Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner's Office (ICO) has said. In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the …
Would that include
Tesco's face-recognition software tying up your visage with other information that they hold against your ClubCard record?
or Google scanning your e-mails and contact lists for unspecified purposes?
"There will likely continue to be alternatives to relying on an individual’s consent to process their personal information" - In which case the new rules probably still aren't strong enough...
How about "No" means "No"
Just a thought.
"An obvious first move...
...would be to make sure you know which individuals you hold information about and where it is kept. Then at least if something does go wrong you will know who is affected and who you may need to contact."
If they've not already got that covered, which they should have under the current DPA, then they should have their arses well and truly reamed out.
And by 'they' I mean anyone who keeps data covered by the DPA.
Personally, I'd rather see the on-selling of any 'personal data' outlawed.
Re: "An obvious first move...
unfortunately, the revolving door between Govt and Megacorp has seen so many outsourced data activities. Basically we are asking the Govt to sue itself...
Re: "An obvious first move...
>Personally, I'd rather see the on-selling of any 'personal data' outlawed.
Or at the very least include data tracking information so that when I get contracted by company "X" who I've never done business with I can find out the name of company "Y" who sold them my data and make sure I stop doing business with them.
Link to the blog post
It's all a waste of time
It doesn't matter what new laws are introduced, the fact remains that the ICO will only take action against a commercial organisation in extreme circumstances.
For example, through a series of subject access requests I identified the order of events that led to me receiving an unidentified PPI text on my mobile phone. The company that sent the text were told by the ICO not to hid their ID in a text - that's it! The company that provided them with my mobile phone number failed to comply with my subject access request. The ICO contacted them on my behalf and told them to comply. We waited another 40 days - no reply. The ICO wrote to the company again, we waited 40 days but still no reply. They've now contacted them for the third time and they're not going to get a reply because the company is likely to be illegally farming mobile phone numbers.
The ICO have informed me that this is the last time they're going to try and It'll then be up to me to spend a couple of thousand pounds to seek a court order under section 7(9) of the DPA to make the company comply with my Subject Access Request. So much for the ICO's big crack-down on PPI companies.
- Leaked screenshots show next Windows kernel to be a perfect 10
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK