UK: Data And Information Update

Last Updated: 29 November 2007
Article by Margaret Tofalides

1. United Kingdom

1.1 Government Initiatives / Consultations / Legislation

House of Lords Technology Select Committee's report on Personal Internet Security

On 10 August 2007, the House of Lords Technology Select Committee published a report on internet security. The driving force behind the report is that internet security breaches should be addressed by means of a flexible mix of incentives, regulation and direct investment. The changing nature of technology means that end-user responsibility for anything that goes wrong is becoming increasingly unrealistic, and ISPs and network operators should be held responsible.

The report states that efforts to promote best practice within the industry are hampered by the lack of commercial incentives offered to the industry to make internet products secure. Companies are ready to offload the commercial risks on consumers via licensing agreements and therefore avoid paying for the costs of lack of security.

The report makes the following recommendations:

  • legislation should be introduced to make banks responsible for losses incurred as a result of electronic fraud;
  • the "mere conduit" immunity should be removed once ISPs have detected or been notified of the fact that there is a machine sending out spam or viruses on their network. This would give third parties the opportunity to recover damages from ISPs if they suffer loss because their computer has been infected;
  • data security breach notification legislation should be introduced (as it has been in the US), incorporating a clear and workable definition of a data security breach, a mandatory and uniform central reporting system and clear rules on the form and content of notification letters to recipients (i.e. they should set out the steps that individuals should take to deal with the breach); and
  • better enforcement powers for the Information Commissioner's Office ("ICO") to make it more effective at policing security breaches and enforcing good standards of data protection across the industry.

New Criminal Justice & Immigration Bill to include custodial sentences for certain data offences laid before Parliament

The Criminal Justice and Immigration Bill, which provides for a custodial sentence of up to 12 months on summary conviction and up to two years' imprisonment for conviction on indictment for the misuse of personal data contrary to section 55 of the Data Protection Act 1998 (DPA), had its first reading in the House of Commons on 26 June 2007. As detailed in our Spring Update, these penalties are additional to the fines which are currently set out in DPA.

Exemption granted to Police to use Transport for London data for national security purposes

The Home Office has granted the Metropolitan Police real-time access to surveillance footage from Congestion Charge cameras in central London for limited purposes. Previously the Police were only able to request specific footage from the cameras, but the Home Office has now signed a certificate of exemption from the DPA for national security purposes granting them the right to be able to monitor them in real-time.

The Congestion Charge cameras in the city centre are fitted with automatic number plate recognition (ANPR) technology. It will now be possible for there to be a real-time flow of data between Transport for London and the Police. Tony McNulty, Home Office minister responsible for police and security, said "The Commissioner of the Metropolitan Police believes that it is necessary due to the enduring, vehicle-borne terrorist threat to London."

Fears as government proposes new register of all children

Government plans to create a database system, known as ContactPoint, to store the personal details of 11 million children in England as of next year have been the subject of great concern amongst social workers. The Association of Directors of Children's Services fear that the register, which will contain the name, address, medical and school and childcare details of every child under 18, has the potential to be abused by some to target the children that it is intended to protect. Concerns are further fuelled by the government's admission that the children of celebrities and politicians are not likely to be included in the system; this is seen as tantamount to an admission that the system is not secure. The ContactPoint system is reported to cost £224 million to build and another £41 million per year in running costs.

1.2 News from the ICO

ICO takes action against unsolicited faxes

The ICO has brought an action under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (EPrivacy Regs) against two debt recovery organisations. Clear Debt Solutions and ADC Organisation Limited were both issued with enforcement notices ordering them to stop sending unsolicited faxes to businesses and individuals. This action follows hundreds of complaints that were received by the ICO and the Fax Preference Service (FPS).

ICO and Ofcom agree "Letter of Understanding"

The ICO and Ofcom agreed a Letter of Understanding which sets out a basis for collaboration in the future regarding areas where they share enforcement responsibilities (such as electronic communications areas that are covered by the E-Privacy Regs). Both organisations hope that the Letter of Understanding will enable them both to use their resources most effectively, strengthen mutual cooperation and adopt recognised good regulatory practice. The organisations will decide between themselves which organisation is more suitable for investigating suspected non-compliance and will consult each other when making any public statements.

ICO issues guidance on the meaning of "personal data"

On 29 August the ICO issued guidance entitled "Determining what is personal data". Since it is often unclear whether data fall within the definition of "personal data" under the DPA, the guidance is designed to help data protection practitioners determine this issue. It provides plenty of examples which serve to illustrate circumstances where data relate to an identifiable, living individual. There is also a flowchart comprising eight questions which address issues, such as, whether the data are "obviously about" or whether they are "linked to" a particular individual. Only data that fall within the definition of "personal data" are subject to the DPA. It should be noted that in any court proceedings the ruling of the Court of Appeal on the meaning of 'personal data' in Durant v FSA will take precedence over this ICO guidance.

Consultation / draft Code of Practice on sharing personal data

On 13 August 2007 the ICO launched a consultation on its new code of practice for sharing personal data. The ICO's aim is that organisations will formulate their own codes of practice based on this one, picking and choosing from aspects of the code but making sure that it covers issues such as information security, accuracy of information and retention periods.

ICO issues updated CCTV Code of Practice

On 2 August the ICO launched a consultation on its updated code of practice concerning the use of CCTV by organisations. The revised code is aimed at helping businesses that routinely capture footage of their employees on their CCTV systems to comply with the DPA. It updates the previous code of practice to reflect technological advances and changes to the way that CCTV is used to monitor individuals. The updated code states that CCTV should not be used to record conversations between members of the public and it provides advice on the period for which video footage should be retained. In deciding whether or not to use CCTV surveillance, it suggests that businesses carry out an impact assessment to see if its use is justified. The consultation will close on 31 October 2007.

Data Protection Strategy Consultation

The ICO is conducting a consultation on its new data protection strategy, which runs until 28 September 2007. The strategy sets out how it plans to minimise its data protection risk and sets out its enforcement strategy.

Littlewoods and Orange provide undertakings to the ICO

Following an investigation into the way in which they process personal data, the ICO found Orange Personal Communications Services Limited and Littlewoods Home Shopping in breach of the DPA. The ICO previously received complaints regarding the fact that Orange allowed members of its staff to share passwords for accessing the company IT systems. It, therefore, found that Orange was in breach of the DPA for not keeping its customers' personal information sufficiently secure. The ICO also found Littlewoods in breach of the DPA for failing to stop sending marketing material to one of its customers following complaints from that customer. Copies of the signed undertakings are available on the ICO website.

Satcover Limited and Satellite Direct UK Limited provide undertakings

Satellite Direct UK Limited and Satcover Limited, both based in Hove, East Sussex, have been required to sign formal undertakings by the ICO for failing to cease making unsolicited marketing telephone calls to individuals after they had been expressly requested not to by the individuals or the individuals had signed up with the Telephone Preference Service. If the organisations breach the undertakings, the ICO has the power to take them to court immediately to obtain a court order.

Annual Report 2006/2007

The ICO has released its annual report for the period 2006-2007. The report reveals that the ICO received almost 24,000 complaints and enquiries concerning personal data during this period. The Commissioner's call for a debate on the UK's "surveillance society" sparked two Parliamentary inquiries. The ICO has also prosecuted 16 individuals and organisations within this period.

The ICO has also dealt with 75% of the 6,000 complaints that it has received under the Freedom of Information Act 2000. 82% more decision notices were issued during this financial year than during the previous financial year.

1.3 News from the Courts

BBC loses privacy case regarding rights of documentary participants (T v BBC [2007] EWHC 1683 (QB)).

The BBC has been ordered by the High Court to obscure the identity of a woman who consented to participate in a documentary about adoption in order to protect her privacy. The woman, who suffers from a mental disorder, was held to be a vulnerable adult and therefore not capable of giving informed consent to participate in the programme which depicts her last meeting with her two year old daughter before she was given to her adoptive parents. Mr Justice Eady said that the balance of issues weighed heavily in favour of the woman's right to privacy (under Article 8 of the European Human Rights Convention) as opposed to the BBC's right to free speech.

Chester fraudster sentenced to 20 months in prison for bogus notification requests

A 37 year old man from Chester was sentenced to 20 months in prison by Liverpool Crown Court for fraudulently obtaining over £400,000 from businesses in the region by pretending to be an agent of the ICO and requesting between £95 and £135 as a notification fee. He is also subject to further investigation and financial confiscation under the Proceeds of Crime Act.

JK Rowling loses privacy battle

JK Rowling and her husband (on behalf of their son David) lost a court battle over the publication of a photograph of their son which appeared in the Sunday Express magazine. They brought proceedings against the photographic agency Big Pictures (UK) and Express Newspapers for damages/an account of profits and sought an injunction to ban further publication of the photograph. They alleged breach of confidence, a violation of David's basic human right to privacy and the misuse of private information under the Data Protection Act 1998.

Mr Justice Nicholas Patten, in the High Court, dismissed the suit before it reached trial saying that legal action had no reasonable or realistic chance of success. He described the case as "unusual", and added that David was not alleged to have "suffered any personal distress" as a result of the picture being taken. Rowling and her husband were ordered to pay £40,000 interim costs to Big Pictures, pending the outcome of an appeal. A temporary ban has been placed on publication of the photograph until the appeal has taken place.

1.4 Miscellaneous

YouTube implicated in DPA breach

A pregnant woman published a video on YouTube showing a meeting that she had with social services personnel in which she and her husband were told that, although they posed "no immediate threat" to their child, the council would seek a court order once it was born that it go into foster care. Calderdale council accused the woman of breaching the DPA by recording the social workers "without their knowledge or consent" and publishing the video on YouTube. The council has also taken legal action against YouTube to have the video removed from the website. It has concerns that "because the case involves court proceedings, it could prejudice child protection and safeguarding outcomes".

The exemption in section 36 of the DPA (use for domestic purposes) is unlikely to apply because the video was published on the internet and made freely available.

Chinese Privacy Law will be introduced next year

In order to combat the recent rapid increase in the misuse of personal data, China is expected to introduce a national data protection law next year. The draft law, which is about to be submitted to the State Council Legal Affairs Office, sets out basic principles that organisations should follow when they are handling the personal information of individuals and contains penalties such as fines and/or imprisonment for anyone who breaches the law.

Privacy breach causes loss of personal data from Monster.com

US job-seeking website, Monster.com, was the subject of the theft of personal data from its website when someone hacked into it and stole the personal data of 1.3 million users. The hackers, pretending to be potential employers, sent emails to job seekers requesting their bank account details. The emails also contained links leading to downloads of malicious software. This has reignited the debate over whether companies that are subject of data security breaches such as this should notify the relevant authorities.

2. European Community

Copland v United Kingdom

In the recent case of Copland v UK (62617/00 [2007] ECHR 253), the European Court of Human Rights in Strasbourg confirmed that employees' use of telephone, internet and email at work for personal purposes is included within the definition of "private life" and "correspondence" for the purposes of Article 8 of the European Convention on Human Rights.

The applicant in this case, Lynette Copland (a UK national) was employed in 1991 by Camarthenshire College, a statutory body administered by the state. Ms Copland's telephone, email and internet usage at work was monitored for several months in order to ascertain whether she was making excessive use of the College facilities for personal purposes.

As Ms Copland had not been given any warning that she may be subject to monitoring, the Court held that she had a reasonable expectation as to the privacy of the telephone calls that she made, the internet sites that she visited and the emails that she sent at work. Accordingly, the College's actions amounted to an infringement of Ms Copland's Article 8 rights.

At the time of the monitoring in the late 1990s, there were no provisions, either in the College rules and policies or in domestic law, regulating the circumstances in which employers could monitor employees' telephone, email and internet usage. On that basis, the Court held that the College's interference with Ms Copland's Article 8 rights was not "in accordance with the law".

It is likely that the decision in this case would have been different if Ms Copland had been made aware of a lawful policy of monitoring telephone, email and internet usage at the College. Also, the Lawful Business Practice Regulations 2000 (made under the Regulation of Investigatory Powers Act 2000), which allow employers to monitor employees' communications subject to certain conditions, were not in force at the time of the acts complained of.

Article 29 Working Party Opinion re: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian based cooperative owned by roughly 7,800 financial institutions in more than 200 countries. SWIFT facilitates the international transfer of funds between institutions and processes an average of 12 million messages daily relating to the financial transactions of EU and US citizens.

In June 2006, it was revealed that SWIFT had provided personal data relating to international banking transactions to the US Department of the Treasury (UST) since the end of 2001. Information was provided on the basis of subpoenas for terrorism investigations purposes but without prior notice to the customers involved. UST said the access was essential for its global drive to deprive suspected terrorists of funding sources.

On 27 September 2006 the Belgian data protection authority decided that the transfer by SWIFT of personal data to SWIFT's US operation centre was in breach of Belgian data protection laws. On 22 November 2006 the Article 29 Working Party adopted an Opinion on the processing of personal data by SWIFT concluding that SWIFT and the financial institutions were jointly liable for the violation of the Data Protection Directive (95/46/EC) by transferring personal data "in a confidential, non-transparent and systematic manner for years." The Opinion concluded that SWIFT had violated EC data protection rules in two ways: (i) by transferring messages containing personal data about EU citizens to its US operation centre; and (ii) disclosing the data to the UST in response to subpoenas.

In June 2007 the European Council received a letter from the US Secretary for the Treasury giving unilateral representations relating to the processing and protection of personal data subpoenaed by UST from SWIFT under the Terrorist Finance Tracking Programme (TFTP). The representations detail the controls and safeguards governing and handling the use and dissemination of data by the US authorities and take account of EU data protection concerns.

The representations comprise one of the three main components which will address SWIFT's infringement of European data protection legislation. As a second step SWIFT is in the final stages of discussion with US authorities regarding entry to the Safe Harbor scheme. This scheme provides for an adequate level of protection for data transfers from the EU to US organisations which have joined the scheme. As a third step SWIFT and the financial institutions which use its services are working to ensure that customers are properly informed that their data will be transferred to the US for commercial purposes and could be accessed by the UST under the TFTP.

Google's amends privacy policy following Article 29 Working Party opinion

Google's ability to collect and join up data on its users has attracted attention from privacy activists this year. Concern has centred around Google's market dominance, the vast amount of data that it collects and its ability to share extracted data.

In response to pressure from the Article 29 Working Party, Google has changed its privacy policy twice in four months already this year. In June, Google announced that it would anonymise search data after 18 months so that data cannot be connected to users. The earlier concession to anonymise search data after an 18 - 24 month period did not "meet the requirements of the European data protection framework" according to the Working Party.

Google has also announced that it will shorten the life of cookies from 30 years to 2 years. Cookies will auto delete after 2 years unless the user returns to a Google site within the 2 year period prompting resetting of the time period. Internet users are free to delete cookies from their web browser manually at any time and can control which cookies from which websites are stored on their computers. However, Google's changes may not have assuaged the Working Party's concerns.

Other major search engines are reported to be following Google's lead in limiting the collection of information about web users and their searches. The Article 29 Working Party, while analysing Google's response to its criticism, has announced that it will review the privacy policies of other internet search engines and consider the data protection issues raised by search engines in general.

New Agreement on Airline Passenger Data Transfers to US

In May 2006 the European Court of Justice (ECJ) annulled the Decisions of the European Commission (on adequacy findings) and the European Council (on conclusion of agreement on PNR). The ECJ made its rulings on the basis that the legal grounds for both of the Decisions were incorrect. An interim agreement between EU and US then took effect with a deadline of 31 July 2007 for a comprehensive deal to be concluded.

The new agreement (the Agreement), which was formally endorsed by the Council of Ministers on 23 July 2007, came into force on 1 August 2007 and will be valid for 7 years. The Agreement is accompanied by an Exchange of Letters in which the US provides a set of assurances to the EU regarding the way in which PNR data will be handled and the EU confirms that on that basis the level of protection of PNR data is adequate.

As from 1 January 2008, EU airlines that have a system compatible with US technical requirements will be required to "push" relevant PNR data to the US. This replaces the previous "pull" system which allowed the US to access reservations systems to seek out the data it was looking for. However, the transition to a push system does not confer on the airlines the right to decide when, how or what data to push.

The key elements of the Agreement are set out below:

  • The number of data elements collected will be 19 instead of 34. However this reduction has been described as a largely cosmetic operation, resulting from merging and renaming data fields rather than actual deletions.
  • The data will only be used for the purpose of preventing and combating terrorism and related offences that are transnational in nature and it will only be shared with other US government agencies engaged in combating terrorism and related offences.
  • Sensitive personal data must be filtered and deleted unless accessed for an exceptional case. If so, the Commission will be informed that the data has been accessed.
  • Data will be retained in an active database for up to seven years, after which time the data will be moved to dormant, non - operational status for up to eight years.
  • The implementation of the Agreement and the Letter will be periodically reviewed.
  • The US has made a policy decision to extend the access and redress mechanisms to all people irrespective of citizenship and country of residence.

Article 29 Working Party Opinion on "personal data"

The Article 29 Data Protection Working Party issued a non-binding opinion on the concept of "personal data" on 20 June 2007. Its objective is to set out common ground amongst Member States regarding the concept of "personal data". It also makes suggestions on how the Data Protection Directive 95/46/EC can be applied at a national level throughout the EU.

The Working Party interprets "information" widely in contrast to the approach adopted in the Durant case and, in particular, states that information may relate to an individual even if the individual is not the focus. The Working Party adopts a three-pronged approach to deciding whether information relates to an individual or not. The information must be looked at from the point of view of "content", "purpose" and "result". Only one of these three elements must be present when deciding whether or not data relates to an individual.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.