European Standards?
Those that say "leak all financial data to The Cousins"?
The European Commission has told the UK government to beef up data protection in order to bring safeguards for British citizens up to European standards. We now have two months to improve the situation and bolster the powers of the Information Commissioner's Office. This is the second stage of the infringement process taken …
"And I, for one, would welcome the EU Commissions input in the rather dubious practice of the Police keeping DNA records of people for X number of years.... even if they are innocent"
The ECHR ruling on this matter was really rather clear, it's just that Smith and later Johnson chose to try and weasel around it in a way that to the casual observer appeared to breach both the spirit and the letter.
The original Coalition Programme document says of the current DNA database "We will adopt the protections of the Scottish model for the DNA database." The Scottish model, IIRC, allows the DNA of innocent people charged with but not convicted of some[0] mostly sexual or violent crimes for three years, with a possible extension of another two years if you can convince a court it's necessary. Everyone else is deleted on acquittal. This is quite a lot better, but only because the English model is so appalling. [0] contains rather a long list of things that you can be accused of and still have your DNA retained on acquittal, including "sodomy".
[0]http://www.scotland.gov.uk/Publications/2008/09/22154244/27
What the penalty is when "anti-fraud data-mining" bulk data transfers are made but no statutory notice is given?
I'm livid at the current setup for the "National Fraud Initiative" whereby the Audit Office gathers personal, banking, address and salary info on all benefit claimants and public sector employees and data mines this for fraud detection purposes. There is nothing we can do to stop these transfers because they are (supposedly) made in the name of fraud prevention and so adhere to the letter (if not the spirit) of the DPA.
I think a transfer happened recently but my employer made no statutory notice; I would love to be able to hook them on this as this process that currently goes on largely unnoticed needs to be exposed.
What?????? Bastards!!!!
IANAL but I believe I'm correct in saying that there's nowt can be done. Or at least, if they can show that is anti-fraud related, then there'll be very little you can do. I've not done any digging on it this morning so this is coming from (a very tired) memory.
Any idea exactly what data is transferred? I.e. is the banking info sortcode and Account Number, or do they kindly keep an eye on your statements for you? Depending which part of the public sector you work in, you're probably on a zillion databases anyway, so just sortcode and account number isn't _that_ big a change (they already have it to pay you - the fraud office could just request it.).
AFAIK I've done nothing wrong, so I've nothing to hide. Doesn't mean I want anyone else seeing the sorry state of my finances though!
Or they are in violation of the DPA. Not only is this spelled out in the DPA itself, there is also a long section about in the Audit Commission's Code of Data Matching Practice, starting on page 16, section 2.8.4, which you can find here http://www.audit-commission.gov.uk/nfi/pages/codeofdatamatchingpractice.aspx [links to pdf]
You might like to give your HR department a copy and ask them why they are in breach, or contact the Audit Office. Don't get your hopes up though, since the remedy consists of :
2.8.6 When providing data to the Commission, participants should submit a declaration confirming compliance with the fair processing notification requirements. If the Commission becomes aware that fair processing requirements have not been adhered to, it should agree the steps necessary for the participant to achieve compliance.
...isn't so much the powers.
The ICO doesn't use what few powers it already has.
The problem is the management and staff of the data protection unit.
They lack independence (according to the EU Agency for Fundamental Rights), they're incompetent to regulate IT (according to their own staff), and they lack resources (according to their management).
Until these parasitic wasters are cleared out and replaced by people willing to robustly protect the public, handing them more powers to these cretins is just a waste of time.
"Until these parasitic wasters are cleared out and replaced by people willing to robustly protect the public, handing them more powers to these cretins is just a waste of time."
Couldn't have put it better myself. Add OFCOM to the list as well.
The civil service has no interest in protecting the public, only in protecting their own jobs.
Can we have some prosecutions over 'Phorm' and the paper that wire tapped all those mobiles. The two "ICO did nothing under Labour" cases that prove the point. Start there and I will believe that the ICO can be saved.
Don't act on that and nothing can be salvaged in which case please EU, fine us really heavily and make it very public in all papers and TV that the Government is to blame (not the taxpayers) It MIGHT make the MP's listen then, everyone knowing they are crap seems to make them change their bad habits.
Nearly every company that I do business with fails to honour my data protection rights. And every time I complain to the ICO it's the same old story - they cannot enforce the law... they only offer guidance. At the end of the day, the only guaranteed way to make an organisation stop sending me direct marketing is to seek a court order under Section 11(2) of the DPA. It's rediculous that I should potentially have to have a case tried in the Crown Court just to make a legitmate company stop abusing my personal e-mail but I've come close to doing it twice.
See www.mindmydata.co.uk for some good advice on how to stop direct marketing.