Posts Tagged 'Data Protection'

Data chief’s guide launch foiled by journalists

Like mentioning Rocky in any article associated with boxing; mentioning “the nativity play” and “photography” is becoming a hardy perennial for journalists tasked with writing about the Data Protection Act.

The story that the journalists were invited to cover was the Information Commissioner’s new “Guide to Data Protection”. The press release states that the Guide’s purpose is to provide practical advice to those with day-to-day responsibility for data protection, by taking a “straight-forward look at the principles of the Data Protection Act”. The Guide is 92 pages long, a length which initially sounds excessive. However whilst I haven’t read it all, a quick look suggests that it is going to be pretty useful. In fact, it has apparently received accreditation from the Plain Language Commission as a Clear English Standard winning document.

However most news stories about the Guide have eschewed any kind of discussion or appraisal of it in favour of yet another article about whether or not the Data Protection Act can prevent you from taking photographs of your kids at their nativity play.

This has been a sturdy story since the Act was first introduced, despite the Information Commissioner first providing guidance on the subject way back in 2005.

Once and for all – the Data Protection Act doesn’t prevent parents taking photographs of their children and friends participating in school events. If the photographs are for personal use then they’re not going to be covered by the Act.  (Although Douglas did mention something about the possibility of infringing the kids’ performance rights if you video the play!)

Now, if you excuse me, I have to go and write a piece about a bid for a dramatic eleventh hour mercy dash, possibly involving a cat, a fire chief and a blazing inferno.

In a Spinvox over data protection…

Another day, another data protection story in the news.

This time, it’s voicemail to SMS text provider Spinvox that has hit the headlines.

Spinvox provides a novel service which claims to use automated technology to convert voicemails into SMS texts or emails. Its entry in the Information Commissioner’s register of data controllers states that in doing this it will not transfer any personal data outside the EEA.

Spinvox has become unstuck over allegations that some of the messages are converted to text by humans (not computers) in call centres outside the EEA. Spinvox claims that such messages are anonymised (by removing identifiers such as the email address and mobile number). However, there are further claims that some of those messages processed by the call centres contained commercially sensitive and personal information, which allow the user of the service (and others) to be identified.

Whether or not Spinvox is actually in breach of the Data Protection Act (DPA) and its notification to the Information Commissioner is unclear. What the story does demonstrate, however, is that you cannot assume that simply removing external identifiers (such as email addresses and mobile numbers) is enough to anonymise the data and take it outside the ambit of the DPA – the content of the information may itself be inherently “personal”.

The story also emphasises the importance of data controllers ensuring that their notifications to the Information Commissioner and privacy policies are correct and up to date and give users true transparency over how their data will be processed – for example, explaining to users that their information may be transferred outside the EEA for processing and explaining the steps that the data controller will take to to keep that information secure.


Twitter: @BrodiesTechBlog feed

November 2017
« May    

%d bloggers like this: