The Commissioner has started to take enforcement action, so I don't
think that's a fair comment.
In my opinion, attempting to take enforcement action in this case, if it
was possible, would be wildly disproportionate. The Commissioner would
have to prosecute every single organisation which had existed and not
notified, even if they had started to notify. They would do nothing else
and it would cost a fortune. No-one would ever take the IC seriously,
ever again.
________________________________
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: Thu 17 April 2008 11:35
To: [log in to unmask]
Subject: Re: [data-protection] The Chihuahua and the Speeding Ticket
At what point should patting organisations on the head for eventual
compliance finish and enforcement start?
We're back to the Traffic Cop who congratulates you for bringing your
souped up Morris Minor to a halt from 105mph, tells you how impressive
your driving is because you were able to stop so well, and sends you on
your way without a ticket.
This law has been on the statute books long enough. It's time it was
taken seriously by the prosecution authority intended to police it.
Tim Turner wrote:
What incentive does the Commissioner have to bite any harder if
he doesn't even get the credit for trying? If they get slapped down,
maybe they will stop bothering at all.
They have to be proportionate - if an organisation mends its
ways, what right does the Commissioner have to go after them unless they
don't do it adequately or quickly enough. If your complaint is that the
Data Controller in this case has not mended its ways, there's something
to be argued about. But if no-one else will have the same problems as
you in the future, I think the IC has done precisely what it should do,
given its powers and resources.
________________________________
From: This list is for those interested in Data Protection
issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: Thu 17 April 2008 10:56
To: [log in to unmask]
Subject: Re: [data-protection] The Chihuahua and the North East
Surrey Crematorium
The problem is that no-one is afraid of a chihuahua, even if
it;s trying as hard as it can to break the skin in your ankle, it has
very small teeth. If it starts to gnaw your leg is your first reaction
fear of hysterical laughter?
"Awww, look. The sweet little thing is trying to bite me."
Tim Turner wrote:
Given that the Commissioner has a reasonable record of
prosecuting non-notifiers who refuse to notify, is it really worth the
money and the court time to prosecute the Crematorium if they are
shaping up now?
Regardless of how impressive a "strict liability
offence" sounds, in practice, it's not the end of the world if someone
doesn't notify. If an organisation refuses to take the Commissioner's
advice, that's a problem. If they refuse to notify when someone points
it out to them, that's a problem. But if the Commissioner's Office, with
what everyone acknowledges is a paltry budget, achieves compliance
without wielding the big stick, then that's a good thing, isn't it?
In the recent past, the Chihuahua has actually been
biting a few legs - that's a lot better than what went before.
________________________________
From: This list is for those interested in Data
Protection issues [mailto:[log in to unmask]] On Behalf Of
Tim Trent
Sent: Thu 17 April 2008 10:35
To: [log in to unmask]
Subject: Re: [data-protection] The Chihuahua and the
North East Surrey Crematorium
Their attitude to strict liability offences seems to be
"They have put it right, so we don't (need to) care". But this has been
law since 19978 and implemented fully since 2000. And that means, to
me, that they are not doing their duty, period.
I'm not letting this deter me form my county court
action against the crematorium, however. We do not yet have a date for
the hearing, and I think the district judge is trying to work out in
advance what liability exists.
As for the chihuahua, I think my only real recourse is
to my MP. Something tells me that a judicial review is a thing likely
to cost me money.
Nigel Roberts wrote:
I think there are arguments on both sides. I'm
entirely unsurprised and more than a little disappointed with the ICO.
But I've had similar experiences with the Chihuahua (or chocolate teapot
as I have referred to them in the past.
Its no different with the police and low-level
anti-social behaviour . they direct their resources to the murders and
politically sensitive offences and fail to investigate low level frauds,
finding any excuse.
You only have to look at the statements made
when the media asked them (after my cour case against an unsolicited
emailer) and they were caught (IMO) a little on the back foot when asked
why they'd never gone after spammers.
But I am totally surprised about their unconcern
that an organisation has committed a strict liability offence by failing
to notify as required by law. I suspect that technically (in practice
noone would do it) the ICO is open to JR since they are refusing to
exercise their core regulatory functions (there's a phrase!)
irrationally!
Nigel
Tim Trent wrote:
I promised you all an update.
You may remember that I complained to
the UKIC on the grounds that the NES Crematorium had obtained my data
unfairly and had not processed it in accordance with my rights. Their
defence has always been "You signed one of our forms and failed to opt
out, so ya boo, sucks to you!" My complaint is based upon the
reasonable expectation at the time of booking the funeral that all the
paperwork was paperwork for the undertaker, that there as NO expectation
of marketing except from the undertaker, and that the crematorium, apart
from being exceptionally tasteless, was in breach of the DPA 1998.
Interestingly the crematorium had also
not notified under the DPA, and it appears to me not to be an exempt
organisation.
The UKIC has emailed me to say "there is
no case to answer".
They say:
BEGINS
In this instance we have made an
assessment that it is unlikely that any breach of the DPA has occurred
in processing your personal data in this way. In terms of mail
marketing, individuals should be made aware that their information will
be used for this purpose and there should also be an opportunity to
either opt-out or object.
The North East Surrey Crematorium
satisfied both these criteria, by having an opt-out box available and by
agreeing to your request to stop sending marketing materials and
processing your data. Further, after making your complaint, the North
East Surrey Crematorium considered your objections carefully and made a
number of concessions including making the opt-out box more prominent on
their paperwork and delaying the period before communication to four
weeks.
It is understandable that, at a time of
such great stress, you weren't aware that the relevant paperwork was
from the crematorium rather than from the funeral director but I feel,
on balance, that this was a responsibility of the funeral director
rather than a failing of the crematorium or its paperwork.
On this basis, there is no strong
indication that the North East Surrey Crematorium has failed to comply
with the DPA* *in this instance. Also, taking your concerns into
consideration, they have made some welcome steps in improving their
service.
ENDS
We are back to "They have made changes,
so there is no problem, is there? Please go away and stop wasting our
time by asking us to do our job."
It seems they do not even care that the
organisation had not notified and was thus committing a strict liability
offence by processing personal data at all. I am not high profile like
fingerprints at T5, so my compliant can be swept away.
Or am I overreacting? You be the judge.
Me, I want an Information Rottweiler. We have an Information Chihuahua.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored
permanently and are
available to the world wide web community
at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send
the command
leave data-protection to
[log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages
please send to the list owner
[log in to unmask]
Full help Desk - please email
[log in to unmask] describing your needs
To receive these emails in HTML format
send the command:
SET data-protection HTML to
[log in to unmask]
(all commands go to [log in to unmask]
not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
________________________________
>>Corporate Disclaimer<<
**********************************************************************
This email and any files transmitted with it are confidential
and
intended solely for the use of the individual or entity to whom
they
are addressed. If you have received this email in error please
notify
the system manager.
This footnote also confirms that this email message has been
swept by
Proofpoint for the presence of computer viruses using F-Secure
anti-virus software.
www.proofpoint.com
www.f-secure.com
**********************************************************************
Wigan is an excellent council
Awarded 4-stars by the Audit Commission
**********************************************************************
________________________________
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the
body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to
[log in to unmask]
<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET *
NOMAIL to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send
SET data-protection NOHTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send
SET data-protection HTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to
the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the
list or the moderators, and all requests for technical help to
[log in to unmask], the general office helpline)
________________________________
--
________________________________
Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the
news first
personal blog: timtrent.blogspot.com/
Important: This message is private and confidential. If you have
received this message in error, please notify us and remove it from your
system. This email and any attachment(s) are believed to be virus-free,
but it is the responsibility of the recipient to make all the necessary
virus checks. This email and any attachments to it are copyright of
Meadowood Associates, owners of Compliance And Privacy, unless otherwise
stated. Their copying, transmission, reproduction in whole or in part
may only be undertaken with the express permission, in writing, of
Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell,
Berkshire, RG12 0TT.
________________________________
All archives of messages are stored permanently and are available to the
world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of
the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to
[log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE
data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to
[log in to unmask] <mailto:[log in to unmask]&BODY=SET *
NOMAIL>
* To receive emails from this list in text format: send SET
data-protection NOHTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET data-protection NOHTML>
* To receive emails from this list in HTML format: send SET
data-protection HTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET data-protection HTML>
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list
owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the
moderators, and all requests for technical help to
[log in to unmask], the general office helpline)
________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
