UK: Weekly Roundup Of Data Issues – 29 June 2010

UNITED KINGDOM

Police to investigate Google Street View complaints

The Metropolitan Police are investigating Google's action in collecting data from unsecured home Wi-Fi networks, which could be in breach of the Regulation of Investigatory Powers Act.

The investigation follows a complaint by Privacy International about the way that cars gathered information for the Google Street View project. The investigation will mean that staff at Google's UK office will be interviewed and the company's data scrutinised.

Click here to view the article.

ICO publishes Corporate Plan

The Information Commissioner's Office (ICO) has published its new Corporate plan for 2010-2013. This outlines the ICO's work programme for the next three years.

Click here to view the corporate plan.

Confidential personal information stolen from Kent Police

Kent Police is taking remedial action after the ICO found it in breach of the DPA. In this case documents containing confidential personal information were stolen from the boot of a policeman's car while parked overnight at a residential address.

Click here to view the article.

Action taken after IPCC fails to respond to FOI requests

The ICO has taken enforcement action against the Independent Police Complaints Commission (IPCC). The enforcement notice indicates that 69 freedom of information requests were not resolved within the necessary legal timeframe.

Click here to view the article

Review of voluntary Lending Code

The Lending Standards Board announced that an independent review of the Lending Code commenced on 18 June. The Code sets standards of good practice in relation to personal unsecured loans, credit cards and overdrafts and lending to micro-enterprises. A revised Code will be published in March 2011.

Click here to view the article

Notification of Data Security Breaches to the ICO

The ICO has issued a new note on the Notification of Data Security Breaches.

Click here to view the article

EUROPE

EU clarifies rules on online behavioural advertising

The EU's Article 29 Data Protection Working Party has released an Opinion clarifying how EU rules apply to online behavioural advertising. Firms engaged in online behavioural advertising must abide by EU electronic privacy rules requiring online sites to obtain "informed" consent from users before installing tracking devices such as cookies on internet users' computers. The Opinion rejects the advertisers' view that any user who doesn't block cookies is effectively giving consent.

Click here to view the article

EU states UK data protection laws need strengthening

The European Commission has requested the UK to strengthen the powers of its data protection authority so that it complies with the EU's Data Protection Directive. The Commission request takes the form of reasoned opinion which is the second stage under EU infringement procedures. The UK now has two months to inform the Commission of measures taken to overcome its shortcomings and ensure full compliance with the Directive. The particular concern is the limitations on the ICO's powers i.e. it cannot perform random checks on organisations holding personal data. The ICO has said that it looks forward to providing input into the UK Government's response with the Ministry of Justice.

Click here to view the article.

EU promises public consultation on online data protection

Viviane Reding, Commissioner responsible for Justice, Fundamental Rights and Citizenship, has promised to launch a public consultation into online data protection issues across the EU, but believes that industry self-regulation should remain at the core of any new legislation.

Click here to view the article.

Commission v Bavarian Lager Case C-28/08, 29 June 2010

The Court of Justice of the European Union has published a decision which defines the scope of the protection of personal data in the context of access to documents of the Union institutions.

Click here to view the article.

INTERNATIONAL

Hong Kong Privacy Commissioner issues data breach handling and notification guide

The Hong Kong Privacy Commissioner for Personal Data has issued a guidance note on "data breach handling and breach notification".

The guide recommends that entities that suffer a data breach follow a four step approach.

Supreme Court decision on workplace monitoring - Quon v Arch

The US Supreme Court has ruled that the Police Department of California did not violate an officer's Fourth Amendment rights when it reviewed text messages the officer sent using a work used pager. The Court found that accessing the device was motivated by a genuine work related purpose, was reasonable in scope and not excessively intrusive.

SeCure

SeCure is Addleshaw Goddard's unique, holistic and pragmatic approach to information management for organisations who have suffered an information breach or who may be concerned about their potential exposure. SeCure seeks to minimise risk and the impact of information losses on an organisation's business, through three interdependent approaches, addressing the commercial and legal requirements at each stage of the information management cycle.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.