In the main I agree with Tim here, it's the context of the information that
is important. I had a chat about this with a colleague who immediately
thought about checking the phone bill of her friends estranged husband who
says he never has any money for child support and can't afford to pay his
bills. You have to rememember that potentially any piece of information is
personal information if it can be match with other data to identify an
individual, the fact that I can find out when the bills have been paid for
all the phone numbers I know, makes that personal information.
It's this ability that could lead those with the time/energy/lack of ethics,
to garner more information and use it.
Martin is wrong in saying that the enquiry appears to relate to a phone
bill, yes it does, but a phone bill is paid by someone. Utility companies
have spent a lot of time and money moving their information management from
a "household" to a person for this very reason. IN the same vane as the
anecdote above, one company I worked for, often got calls from one of a
seperated couple trying to find out this very fact - how much was owed.
Whilst BT haven't gone this far (you need an account number to do that - and
that has implications all of its own) it's still not right or ethical.
On the subject of BT keeping old customer's (not customer's who are
old)information, I do not see the problem in that so long as there is a
strict retention policy. For example I helped to put in place a mechanism
for a mobile phone company that allowed (with a nod from the ICO) contract
data for two years. The argument being that a customer will have left more
than likely for another contract to which they will be tied into for 12 to
18 months. The company would then contact them after 10 months to ask them
to come back, then again at 16 months and finally at about 22 months. If
they have not come back after that, then the main details are removed and
only basic account data is kept for legal and management reasons. I believe
it has served them well.
As for new market players I don't think that is relevant. As a new player
you buy your contacts (legally), or generate them yourself. If a company
already has this information through their own endeavours and have the
permission of the individuals to use it and they use it legally then fine.
The new player will get there eventually....
Simon.
-----Original Message-----
From: Tim Trent [mailto:[log in to unmask]]
Sent: 03 February 2006 07:31
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
Now that gets more interesting.
Let us assume that the data is "debatably personal" but definitely
confidential.
Data must be processed fairly and lawfully.
My private phone number (foolishly) appears on my private web site (OK, it
doesn't, but it could), and my private web domain is registered correctly so
a "whois" search can find who I am. I live alone with my 27 cats. It says
so in my web site. (Please keep real, here, I only have two cats, my
neighbour's greyhound killed the third while he watched).
We now have the conditions where breaching confidentiality is unlawful
(surely?) and my phone number is capable of identifying me as a living
individual together with the other information which is easy for anyone to
posses. There will be a short survey about how anally retentive I am
shortly, plus the colour of the anorak I wear while spotting trains at
Clapham Junction. That makes both unlawful processing and not keeping my
data safe and secure.
Add to this transfer of data to arbitrary third party, and also to arbitrary
third country (coz they have phones in darkest Swynthia, and it is not a
safe haven
So, civil issue for tort over confidentiality. DPA complaint re lack of
security, unlawful processing, transfer to third party and transfer to third
country.
I fully expect the UKIC to take precisely no action, because BT will, by
then, have ceased processing in this manner, and, as we know, he does
nothing about offences after you stop committing them. {I am so glad you
have stopped killing your patients, Dr Shipman. Please carry on, you are an
excellent GP; you have such youthful and fit patients, too; it's a pleasure
to visit your surgery.]
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Martin Hoskins
Sent: 03 February 2006 00:26
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
I'm playing the Devil's advocate this Friday morning! In a post-Durant world
are we really certain that the information that BT is sending by SMS really
is "personal data"?
BT might argue that the information was confidential, but that it was not
sufficiently "pesonal" to fall within the ambit of the DPA. After all, the
account could be a corporate account, or it could be used by someone (or the
bill paid by someone) other than the individual to whom the account may have
been registered. The information being released by BT appears to relate to
the phone bill, which seems to be some way from the Durant test of personal
data, which is that the material needs to be biographical or about someone,
rather than about something that has a less precise link with an individual.
I agree that BT appear to have acted foolishly in allowing "anyone" to learn
of the date that a particular phone account was paid. But I would suggest
that BT is closer to breaching the tort of confidence than it is of the DPA.
Just a few thoughts to stimulate the debate!
--------------------------
Sent from my BlackBerry Wireless Handheld
-----Original Message-----
From: This list is for those interested in Data Protection issues
To: [log in to unmask]
Sent: Thu Feb 02 20:34:07 2006
Subject: Re: BT SMS service
Remember the friend whose bill I checked? Well he called 150 and then
pressed 9 to get straight through to the customer service team.
After telling him that this was a matter for his mobile provider, O2 and
hanging up on him he called O2 and found that the short number belongs to
"SSSN" a subsidiary of BT. He called back and suggested he might be about
to unleash the hounds of hell upon them. He has a sense of the absurd.
This crew had heard of the problem. Apparently they'd had another call
about it this evening. I wonder who that was?
They are referring it to the Data Protection team and senior management in
the morning. My friend is referring it to the UKIC and Ofcom.
And he is passing the baton to a few friends of his.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 02 February 2006 20:05
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
Given that BT consider the service of such importance it apparently
warranted a SMS message to all its SMS subscribers (with perhaps other
marketing material yet to come) I wonder if they will consider the security
issues created sufficiently problematic to report any breaches that occur to
the data subjects affected thereby allowing the data subject to decide if
they constitute a serious enough offence against them to take action?
Or maybe subscribers will be left in the dark and reliant upon subject
access to try and find details of how any experienced compromise was caused.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 02 February 2006 17:31
> To: [log in to unmask]
> Subject: Re: BT SMS service
>
>
> I am in the middle of "150" at present and listening to "elevator
> music" between talking to a very pleasant lady who has a colleague
> with her who "knows about the service"
>
> She has asked me if I had my friend's permission to enquire about his
> bill payment. I explained that I did not, but that I would tell him
> this evening, and that he would be angry and would doubtless make a
> formal complaint as well. She did suggest that my enquiry may be
> fraudulent! I was very polite and did not laugh at all.
>
> This is an odd one. I believe that it is Data which, "with other data
> in the possession of..." is capable of identifying a living
> individual. Others may disagree
>
> Terms and conditions are at
> http://www2.bt.com/static/i/btretail/panretail/sms/Terms_condi
> tions.htm
>
> Been on the call 20 minutes so far. I am glad I am not in the smelly
> call box in the village!
>
> We do have BT's data protection guru on this list by the way!
> She's a very nice practical person. I bet no-one asked her about
> this service though.
>
> More when I get the call concluded
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Tony Bowden
> Sent: 02 February 2006 17:13
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
> On Thu, Feb 02, 2006 at 05:00:33PM -0000, Tim Trent wrote:
> >> I phoned BT to complain, but neither of the two people I talked to
> >> seemed to even be aware of the service, and certainly
> didn't know how
> >> to handle enquiries about the privacy implications of it. I'm
> >> currently waiting for someone more senior to call me back.
>
> > How on earth did you find a number to call?
>
> On the www.bt.com/sms page there's a "terms and conditions" link.
>
> Buried in that page (para 10) there's mention of their "Customer Care
> line on 0800 800947"
>
> That doesn't really seem to be a Customer Care line though, as the
> first person I spoke to said he'd have to pass the enquiry onto
> Customer Care.
>
> And of course, 45 minutes later, I still haven't received my
> "15 to 20 minutes" response ...
>
> Tony
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.0/248 - Release Date: 2/1/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|