![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
A number of commentators were not surprised when the news broke in November 2007 that the personal data of 25 million UK citizens had been lost. This is because Information and Data Protection Commissioners around Europe had been meeting and comparing notes every year for a quarter of a century, during which period the lack of privacy culture in both public and private sector organisations had long been noted. This lack of privacy culture is exacerbated by data protection laws often setting up relatively toothless watchdogs. The UK was a classic example of the minimalist approach to data protection with the Commissioner being required to give prior notice of inspections. The UK Commissioner had long lamented that his organisation simply did not have the teeth to carry out inspections without warning. Following the November fiasco, the UK Commissioner received a commitment from Government that his powers would be increased but is this enough? This paper explores the limitations of law in such circumstances and especially how, even if the law is adequate, policy priorities or mistakes may be such so as to deny a data protection authority effective teeth through more bad law as well as inadequate funding for resources.
Keywords:
Notes
Organised by Masaryk University, http://www.cyberspace.muni.cz/english/index.php
See http://www.answers.com/topic/minimalism (accessed August 25, 2008).
Some new powers for the ICO to fine for breaches of the Data Protection Act were introduced in the Criminal Justice & Immigration Act 2008.
Government response to the Constitutional Affairs Select Committee Report, Freedom of Information: Government's Proposals for Reform (London: TSO, 2007), 10.
Ibid.
John Oates, ‘Information Commissioner Calls For More Money and More Powers’, in The Register, http://www.theregister.co.uk/2007/12/05/information_commissioner_evidence/ (accessed August 25, 2008).
Government response to the Constitutional Affairs Select Committee Report, Freedom of Information: Government's Proposals for Reform (London: TSO, 2007), 9.
Ibid.
Condensed from ‘The Case for Amending the Data Protection Act 1998, v1 21, 12, 2007’.
Ibid.
Condensed from ‘The Case for Amending the Data Protection Act 1998, v1 21, 12, 2007’.
Ibid., 18–23.
Ibid.
Ibid.
Richard Thomas, Speech to RSA Conference on Data Breeches, dated 29 October 2008, www.ico.gov.uk/upload/documents/pressreleases/2008/rsa_speech_oct08_final.pdf (accessed October 31, 2008).
We wish to acknowledge the assistance of Agnieszka Lewestam in bringing these incidents to our attention and providing translation.
http://fakty.interia.pl/polska/news/lekarka-ujawnila-dane-14-latki-w-ciazy,1128809 (accessed October 15, 2008).
http://www.wiadomosci24.pl/artykul/grono_net_informuje_o_bledzie_po_publikacjach_wiadomosci24_16867.html (accessed October 15, 2008).
http://serwisy.gazeta.pl/kraj/1,34397,4048349.html (accessed October 15, 2008).
http://miasta.gazeta.pl/rzeszow/1,34962,5638447,Proboszcz_upublicznial_nazwiska_darczyncow.html (accessed October 15, 2008).
‘England is Champion… At Losses of Personal Data’, published just after the European Champions cup football tournament in a summer where the English team failed to qualify for the finals of Euro 2008, is the caption of an article authored by Christophe Elise on 25 August 2008, http://www.lesnouvelles.net/articles/divers/angleterre-championne-de-la-perte-de-donnees (accessed August 28, 2008).
‘La situation est-elle meilleure dans l'hexagone ? C'est peu probable, même si la France est “un pays dans lequel on ne perd jamais un ordinateur portable…” comme aime le rappeler – avec ironie – Eric Domage, Research Manager, Security Products & Services chez IDC. Notre chance, et malheur, n'est peut-être uniquement que de telles pertes ne sont jamais révélées au public’ (Christophe Elise), http://www.lesnouvelles.net/articles/divers/angleterre-championne-de-la-perte-de-donnees (accessed August 28, 2008).
Burton, Sir E., Report into the Loss of MOD Personal Data, compiled for the Permanent Under Secretary of the Ministry of Defence, 30 April 2008. Known hereafter as the Burton Report – Executive Summary par. 15, p. 3.
MOD holds some 60 million personal records in total (this includes duplicated records) – Burton Report – Executive Summary par. 38, p. 8.
Burton Report – Executive Summary par. 16, p. 3.
Burton Report – Part Two – MOD protection and management of personal data – par. 4, pp. 2–3.
Burton Report – Executive Summary par. 17, p. 3.
Burton Report – Part Two – MOD protection and management of personal data – par. 10, p. 6.
Independent Police Complaints Commission, Independent Investigation Report into Loss of Data Relating to Child Benefit, June 2008. Known hereafter as the IPCC Report par. 164, p. 36.
Poynter, K. Review of Information Security at HM Revenue and Customs Final Report, June 2008. Known hereafter as the Poynter Report par. VI.9, p. 38.
IPCC Report par. 169, p. 37.
IPCC Report par. 214, p. 47.
IPCC Report par. 215, p. 48.
IPCC Report par. 218, p. 48.
Poynter Report par. V.6, p. 33.
Poynter Report par. V.7, p. 34.
IPCC Report par. 223, p. 49.
Poynter Report par. VII.3, p. 43–44.
Poynter Report par. IX.2, p. 49.
Poynter Report par. XI.5. p. 56.
A number of commentators have considered the Coroners & Justice Bill from the increasingly classical ‘conspiracy or cock-up?’ perspective. For example: ‘Vivienne Nathanson of the British Medical Association plumps for cock-up, not conspiracy. “Lazy future-proofing” is what she thinks is going on: the government is drafting powers widely because it is better to be safe than sorry’, in ‘Sorry, it's personal’, The Economist, March 5, 2009, http://www.economist.com/world/britain/displaystory.cfm?story_id=13235015 (accessed March 6, 2009).
Richard Thomas, Speech to RSA Conference Europe on Data Breeches, dated October 29, 2008, www.ico.gov.uk/upload/documents/pressreleases/2008/rsa_speech_oct08_final.pdf (accessed October 31, 2008).
Ian Grant, ‘BCS Urges MPs to Kill the Coroners & Justice Bill’, Computer Weekly, February 24, 2009, http://www.computerweekly.com/Articles/ArticlePage.aspx?ArticleID=234974&Print
From the proceedings of the 1st sitting of the Committee on the Coroners & Justice Bill, February 3, 2009, p. 3, http://www.publications.parliament.uk/pa/cm200809/cmpublic/coroners/090203/am/90203s01.htm (accessed February 15, 2009).
Concealed Assault on Privacy, http://www.no2id.net/fpArchive.php (accessed March 2, 2009).
Andrew Grice, ‘Straw Forced into Retreat Over Big Brother Data Sharing Plan’, The Independent, February 24, 2009, http://license.icopyright.net/user/viewFreeUse.act?fuid=Mjg3Mjc2Nw%3D%3D
Amendments to Coroners & Justice Bill Thursday February 26, 2009. Available at http://www.publicationsparliament.uk/pa/cm200809/cmpublic/coroners/090226/am/90226s01.htm (accessed March 6, 2009).
Jack Straw, ‘Our Record isn't Perfect. But Talk of a Police State is Daft’, The Guardian, February 27, 2009.
Report summary as issued on the BC web-site and accessed on February 18, 2009, http://www.bcs.org/server.php?show=ConWebDoc.24509
Fiona Barr, ‘Coroners Bill Protest Escalates’, E-Health Insider, March 3, 2009, http://www.e-health-insider.com/news/4615/coroners_bill_protest_escalates (accessed March 4, 2009).
Tim Boswell MP Con during the tenth sitting of the Committee stage debate in the afternoon session of 26 February 2009 http://www.publications.parliament.uk/pa/cm200809/cmpublic/coroners/090226/pm/90226s01.htm (accessed March 6, 2009).
Ibid.
Data Protection Act 1998, Schedule 1, Part I.
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, European Treaty Series No 108, Strasbourg 28 January 1981.
Reader's comment, posted March 4, 2009, http://e-health-insider.com/news/4615/?logout&r=/(accessed March 6, 2009).
Sally Almandras, Sally Broadbridge, Grahame Danby, and Pat Strickland, ‘The Coroners & Justice Bill: Crime & Data Protection’, Bill 9 of 2008–09, Research Paper 09/06, House of Commons Library, January 22, 2009, p. 108.
Ibid.
‘Jack Straw Blocks Release of Iraq Cabinet Minutes’, The Herald, http://www.theherald.co.uk/news/news/display.var.2491436.0.Jack_Staw_blocks_release_of_Iraq_cabinet_minutes.php
Extract from the proceedings of the ninth sitting of the Committee, http://www.publications.parliament.uk/pa/cm200809/cmpublic/coroners/090226/am/90226s01.htm (accessed March 2, 2009).
Ibid.
Richard Thomas, in a letter to Andrew Dismore, Chair Joint Committee on Human Rights, dated February 27, 2009, http://e-health-insider.com/news/4615/?logout&r=/(accessed March 6, 2009).
Straw, ‘Our Record isn't Perfect’.
Straw admits data sharing reforms, 27 February, 2009, http://www.publicservice.co.uk/news_story.asp?id=8731
From the debate in the House of Commons at Committee stage of the afternoon of Thursday February 26, 2009.