I agree with Kathryn particularly re use of Driving licence data today.
There was a rather large consulation paper on identity cards which few
individuals may have read unless interested in Privacy matters. Regards
'guarding data', those employed under a function of Security can have a
conflict of interest as under DPA a controller owes their security
obligation to the individual e.g. Client, Employee, Supplier, Agent etc.
However other regulations and associated company security policies etc
usually bring conflicting pressures in asset protection which drives
collection of more data about individuals in the name of Security. How can
anyone really know how personal data is used.
Such incidental data of driving convictions collection happens already to
customers of Financial Services products.
Financial Services Authority (FSA) requires regulated organisations to
identify customers. Why because of fear of Fraud or Money Laundering. See :
http://www.fsa.gov.uk/pubs/press/2003/q&a.pdf
Note the guide recommends Driving Licences as an identity check document in
vetting and individual wishing to enter into a financial services contract.
Note also it omits to take account of the design of Driving licences and
fails to provide any guidance on what part of a licence should be kept as
evidence that a check completed for FSA audits.
The guide also silent re warning about the balancing Privacy issues which
arise in Human Rights or DPA.
It states you have nothing to fear from the personal data collection. Trust
the organisations who collect the data although they are not going to trust
you.
After verifying identity as part of entering into a contract the data is
then retained even after the contract with the individual is terminated..
Why because the FSA do not trust the organisation and wish to check they are
undertaking such checks. How often can the FSA actually check this task has
been done and at what volume and quality. The vast majority of identity
records kept in case of FSA audit will never be used for such an audit. As a
consumer I indirectly pay for all this activity, which also erodes my
privacy.
Consumer asked to trust organisations that records will be used correctly
and properly secured but there is little evidence that organisations or
regulators are prepared to trust them in return.
No suprise given how dominant this area of Financial Services Regulation is
compared to OIC support for Individuals Data Protection rights that DP and
Privacy rights are eroded.
The FSA is argued as acting for consumers. Should it therefore not take care
not to issue guides / rules which pressure companies into subverting
customers 'rights'. Yes we may all want to argue for reduction in crime but
to what level of reduction in privacy. I for one would have more confidence
in the FSA as acting for consumers if they at least showed a stronger
consideration towards promoting consumer privacy. They acknowledge on the
face of it that the majority of consumers are not fraudsters or Money
Launderers but do not appear to be ready to trust them to be a part of
improving quality to help reduce instances of fraud.
We now have identity cards suggested using similar 'trust me in in your best
interests' arguments. What are the sayings, 'Information is Power' and
'Absolute power corrupts'.
David Wyatt
----- Original Message -----
From: "Kathryn Billings" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, November 12, 2003 10:09 AM
Subject: [data-protection] Proposed ID cards
Just a thought as I watched the news last night regarding the push by
David Blunkett. Have all the issues been considered regarding
potentially storing passport information, driving licence information,
national insurance and other information on the same card. Surely there
are data protection issues here unless they can store the information in
closely guarded 'channels'.
For instance might an employer be able to see details of any driving
offences which their new employee had committed (never having had one
myself but I understand it is recorded on the licence currently?).
Kind regards, Kathryn
Kathryn Billings
Freedom of Information Project/Publication Scheme
British Educational Communications and Technology agency (Becta)
Millburn Hill Road
Science Park Direct tel 02476 797259
Coventry Main switchboard 02476 416994
CV4 7JJ Main fax 024 7641 1418
Please note that I work part-time. I am usually in the office at the
following times:
Mon 9.30am - 2.30pm
Tues 9.30am - 2.30pm
Wed 9.30am - 1.30pm
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|