Now that gets more interesting.
Let us assume that the data is "debatably personal" but definitely
confidential.
Data must be processed fairly and lawfully.
My private phone number (foolishly) appears on my private web site (OK, it
doesn't, but it could), and my private web domain is registered correctly so
a "whois" search can find who I am. I live alone with my 27 cats. It says
so in my web site. (Please keep real, here, I only have two cats, my
neighbour's greyhound killed the third while he watched).
We now have the conditions where breaching confidentiality is unlawful
(surely?) and my phone number is capable of identifying me as a living
individual together with the other information which is easy for anyone to
posses. There will be a short survey about how anally retentive I am
shortly, plus the colour of the anorak I wear while spotting trains at
Clapham Junction. That makes both unlawful processing and not keeping my
data safe and secure.
Add to this transfer of data to arbitrary third party, and also to arbitrary
third country (coz they have phones in darkest Swynthia, and it is not a
safe haven
So, civil issue for tort over confidentiality. DPA complaint re lack of
security, unlawful processing, transfer to third party and transfer to third
country.
I fully expect the UKIC to take precisely no action, because BT will, by
then, have ceased processing in this manner, and, as we know, he does
nothing about offences after you stop committing them. {I am so glad you
have stopped killing your patients, Dr Shipman. Please carry on, you are an
excellent GP; you have such youthful and fit patients, too; it's a pleasure
to visit your surgery.]
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Martin Hoskins
Sent: 03 February 2006 00:26
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
I'm playing the Devil's advocate this Friday morning! In a post-Durant world
are we really certain that the information that BT is sending by SMS really
is "personal data"?
BT might argue that the information was confidential, but that it was not
sufficiently "pesonal" to fall within the ambit of the DPA. After all, the
account could be a corporate account, or it could be used by someone (or the
bill paid by someone) other than the individual to whom the account may have
been registered. The information being released by BT appears to relate to
the phone bill, which seems to be some way from the Durant test of personal
data, which is that the material needs to be biographical or about someone,
rather than about something that has a less precise link with an individual.
I agree that BT appear to have acted foolishly in allowing "anyone" to learn
of the date that a particular phone account was paid. But I would suggest
that BT is closer to breaching the tort of confidence than it is of the DPA.
Just a few thoughts to stimulate the debate!
--------------------------
Sent from my BlackBerry Wireless Handheld
-----Original Message-----
From: This list is for those interested in Data Protection issues
To: [log in to unmask]
Sent: Thu Feb 02 20:34:07 2006
Subject: Re: BT SMS service
Remember the friend whose bill I checked? Well he called 150 and then
pressed 9 to get straight through to the customer service team.
After telling him that this was a matter for his mobile provider, O2 and
hanging up on him he called O2 and found that the short number belongs to
"SSSN" a subsidiary of BT. He called back and suggested he might be about
to unleash the hounds of hell upon them. He has a sense of the absurd.
This crew had heard of the problem. Apparently they'd had another call
about it this evening. I wonder who that was?
They are referring it to the Data Protection team and senior management in
the morning. My friend is referring it to the UKIC and Ofcom.
And he is passing the baton to a few friends of his.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 02 February 2006 20:05
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
Given that BT consider the service of such importance it apparently
warranted a SMS message to all its SMS subscribers (with perhaps other
marketing material yet to come) I wonder if they will consider the security
issues created sufficiently problematic to report any breaches that occur to
the data subjects affected thereby allowing the data subject to decide if
they constitute a serious enough offence against them to take action?
Or maybe subscribers will be left in the dark and reliant upon subject
access to try and find details of how any experienced compromise was caused.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 02 February 2006 17:31
> To: [log in to unmask]
> Subject: Re: BT SMS service
>
>
> I am in the middle of "150" at present and listening to "elevator
> music" between talking to a very pleasant lady who has a colleague
> with her who "knows about the service"
>
> She has asked me if I had my friend's permission to enquire about his
> bill payment. I explained that I did not, but that I would tell him
> this evening, and that he would be angry and would doubtless make a
> formal complaint as well. She did suggest that my enquiry may be
> fraudulent! I was very polite and did not laugh at all.
>
> This is an odd one. I believe that it is Data which, "with other data
> in the possession of..." is capable of identifying a living
> individual. Others may disagree
>
> Terms and conditions are at
> http://www2.bt.com/static/i/btretail/panretail/sms/Terms_condi
> tions.htm
>
> Been on the call 20 minutes so far. I am glad I am not in the smelly
> call box in the village!
>
> We do have BT's data protection guru on this list by the way!
> She's a very nice practical person. I bet no-one asked her about
> this service though.
>
> More when I get the call concluded
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Tony Bowden
> Sent: 02 February 2006 17:13
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
> On Thu, Feb 02, 2006 at 05:00:33PM -0000, Tim Trent wrote:
> >> I phoned BT to complain, but neither of the two people I talked to
> >> seemed to even be aware of the service, and certainly
> didn't know how
> >> to handle enquiries about the privacy implications of it. I'm
> >> currently waiting for someone more senior to call me back.
>
> > How on earth did you find a number to call?
>
> On the www.bt.com/sms page there's a "terms and conditions" link.
>
> Buried in that page (para 10) there's mention of their "Customer Care
> line on 0800 800947"
>
> That doesn't really seem to be a Customer Care line though, as the
> first person I spoke to said he'd have to pass the enquiry onto
> Customer Care.
>
> And of course, 45 minutes later, I still haven't received my
> "15 to 20 minutes" response ...
>
> Tony
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.0/248 - Release Date: 2/1/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|