Act Now Book Draw Week 6

The winner of this week’s Act Now Book Draw was Peter Dinsdale from Newcastle University.

Next week’s bookGringras: The Laws of the Internet (3rd Edition) is Gringras: The Laws of the Internet (3rd Edition) by Elle Todd.

The next draw will take place on Wednesday 4th April at 9am. Click here to enter the draw.

If you enter the draw and win, you give us permission to let others know that you have won (by e mail, on our website and by Twitter). If you do not want us to do this, please do not enter the draw. Any information we receive through this free draw will not be used for any other purpose.

R.I.P. Tiddles – A Cat’s Tale

Maybe it was when he realised he couldn’t access his medical data (through his human owner); maybe it was the lack of a satisfactory diagnosis; maybe it was feline immunodeficiency virus that caused the lesions on all limbs and the infection in his nose and ears but Tiddles disappeared Tuesday morning at 8 am after a full pouch of Felix salmon in jelly. His owners spent 88 hours ch chewing at the front door but it looked like he’d run away to die (research on google revealed that this was a likely outcome). Friday evening and he turned up out of the blue looking very weak and bedraggled. Following day he was taken to the second opinion who made an appointment for an emergency FIV and leukaemia test at a local animal hospital. Despite a negative test the vet decided that the best advice was to put him out of his misery. He’d lost 35% of his body weight; had difficulty walking, slept 23 hours a day and was wasting away. He was 5 years old. At 1400 on Saturday 10th March Tiddles moved outside the scope of the Data Protection Act although he never had any Principle 6 rights as he failed most of the Durant tests. This post not tagged DP or privacy or SAR or anything. Just a shaggy cat story.

Act Now Book Draw Week 3

Data Protection: Legal Compliance and Good Practice for EmployersThe winner of this week’s Act Now Book Draw was

Melanie Cartwright from South Hams District Council.

Next week’s book is Data Protection: Legal Compliance and Good Practice for Employers by Lynda Macdonald.

The next draw will take place on Wednesday 14th March at 9am. Click here to enter the draw.

If you enter the draw and win, you give us permission to let others know that you have won (by e mail, on our website and by Twitter). If you do not want us to do this, please do not enter the draw. Any information we receive through this free draw will not be used for any other purpose.

We may pass your data to carefully selected third parties…

It started when I got a new Tesco credit card. The following day I went to an outlet retail park and bought a few T shirts from Cotton Traders, Craghoppers and similar stores. The next wednesday I received through the post a Craghoppers catalogue. I was intrigued. I’d used Craghoppers decades ago when I was young and fit but the only connection between me and them was my Tesco credit card. No-one in the retail park had asked for my address – they’d just taken payment. Had Tesco supplied my data to Craghoppers? I thought I’d find out. I made a subject access request to Craghoppers.

To  ‘’

Date Mon 18/04/2011 15:45

Dear Sir

My  address is xxxxxxxxxxxxxxxxxx. If you require anything further to validate this request please tell me.

Please supply me with any personal data you hold on me particularly about the mailing I have just received from you with the media code CE14 and 51574/38122A  516 in the right hand corner of the label.

Please tell me from where you obtained my address. This includes “any information available to the Data Controller as to the source of those data”. (Section 7 (1) (c) (ii) of Data Protection Act 1998).


Dear Mr xxxxxxxxx

Thank you for your recent email. The only information on our system is your name, address and details of an order you recently placed with us. It appears that until you placed this order none of your details were on our systems, this would indicate that the mailing data for the catalogue you received was sourced from a third party whom you have given permission to share your data. Your account now on our system does not have any mailing options activated.

If we can be of any further assistance please do not hesitate to contact us.

Kind regards

Craghoppers Customer Service Team

Hmmm. This says (I think) that until I bought a shirt (I’m a sucker for shirts) on Monday 18th April at 1552 they didn’t have any personal data on me at all. How then did they send me a catalogue?

I didn’t ask for my mailing options to be de-activated.

I never give my permission for a 3rd party to share my data (I am a DP freak)

It seems someone out there who is not Craghoppers sent me a Craghoppers catalogue. Hmmm… there’s work to do. Little did I realise it would mean many subject access requests and a story of subterfuge and data sharing…


My cat’s got no nose

Actually he’s suffering from coughing fits, lack of appetite and lethargy (but that’s irrelevant to the story) and my current vet isn’t making an accurate diagnosis. We’ve had several consultations which all require payment usually £20, boxes of expensive cat food for sensitive stomachs at £1 a pouch (Co-op 30p), an x ray (£200), an injection (£35) and a series of blood test (£77). In total we’re approaching £500 but he’s not getting to the root of the problem.

What would you do if your child wasn’t getting the right diagnosis? You’d ask for a referral to a hospital or maybe a second opinion. You might even ask to see your child’s medical records. But what do you do with a cat? There is no cat hospital and as far as I know there are no specialists or consultants who take over where vets get stuck.

I asked the vet for my cat’s medical history so I could transfer to another vet. He said no. Obviously Data Protection Act doesn’t apply here as I know only too well but who owns my cat’s medical records. Could it be the cat? Is it me or is it the vet? I can’t try Freedom of Information although it would catch doctors so exactly how do I get my cat’s personal data? Is it in the gift of the vet? And if he feels that it would affect his commercial interest if he let a captive cash cat move to another provider can he just say no? Who has any rights here? I might have encountered a grumpy old vet but can I appeal to the commissioner? Which commissioner?

Meanwhile my cat is wasting away. I have no confidence in his current medical practitioner but cannot move to another. I can’t access his data; I can’t use any law to force handover of the data. It’s a catastrophe.

Answers please (and awful puns) to with Tiddles in the subject line.

Act Now and bag a book

Starting today and continuing for some weeks – the Act Now Book Draw.

We have a selection of books relevant to the information/surveillance law sector by some well respected authors. We intend to give one of these books away for FREE every week.

We will put names of all entrants in a hat and draw a winner every Wednesday at 9am. This week’s book is Data Protection Handbook by Peter Carey.

Click here to enter the draw. The first draw will be on 22nd February at 9am.

If you enter the draw and win, you give us permission to let others know that you have won (by e mail, on our website and by Twitter). If you do not want us to do this, please do not enter the draw. Any information we receive through this free draw will not be used for any other purpose.

How to pass the ISEB certificate.

As we leave the exam season behind for a few months with over 50 Act Now candidates waiting on their results 2 months from now we think we’ve seen enough to offer a few words of advice.

Here are Ten Top tips and comments from candidates, certificate holders & former examiners that might help people thinking of attempting this.

  1. Take the big, expensive course. You knew we’d say that but there is the possibility of direct entry to the exam if you can satisfy ISEB that you have undertaken enough training but not many take the direct route. Those that do miss out on 5 or more days of networking, 5 or more days of practice questions, and many valuable tips from tutors, fellow candidates and previous candidates who have been through the process before. Some direct entry candidates have never seen an edpac sheet before, never written a practice essay, never experienced exam conditions and this takes 10% off their performance.

2. Attend every minute of every day of the course and do the Mock Exam. Experience shows that those who don’t pass often miss part of a day, don’t attend the mock exam, leave early because they have a train to catch  and miss out on valuable input.

3. Do all the work. If you’re given a homework then do it. If the tutor recommends to read a report or look up a web link do it.  We know and you know in your heart that “the dog ate my homework” is a lazy lie. If the question you should have done in detail turns up in the exam and you haven’t got the answer in your memory banks that’s 10% more.

4. Read the rubric. The exam paper asks you to answer section B questions with bullet points so don’t write an essay. It also asks you to answer section C questions with an essay so don’t use bullet points. It tells you which questions are compulsory and which are optional. Read the rubric. Some candidates don’t and this takes another 10% off.

5. Follow the instructions. There’s not enough room in this article to list every mistake here. Candidates are told to use the pencil to make horizontal marks in the grid to enter their candidate number. They use pens; they write the number in figures, they use diagonal lines, they also write in the date, the name of the exam (which they often get wrong), their own name etc.  They’re told to put a straight line through notes and include them with their answers – the use wiggly lines, strike them out, screw them up and put them in the bin. They are told to answer 4 out of 6 questions so they answer 3. (or 5 or in extreme cases 6). In a mock exam we found a candidate who used the pencil supplied for section A to write 20 pages of longhand.

6. Don’t annoy the markers. Make your script easy to read with spaces between points or paragraphs. The last thing a marker wants is a solid block of text 10 or 15 pages long.

7. Write legibly. Always avoid alliteration. Never use a long word when a diminutive one will do. Spell proper and don’t make grammar mistakes.

8. Use some common sense. We’ve heard of candidates arriving after the exam has started or leaving before the end. Candidates who’ve attended a DP revision session and chosen to sit a FOI exam.

9. Don’t think you can get through by just attending the course. You have to put the work in. Reading and revision pays dividends.

10. Finally tales of the unexpected. We know of candidates who have been doing the job for years and doing it very well who have failed to pass even after 2 attempts. We also know of candidates who confused the subject information provisions with the duty to confirm or deny yet manage to pass. It’s not a lottery but you can improve your chances of passing by learning from others who have been through it.

Enjoy your exams. Our ISEB courses are available throughout the UK every quarter. You know where we are. Our next courses are in Birmingham starting in late February.

What’s green & white and doesn’t sound like a Parrot.

My new i phone….

Google has decided it will change its privacy policy, well not so much change as start to enforce it. Basically all the information it has about you will be shared all across the Google platform unless you say no. This is a simplistic analysis and a much better one is at but Apple has decided on a different strategy.

They’ve implemented a new product called Siri. It allows you to talk to your i phone and set up meetings, send messages, add reminders etc all by just talking. It sends to Apple your first name, your nickname, your address book contacts, name, nicknames and relationship with you and your music preferences etc.  It’s grreeat.

Unfortunately it also renders my car’s hands free device useless in fact it turns it into a hands on device. I do the same as I usually do when driving – press a green button say who I want to phone and my Parrot dials the number. But with Siri on I go through the same routine and my car says to me “here’s that number you dialled” and requires me to locate my i phone, look at the screen and press the number to confirm it got it right and actually dial it (while crashing into the back of the car in front of me). I’ve gone from a hardcore parrot that did everything I wanted to a nanny Parrot that won’t allow me to do anything at all. (Sounds like a Disney movie with Robin Williams in the lead role).

It also allows me to moan “I was hands free and legal until Apple stepped in…”

No problem. I’ll turn off Siri while I’m in the car then it will work. Success. Why was I fretting? Such a simple fix.

Then I read the bumph on my phone about Siri and it says. “If you turn off Siri Apple will delete all your user data as well as your recent voice input data.”

So the database I’ve been building up which helps Siri know me and serve me as a good slave should is deleted from Apple’s database when I turn off Siri to use the hands free parrot in my car. Google keeps all my data forever even though I don’t want it to but Apple deletes it the instant I stop using one of its products. Every time I enable Siri again it’s like teaching a baby to speak.

No parrots were harmed in writing this article. And before you ask.  This parrot is no more! He has ceased to be! ‘E’s expired and gone to meet ‘is maker! ‘E’s a stiff! Bereft of life, ‘e rests in peace! If you hadn’t nailed ‘im to the perch ‘e’d be pushing up the daisies! ‘Is metabolic processes are now ‘istory! ‘E’s off the twig! ‘E’s kicked the bucket, ‘e’s shuffled off ‘is mortal coil, run down the curtain and joined the bleedin’ choir invisible!! THIS IS AN EX-PARROT!!

Those Were the Days!

Martin Gibson, of Buckinghamshire County Council, reflects on the challenges facing a Data Protection Officer and how relationships with the Information Commissioner’s Office have changed over the years.

Read more here

Cloud Computing and Data Protection

The issue of cloud computing has been getting huge coverage in recent years for a number of reasons – like the new cookie rules, the word ‘cloud’ offers journalists the opportunity to come up with easy punning headings about “storm clouds” or “cloudy outlook”. Moreover, with a myriad of different companies large (Apple, Microsoft, Google) and small offering a variety of cloud products to both organisation and consumers, the horizon is clouded (see what I did there?) with press releases, interviews and advertorials, all designed to persuade people to part with their data. What are the Data Protection implications?  This article focuses on the practical issues that an organisation needs to take into account when thinking about cloud computing.

Read More Here

%d bloggers like this: