Tuesday, 29 May 2012

Cookies - enforcement is now a real possibility

Cookies – “enforcement” now a real possibility
According to the latest press release from the ICO (Information Commissioner’s Office )..
“The rules on cookies are covered by the Privacy and Electronic Communications Regulations. The Regulations also cover similar technologies for storing information eg Flash Cookies.  The Regulations were revised in 2011 and the ICO is responsible for enforcing these new rules...”
The ICO gave a “reprieve” period of one year from when the Amendment came into force – 26 May 2011 – for organisations to address how they may comply with the rules, using ICO published Guidance.  So – in theory – from last Saturday (26 May 2012) you could be in line for a fine up to £1000 for non-compliance if you have not – in line with the Guidance – conducted an audit of your website to see if you utilise cookies; assessed the extent of privacy intrusion and found a method of consent request if necessary (again in line with the Guidance) and appropriately amended your website Privacy Policy.  If you ask your web developer for help and he/she “obstructs” you, they too could be in line for a £1000 fine.
The author was alarmed to hear on national radio on Saturday that fines up to £500,000 were being quoted.  I have spent 6 months carefully reviewing the ICO guidance and can find no mention of anything higher than £1000 – which is bad enough if you are a small enterprise!
You should also be aware that ICO have developed a “tool” by which the public can report websites they don’t believe to be complaint with the new cookies rules.  Anyone can block cookies from being put on their equipment using their browser settings, but this is not necessarily a good thing as cookies can prove useful to the web visitor as well as for the web owner..
If you want to find out more, then why not get in touch...

Have you secured your wi-fi network? Perhaps you should..

Secure your wi-fi network..
Google in trouble again over Street view Cars data uploads
Big article in the Sunday Times 27th May 2012
In 2009/2010, Google sent out “Street View Cars” around the world to gather data to launch “street View” – the ability to zoom in on a Google map and actually see what the road/landmark looks like.  This service – as this author knows well – is very useful if you are going somewhere you haven’t been before and have little sense of direction on a map.
HOWEVER – there was an outcry at the time that privacy was being invaded – cameras peering over boundary fences, through front windows and the like.. the ICO (Information Commissioner’s Office – privacy regulator in the UK) investigated these claims at the time and found that, according to information provided by Google, not much personal data was being collated and they (Google) would block faces, number plates etc.  The ICO also told Google to delete all the data it had collated for which it had no business purpose..
BUT an American investigation has now uncovered further documentation – presumably previously not shown to the ICO – that clearly reveal that software was designed for the vehicles to intentionally  capture “personal data from home computers for use in other products” – emails, text messages, passwords, photographs, etc from unsecured wi-fi networks.
If ever there was an advert to convince you that you should secure your network – this is surely it!
In May 2010 Google stated that software had been installed “by mistake”.
According to the Sunday Times Article, this was definitely not the case!  In light of the American Report, all European data protection regulators are being urged by the European Commission to re-open investigations.
Google are quoted in the Article as saying..
“We have always been clear that the leaders of this project did not want or inted to use this payload data. Indeed Google never used it in any of our products or services”
Then the question has to be – why did Google collect the data? Collecting it when you don’t have a use for it is just as illegal (under the UK Data Protection Act 1998) as using it for nefarious purposes! – at least to this author’s understanding of the legislation.
This is a story without end currently......