Tim Trent on 10 June 2005 at 10:11 said:-
> And statements from Citibank in the Herald Tribune this
> morning (well, reported to me form Paris this morning) about
> organisations not bothering to protect data unless mandated
> (I am still searching for the exact quote) really do not help at all!
Surely mandatory protection of data should only become necessary where the
interests of an organisation do not coincide with the interests of others.
Organisatinal self interest does normally assure secure data vital to an
organisation, even making data dysfunctionally secure at times, but only
whilst in the interests of a department/organisation.
A particularly valid question would be; Do mandated protections include the
self interest of others and how would they affect organisational/individual
privacy? (Worth considering 9/11 issues and dysfunctionality here).
Security is not a single magic bullet providing necessary protections for
privacy or ful compliance with DP.
Take a covert police surveillance operation as an example. The officers
involved will discuss the surveillance amongst themselves and their
colleagues, some of whom will not be party to the investigation, even to the
extent of joking/commenting about the sexual antics of the surveillance
subjects.
Looking at this generically a number of questions arise:-
1. Are legal privacy protections being correctly respected?
2. Are culturally embedded security principles being followed?
3. Are organisational interests served by acknowleging a problem exists or
by hidding the issue?
4. Does a very high level of security increase or decrease privacy in those
circumstances?
5. Does any DP principle impinge on the personal data being utilised?
6. Does any problem exist?
From my personal knowledge and experiences in DP, very similar issues
emanate from ALL surveillance areas.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 10 June 2005 10:11
> To: [log in to unmask]
> Subject: Re: Wonderful TICO quality control
>
>
> Thanks. I think the issue that is not easy to find, or is
> perhaps never stated, is the issue of whom must the contracts
> be between.
>
> While it is clear that they must be between each and every
> Data Controller who wishes to export and receive data (thus
> in a large corporation every entity to every other entity),
> showing a board of directors this information and expecting
> them to grasp the impossibly unwieldy nature of it is hard in
> the extreme.
>
> It gets harder when the US HQ says "Who cares? We have Safe
> Harbor!" forgetting about transfers to (eg) their Cape Town
> operation in their global CRM system
>
> And statements from Citibank in the Herald Tribune this
> morning (well, reported to me form Paris this morning) about
> organisations not bothering to protect data unless mandated
> (I am still searching for the exact quote) really do not help at all!
>
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> email: [log in to unmask]
> Marketing Improvement Limited, Abbey House, Grenville Place,
> Bracknell, United Kingdom, RG12 1BP
> http://www.marketingimprovement.com
>
>
>
>
> Important: This mail contains proprietary information some or
> all of which may be legally privileged. It is for the
> intended recipient only. If an addressing or transmission
> error has misdirected this email, please notify the author by
> replying to this email. if you are not the intended recipient
> you must not use, disclose, distribute, copy, print or rely
> on this email. If you are not the named recipient please
> notify us immediately. This email and any attachment(s) are
> believed to be virus-free, but it is the responsibility of
> the recipient to make all the necessary virus checks. This
> email and any attachments to it are copyright of Marketing
> Improvement Limited unless otherwise stated. Their copying,
> transmission, reproduction in whole or in part may only be
> undertaken with the express permission, in writing, of
> Marketing Improvement Limited.
>
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Maurice Frankel
> Sent: 09 June 2005 17:53
> To: [log in to unmask]
> Subject: Re: [data-protection] Wonderful TICO quality control
>
> Tim
>
> The standard contract terms can be found at the end of this
> document (which I found by checking the other links on the
> ICO's page you looked at).
>
> Maurice Frankel
> Campaign for Freedom of Information
>
> http://www.europa.eu.int/servlet/portail/RenderServlet?
> search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_
> force=NO&a
> n_doc=2002&nu_doc=16&type_doc=Decision
>
>
>
> On 9 Jun 2005, at 15:24, Tim Trent wrote:
>
> > Am now at screaming pitch. It was such a simple piece of
> research. A
> > client asked "Where may I find documentation about Model Contract
> > Terms and
> > that facts that each individual data controller who transfers data
> > internationally to another data controller moist have a
> contract in
> > place
> > with each other data controller.
> >
> > I went to
> > http://www.informationcommissioner.gov.uk/eventual.aspx?id=1163
> > and fond a load of stuff. And the paragraph I need is 90%
> sure to be "
> > Model contract terms can also be used to legitimise a transfer of
> > personal
> > information outside the EEA. The European Commission's
> approval for
> > the use
> > of model contracts can be found here <http://m/> . " The
> problem is
> > "here"
> > links here http://m/ - Yup, you heard it here first!
> >
> > Now I have a "nice" dose of "A bit of Viv" and one if the seasons
> > while on
> > hold,and a nice recorded lady who sounds terribly surprised
> that all
> > the
> > agents are busy.
> >
> > All (!) I need is a formal document that talks about the
> complexities
> > of
> > Model Contracts and why they need to be signed.
> >
> > And lo and behold, I have spoken to the holy grail and such
> documents
> > are................................. ABSENT.
> >
> >
> >
> > Tim Trent - Consultant
> > Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> > email: [log in to unmask]
> > <blocked::mailto:[log in to unmask]>
> > Marketing Improvement Limited, Abbey House, Grenville Place,
> > Bracknell, United Kingdom, RG12 1BP
> > <blocked::http://www.marketingimprovement.com/>
> > http://www.marketingimprovement.com
> >
> >
> >
> >
> >
> > Important: This mail contains proprietary information some or all of
> > which
> > may be legally privileged. It is for the intended recipient
> only. If an
> > addressing or transmission error has misdirected this
> email, please
> > notify
> > the author by replying to this email. if you are not the intended
> > recipient
> > you must not use, disclose, distribute, copy, print or rely
> on this
> > email.
> > If you are not the named recipient please notify us
> immediately. This
> > email
> > and any attachment(s) are believed to be virus-free, but it is the
> > responsibility of the recipient to make all the necessary virus
> > checks. This
> > email and any attachments to it are copyright of Marketing
> Improvement
> > Limited unless otherwise stated. Their copying, transmission,
> > reproduction
> > in whole or in part may only be undertaken with the express
> > permission, in
> > writing, of Marketing Improvement Limited.
> >
> >
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > Any queries about sending or receiving message please send
> to the list
> > owner
> > [log in to unmask]
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to
> the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to
> the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
