
Would that include
Tesco's face-recognition software tying up your visage with other information that they hold against your ClubCard record?
or Google scanning your e-mails and contact lists for unspecified purposes?
Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner's Office (ICO) has said. In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the …
...would be to make sure you know which individuals you hold information about and where it is kept. Then at least if something does go wrong you will know who is affected and who you may need to contact."
If they've not already got that covered, which they should have under the current DPA, then they should have their arses well and truly reamed out.
And by 'they' I mean anyone who keeps data covered by the DPA.
Personally, I'd rather see the on-selling of any 'personal data' outlawed.
>Personally, I'd rather see the on-selling of any 'personal data' outlawed.
This.
Or at the very least include data tracking information so that when I get contracted by company "X" who I've never done business with I can find out the name of company "Y" who sold them my data and make sure I stop doing business with them.
It doesn't matter what new laws are introduced, the fact remains that the ICO will only take action against a commercial organisation in extreme circumstances.
For example, through a series of subject access requests I identified the order of events that led to me receiving an unidentified PPI text on my mobile phone. The company that sent the text were told by the ICO not to hid their ID in a text - that's it! The company that provided them with my mobile phone number failed to comply with my subject access request. The ICO contacted them on my behalf and told them to comply. We waited another 40 days - no reply. The ICO wrote to the company again, we waited 40 days but still no reply. They've now contacted them for the third time and they're not going to get a reply because the company is likely to be illegally farming mobile phone numbers.
The ICO have informed me that this is the last time they're going to try and It'll then be up to me to spend a couple of thousand pounds to seek a court order under section 7(9) of the DPA to make the company comply with my Subject Access Request. So much for the ICO's big crack-down on PPI companies.
Webmaster: www.mindmydata.co.uk