passing by learning from others who have been through it.
Enjoy your exams. Our ISEB courses are available throughout the UK every quarter. You know where we are. Our next courses are in Birmingham starting in late February.
Google has decided it will change its privacy policy, well not so much change as start to enforce it. Basically all the information it has about you will be shared all across the Google platform unless you say no. This is a simplistic analysis and a much better one is at http://preview.tinyurl.com/7hb9jtg but Apple has decided on a different strategy.
They’ve implemented a new product called Siri. It allows you to talk to your i phone and set up meetings, send messages, add reminders etc all by just talking. It sends to Apple your first name, your nickname, your address book contacts, name, nicknames and relationship with you and your music preferences etc. It’s grreeat.
Unfortunately it also renders my car’s hands free device useless in fact it turns it into a hands on device. I do the same as I usually do when driving – press a green button say who I want to phone and my Parrot dials the number. But with Siri on I go through the same routine and my car says to me “here’s that number you dialled” and requires me to locate my i phone, look at the screen and press the number to confirm it got it right and actually dial it (while crashing into the back of the car in front of me). I’ve gone from a hardcore parrot that did everything I wanted to a nanny Parrot that won’t allow me to do anything at all. (Sounds like a Disney movie with Robin Williams in the lead role).
It also allows me to moan “I was hands free and legal until Apple stepped in…”
No problem. I’ll turn off Siri while I’m in the car then it will work. Success. Why was I fretting? Such a simple fix.
Then I read the bumph on my phone about Siri and it says. “If you turn off Siri Apple will delete all your user data as well as your recent voice input data.”
So the database I’ve been building up which helps Siri know me and serve me as a good slave should is deleted from Apple’s database when I turn off Siri to use the hands free parrot in my car. Google keeps all my data forever even though I don’t want it to but Apple deletes it the instant I stop using one of its products. Every time I enable Siri again it’s like teaching a baby to speak.
No parrots were harmed in writing this article. And before you ask. This parrot is no more! He has ceased to be! ‘E’s expired and gone to meet ‘is maker! ‘E’s a stiff! Bereft of life, ‘e rests in peace! If you hadn’t nailed ‘im to the perch ‘e’d be pushing up the daisies! ‘Is metabolic processes are now ‘istory! ‘E’s off the twig! ‘E’s kicked the bucket, ‘e’s shuffled off ‘is mortal coil, run down the curtain and joined the bleedin’ choir invisible!! THIS IS AN EX-PARROT!!
Martin Gibson, of Buckinghamshire County Council, reflects on the challenges facing a Data Protection Officer and how relationships with the Information Commissioner’s Office have changed over the years.
The issue of cloud computing has been getting huge coverage in recent years for a number of reasons – like the new cookie rules, the word ‘cloud’ offers journalists the opportunity to come up with easy punning headings about “storm clouds” or “cloudy outlook”. Moreover, with a myriad of different companies large (Apple, Microsoft, Google) and small offering a variety of cloud products to both organisation and consumers, the horizon is clouded (see what I did there?) with press releases, interviews and advertorials, all designed to persuade people to part with their data. What are the Data Protection implications? This article focuses on the practical issues that an organisation needs to take into account when thinking about cloud computing.
