PL&B UK E-news, Issue 80

1. Communications draft bill expected soon

The Home Office is working on proposals to change the ways communications data can be intercepted and collected, and a draft bill is expected in December. Primary legislation will be needed if the proposals clash with the Data Protection Act.

The Home Secretary, Jacqui Smith, however, said in a speech at the Institute for Public Policy Research Commission on 15 October that there are ‘no plans for an enormous database which will contain the content of your e-mails, the texts that you send or the chats you have on the phone or online. Nor are we going to give local authorities the power to trawl through such a database in the interest of investigating lower level criminality under the spurious cover of counter terrorist legislation.’

The Information Commissioner called for a full public debate in the summer ‘about the justification for, and implications of, a specially created database — potentially accessible to a wide range of law-enforcement authorities — holding details of everyone's telephone and internet communications.'

2. EDS loses data on 100,000 armed forces personnel

EDS, the Ministry of Defence’s main IT contractor, has lost a hard drive containing 1.5m pieces of information. The portable drive is believed to include names and addresses, passport numbers, dates of birth and driving licence details of around 100,000 army, navy and RAF personnel, as well as their next-of-kin. It is not known whether the information was encrypted. The data also includes details of 600,000 people who have applied or shown an interest in applying for the Armed Forces.

MOD said in a statement: ‘The information held will not be the same for every individual. In some cases, for casual enquiries, the record will be no more than a name and contact details...for those who progressed as far as submitting an application to join the Forces, more extensive personal data may be held, including passport details, National Insurance numbers, drivers’ licence details, family details, doctors’ addresses and National Health Service numbers.’

The loss was discovered during a priority audit EDS is conducting to comply with the Cabinet Office data handling review.

3. ICO finds Liberal Democrats in breach of PERC

The Information Commissioner’s Office has taken enforcement action against the Liberal Democrats after finding the party in breach of the Privacy and Electronic Communications Regulations.

The party had made automated phone calls at the time of its party conference in September. The calls, which featured a recorded message from Nick Clegg, were seen by the ICO as direct marketing as they were made to promote the party. The ICO therefore concluded that the party was in breach of the Privacy and Electronic Communications Regulations (PERC), which prohibit making automated unsolicited marketing calls without prior consent.

The Enforcement Notice is issued on 25 September.

4. Virgin Media found in breach of DP Act

Virgin Media, following the loss of an unencrypted CD containing personal details of 3,000 customers, has been found to have breached the DP Act. Virgin Media has agreed to sign an undertaking which requires it to implement additional security measures to protect customers’ personal information more effectively, eg. encrypt all portable or mobile devices which store and transmit personal information.

Mick Gorrill, Assistant Commissioner at the ICO, said on 30 September: “The Data Protection Act clearly states that organisations must keep personal information secure. Virgin Media recognises the seriousness of this data loss and has agreed to take the immediate remedial action that we have outlined in order to protect its customers’ personal details."

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2008