What the Information Commissioner’s annual report for 2002 does not say about the private security industry is as interesting as what it says.
The CCTV industry must be getting data protection right, judging by the Information Commissioner’s annual report for 2002: the subject does not rate a mention. The first topic aired in Information Commissioner Elizabeth France’s report is the fight against terror after 11-9, and in the UK the Anti-Terrorism, Crime and Security Act 2001.
<br><br>
Comment
<br><br>
The IC’s office has seen both a huge rise in workload and staff to deal with it, and is concentrating on misuse of databases for commercial (such as tele-marketing) gain. Enforcement action takes months and results in a handful of cases going to court, leading at most to fines. Public space CCTV does not appear to be on the Information Commissioner’s radar – an (unstated) tribute to the CCTV industry’s untold man hours working within data protection law, and to be seen to work within the law, to satisfy civil liberty fears. Full report on Information Commissioners’s report on Professional Security website.
<br><br>
Anti-terror
<br><br>
The report says: ‘This includes significant features such as removing barriers to information sharing between official bodies and seeking to extend the period of retention of data by telephone, internet and other communication service providers.’ At UK and Europe level the IC has called for what it calls ‘a measured response that does not compromise personal privacy without some firm evidence that doing so will really help address the terrorist threat’. Other topics range from commercial use of the electoral register, to raising public awareness generally, to unsolicited marketing by telephone and fax, and law enforcement agencies’ holding of data to the the ‘BAIRD project’ – a joint initiative between the Information Commissioner, the Department for Work and Pensions (formerly DSS) and the Inland Revenue. The initiative aims to identify organisations ‘who unlawfully and systematically obtain, or seek to obtain, personal details from those agencies and then pass that information to their clients at a price’. investigators from the Department for Work and Pensions and Inland Revenue were attached to the IC’s Investigation Department from August 2000 to March 2002. The report adds: ‘Prosecutions have been recommended against a number of organisations, others continue to come under the close scrutiny of the investigators.’
<br><br>
Electoral register
<br><br>
As for use of the data on the electoral register, the annual report speaks of ‘long held concerns about the current availability of electoral registration information’, particularly as used by direct marketing, credit referencing of ‘information database’ companies. She concludes that ‘So far as the electoral register is concerned the challenge for us now is to ensure that the regulations that the Government are to bring forward effectively restrict access to the full register in a way that is consistent with both data protection and human rights principles. It is through these new regulations that we expect the privacy issues arising from ‘UK Information Disc’ and similar products to be addressed. While the register has been freely available for sale, those behind these products do not necessarily break the law provided that they suppress an individual’s details on request and, as we understand to be the case, no longer provide a reverse search facility based on telephone numbers.’ The Information Commissioner has welcomed the establishment of a framework for two versions of the register provided by the Representation of the People Act 2000 – a full version, with restricted uses, and an edited version which could be sold for any purpose. This edited version will not include details of voters who ‘opted out’. She quotes the Robertson test case found that the use of the electoral register for commercial purposes without an individual right of objection was a breach not only of the Data Protection Act, but also of the Human Rights Act.
<br><br>
Commissioner departs
<br><br>
Ms France, previously the Data Protection Commissioner, leaves to become Telecoms Ombudsman. The IC office by the end of the next financial year, according to the report, will be working ‘towards’ the British Standard for information security management, BS7799.
