Wednesday, 1 May 2013

Experience has shown us that people have all sorts of reasons to find out if an organisation has been using their personal information appropriately!  The Data Protection Act 1998 allows each individual to “control” how our information is used and we can find out how an organisation is using our information using this Act  - if you want to find out more, please contact Robyn on 07745 772564 or email or even post here on the page and we can meet to discuss further!

Friday, 5 April 2013

Many People see the Data Protection Act 1998 as onerous red tape!  In order to utilise this actually quite powerful piece of legislation, your compliance needs to in place first! At aDaVista, we offer a free consultation to discuss how we can help you avoid heavy fines; committing criminal offences etc and boost the credibility and trust in your business/organisation by putting in place appropriate policies etc to achieve this compliance.

Tuesday, 19 March 2013

Are you wanting to “tap into” the world of public sector tendering?  Are you wondering what your local school/hospital pay for a certain service or whether they are prepared to work with you?  We can help you gain the knowledge you need to make these decisions by utilising the Freedom of Information Act 2000 (for a modest fee!) – get in touch if you want to know more.

Tuesday, 29 May 2012

Cookies - enforcement is now a real possibility

Cookies – “enforcement” now a real possibility
According to the latest press release from the ICO (Information Commissioner’s Office )..
“The rules on cookies are covered by the Privacy and Electronic Communications Regulations. The Regulations also cover similar technologies for storing information eg Flash Cookies.  The Regulations were revised in 2011 and the ICO is responsible for enforcing these new rules...”
The ICO gave a “reprieve” period of one year from when the Amendment came into force – 26 May 2011 – for organisations to address how they may comply with the rules, using ICO published Guidance.  So – in theory – from last Saturday (26 May 2012) you could be in line for a fine up to £1000 for non-compliance if you have not – in line with the Guidance – conducted an audit of your website to see if you utilise cookies; assessed the extent of privacy intrusion and found a method of consent request if necessary (again in line with the Guidance) and appropriately amended your website Privacy Policy.  If you ask your web developer for help and he/she “obstructs” you, they too could be in line for a £1000 fine.
The author was alarmed to hear on national radio on Saturday that fines up to £500,000 were being quoted.  I have spent 6 months carefully reviewing the ICO guidance and can find no mention of anything higher than £1000 – which is bad enough if you are a small enterprise!
You should also be aware that ICO have developed a “tool” by which the public can report websites they don’t believe to be complaint with the new cookies rules.  Anyone can block cookies from being put on their equipment using their browser settings, but this is not necessarily a good thing as cookies can prove useful to the web visitor as well as for the web owner..
If you want to find out more, then why not get in touch...

Have you secured your wi-fi network? Perhaps you should..

Secure your wi-fi network..
Google in trouble again over Street view Cars data uploads
Big article in the Sunday Times 27th May 2012
In 2009/2010, Google sent out “Street View Cars” around the world to gather data to launch “street View” – the ability to zoom in on a Google map and actually see what the road/landmark looks like.  This service – as this author knows well – is very useful if you are going somewhere you haven’t been before and have little sense of direction on a map.
HOWEVER – there was an outcry at the time that privacy was being invaded – cameras peering over boundary fences, through front windows and the like.. the ICO (Information Commissioner’s Office – privacy regulator in the UK) investigated these claims at the time and found that, according to information provided by Google, not much personal data was being collated and they (Google) would block faces, number plates etc.  The ICO also told Google to delete all the data it had collated for which it had no business purpose..
BUT an American investigation has now uncovered further documentation – presumably previously not shown to the ICO – that clearly reveal that software was designed for the vehicles to intentionally  capture “personal data from home computers for use in other products” – emails, text messages, passwords, photographs, etc from unsecured wi-fi networks.
If ever there was an advert to convince you that you should secure your network – this is surely it!
In May 2010 Google stated that software had been installed “by mistake”.
According to the Sunday Times Article, this was definitely not the case!  In light of the American Report, all European data protection regulators are being urged by the European Commission to re-open investigations.
Google are quoted in the Article as saying..
“We have always been clear that the leaders of this project did not want or inted to use this payload data. Indeed Google never used it in any of our products or services”
Then the question has to be – why did Google collect the data? Collecting it when you don’t have a use for it is just as illegal (under the UK Data Protection Act 1998) as using it for nefarious purposes! – at least to this author’s understanding of the legislation.
This is a story without end currently......

Thursday, 12 April 2012

Google's Privacy Policy

Google’s new all-encompassing Privacy Policy was issued on 1st March 2012.. and has been attracting a lot of controversy, not least with the EU Commission and the French Data Protection Authority, CNIL.  Both have announced publicly and direct to Google that the Policy does not meet the EU Directive on Data Protection on the grounds of “fairness and transparency”.
I have read articles about all this and have read the Policy itself very carefully.  The CNIL is yet, as far as I can tell, to elaborate further on its criticisms.  From my knowledge-base (which is not as a lawyer!), apart from the fact that it is written in “legalese”, the policy seems quite clear on what Google will do with your information which you hand over of your own free will! I can also imagine that the transfer of your personal data between the different companies globally is an issue if the appropriate authorisations from relevant countries and the EU Commission have not been sought (Principle 8).
Please note that this is only my opinion based on what is currently available and my knowledge of the UK Data Protection Act 1998 (based on the EU Directive).  I have to say I have read many Privacy Policies that are a lot less clear than the Google version and a lot less compliant!  I shall watch this story unfold with interest.