back to article UK gets the Ashley Madison fear: Data privacy moans on the up

Consumer complaints about the way personal data is handled increased by 30 per cent from 2013 to 2014, according to figures from Pinsent Masons, acquired via several Freedom of Information requests to the Information Commissioners Office (ICO). Complaints about the security of personal information rose from 886 in 2013 to 1, …

  1. Vimes

    Except that the attack on Ashley Madison happened this year, not back in 2013-2014?

    Perhaps there would be fewer problems if the ICO actually *USED* that power to fine people? Their over-reliance on toothless decision notices (little more than those making the mistakes telling us that they promise they'll do better - honest!) is part of the problem.

    1. Vimes

      Getting the DPA and FoIA mixed up there - was referring to undertakings of course.

    2. Graham Marsden
      Flame

      "over-reliance on toothless decision notices"

      And "Lessons Have Been Learned" is *not* a valid response!

      1. Tony S

        Re: "over-reliance on toothless decision notices"

        @ Graham Marsden

        "And "Lessons Have Been Learned" is *not* a valid response!"

        I'd really like to know how many times that phrase has actually been used over the last five years. It seems that almost every other article relating to public sector matters has some spokesperson trotting it out, almost as a default response.

        A bit like "turn it off and on again" in IT.

      2. Doctor Syntax Silver badge

        Re: "over-reliance on toothless decision notices"

        ' "Lessons Have Been Learned" is *not* a valid response!'

        And "We take your privacy seriously" is on a par with "your call is important to us".

        1. Captain DaFt

          Re: "over-reliance on toothless decision notices"

          "And "We take your privacy seriously" is on a par with "your call is important to us"."

          It makes more sense if you add a comma:

          "We take your privacy, seriously."

    3. phil dude
      Thumb Up

      precisely....

      mod-up @Vimes.

      It has become too *cheap* for these organisations to have our data - and that includes the government.

      Make it expensive enough that they will not want it unless it is *actually* needed.

      P.

  2. Vimes

    I'd be interested to hear how many complaints are considered valid compared against how many actually lead to real action (undertakings don't count).

    If the ICO actually acted like it had teeth - like they keep on claiming they do - then maybe they would be taken more seriously. As it is they're little more than a joke.

    1. LegalAlien

      Problem is...

      ...that successive governments, both red and blue, have deliberatley under-funded the ICO. The new DP Regulation, which harmonises the law accross the 28 EU Member States, may change that, because the UK ICO will have to be just as strict/uniform in its application of the law as, say, the Germans....

      1. Vimes

        Re: Problem is...

        I'm not buying that one. They have powers and don't use them - even when they spend all that time and money looking at the cases, despite any problems with staffing that they might be having at the time.

        Anybody with any experience of dealing with the ICO will know that they actively look for excuses not to take any action. They still spend months looking at a case and still come to a decision, so the money has already been spent. Where's the excuse for lack of stronger action?

        1. LucreLout

          Re: Problem is...

          @Vimes

          Anybody with any experience of dealing with the ICO will know that they actively look for excuses not to take any action.

          Yes, quite. That is because the unstated real reason for the ICO to exist is to prevent everyone tying up the courts with cases relating to information processing. Most annoying, especially because they're needlesly gutless - fining companies who break the law could be a significant revenue stream.

          1. Vimes

            Re: Problem is...

            Which is especially puzzling when you consider the government is still busy spending so much time trying to get penniless people to pay court charges and yet they seem so reluctant to actually take action here...

            http://www.independent.co.uk/news/uk/crime/magistrate-quits-after-being-suspended-for-offering-to-pay-asylum-seekers-court-charge-a6672656.html

          2. VinceH

            Re: Problem is...

            "fining companies who break the law could be a significant revenue stream."

            And would also - if the fines are sufficient - become something of a deterrent. As it stands, companies who play fast and loose with the rules probably see the ICO much as we do, and know that the worst they'll get is to be told that they've been naughty and not to do it again.

            1. Vimes

              Re: Problem is...

              They're just as effective as Britney Spears' dietitian... :)

              https://www.youtube.com/watch?v=qMGyeY2abns

            2. rtb61

              Re: Problem is...

              That kind of revenue stream would be on par with allowing homicidal maniacs to kill people as long as they pay 1 million per victim. Custodial sentences are required for all criminal negligence cases.

  3. RichardB

    It will all be too little too late.

    Either we will simply come to accept that our data isn't, or we... actually there is no real or.

    It's far to late to try and fix it now, the burden on organisations to properly comply and proactively play good guy with data is just too big... Governance of any real sort is being out competed in the workplace by short term goal seeking and corner cutting. With the majority of data users unable to tell the difference between the major sorts of average, or why that might make a big difference to them, there's sod all hope that they will take the time out to properly protect and care for well structured accurate data about their clients.

    Cloud wins out by virtue of it handily bypassing IT and Procurement governance. Fuck all chance of data protection giving us some accountability back. Maybe personal prosecutions against people who approve dipshittery; track them down to their new employment or retirement hell hole and take a vicious civil action against them.

    Perhaps by pruning the moron tree we can allow some recovery in the rest of the field... but I'm pretty sure it's a dead end task, the MBAs have won.

    1. Vimes

      Re: It will all be too little too late.

      the burden on organisations to properly comply and proactively play good guy with data is just too big

      No. It's not.

      A large chunk of these attacks were helped along by entirely preventable sloppy practices - 'corner cutting'? - and there is no way to ever excuse that.

    2. Gordon 10
      FAIL

      Re: It will all be too little too late.

      @richardb

      That's piss poor logic. Using the same logic we should never implement new laws just coz people are in the current habit of ignoring the proposed law. Perhaps we should not have first instituted and then lowered the drink drive limit?

      Perhaps we should not have implemented SOX and other laws to help prevent another Enron?

  4. jake Silver badge

    "Consumer complaints about the way personal data is handled"

    Deal with it, idiots. You are the ones who released it due to your own ignorance.

    Note that I'm not condoning the behavior of the folks taking advantage of the sheeple.

    1. Vimes

      Re: "Consumer complaints about the way personal data is handled"

      You mean like Care.Data where opt outs (where's the opt-IN???) went completely ignored?

    2. VinceH

      Re: "Consumer complaints about the way personal data is handled"

      "Deal with it, idiots. You are the ones who released it due to your own ignorance."

      A comment that strongly suggests you believe the problem is only about sites that give people something worthless "for free" in return for all that lovely personal information. It's not, though. Sometimes handing over accurate information is vital for a transaction to proceed.

  5. Anonymous Coward
    Anonymous Coward

    ICO do a marvellous job

    compiling and recompiling figures, generating reports, calling for greater transparency and tighter regulations. They have even managed to pull the Big One a couple of times, issuing a fine here and there. Spectacular.

    That said, after my 60+ reports sent to the online ICO report bin, about just one phone scam on almost daily basis, over 5 months period, I don't get those autocalls any more. A proof of ICO robust action, hurrah!

    Or I could be cynical and say it's because I've been away for 3 months, hence the scummers decided spamming my phone line is not worth their time.

  6. thomas k

    Nothing reassures a customer like an oblivious "Huh?"

    “There is increasing recognition that how an organization responds to the compromise of customer data can impact its long-term prospects as deeply as the incident itself," he added.

    While Hilton publicly acknowledged the recent C/C breach faster than last year's breach of the HHonors rewards system, in neither instance did they send out anything to inform employees that the incidents occurred or, more importantly, how we should respond to possible guest inquiries regarding them. Even something like "I have little information myself but Hilton has set up a toll-free number you can call to speak to someone regarding that" would, I think, be a no-brainer.

    Instead, we, like everyone else, only learn about it from the newspapers and are given no guidance on handling a situation where we may be asked about it. Nothing reassures a customer like an oblivious "Huh?"

  7. The_Idiot

    Meanwhile...

    ... politicians (I won't mention anyone called Dave, George or Barack by name, and even if I did, they're not alone) keep talking about how encryption is a Really Really Bad Idea and should be banned.

    Sigh.

    Of course, I'm an Idiot...

    1. Vimes

      Re: Meanwhile...

      On the subject of encryption and more generally surveillance:

      TV crime dramas like Homeland and Sherlock show why we need snooping laws to catch terrorists, Cameron claims

      http://www.dailymail.co.uk/news/article-2549107/PM-cites-TV-spies-justify-snooping-Cameron-says-eavesdropping-mobile-Internet-use-essential-protect-citizens-terrorists-attacks.html

      The man is completely detached from reality. You really can't make this sort of stuff up.

  8. John 61
    FAIL

    Register your product...

    (e.g. branded storage media) your data goes flying to California...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like