"Using deception to obtain personal information – sometimes known as blagging – or selling it on without permission are serious offences that can cause great harm.
Fines are used to punish breaches of data protection laws, but they provide little deterrent when the financial gain exceeds the penalty.
Magistrates and Judges need to be able to hand out custodial sentences when serious misuses of personal information come to light. Parliament has provided that power, but Ministers have not yet brought it into force - they must do so."
"Victims of infringements of personality rights by means of the internet may bring actions before the courts of the Member State in which they reside in respect of all of the damage caused. However, the operator of an internet website covered by the e-commerce directive cannot be made subject, in that State, to stricter requirements than those provided for by the law of the Member State in which it is established."
The current approach to choosing between “opt in” and “opt out” is inadequate for NFC applications. Although consent is an important part of the perception of having control of one’s privacy, users cannot adequately asses how effective and at what point the individual knows when there is a default opt in or opt out...
The key danger is that the discussion of privacy in this domain will degenerate into debates over ‘regulation’ vs. ‘innovation’, as we have seen in so many other technology policy debates. For NFC to thrive, privacy must be considered in the design of the technology, the platforms, and the services.
Computerworld - The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE, a healthcare system for active and retired military personnel and their families.
The lawsuit, filed in federal court in Washington D.C. this week by four people whose data was allegedly compromised, seeks $1000 in damages for each of the 4.9 million individuals affected by the breach.
The suit charges TRICARE, the Department and Defense Secretary Leon Panetta with failing to adequately protect private data and of "intentional, willful and reckless disregard" for patient privacy rights.
TRICARE did not respond immediately to a request for comment.
In the complaint, the four plaintiffs faulted TRICARE for failing to properly encrypt the private data in its possession and for taking too long to notify victims of the breach.
The four plaintiffs are Virginia Gaffney, a Hampton, Va.-based individual who described herself in court papers as the spouse of a decorated war veteran; her two children; and Adrienne Taylor, a Glendale, Az. Based Air Force veteran.
TRICARE in September disclosed that sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after unencrypted backup tapes containing the data went missing.
The information on the tapes was from an electronic healthcare application used to capture patient data. The backup tapes were stolen from the car of an employee at Science Applications International Corp. (SAIC), a TRICARE contractor. The breach affects all those who received care at the military's San Antonio area military treatment facilities between 1992 and Sept. 7. 2011.
Lawsuits such as this one have become increasingly common in the immediate aftermath of a major data breach.
Earlier this month, for instance, Stanford Hospital and Clinics was hit with a $20 million proposed class action lawsuit for a data breach involving a third-party contractor. And major breaches such as the ones at Heartland Payment Systems, TJX and Hannaford Bros. have all prompted their share of consumer lawsuits charging the companies with negligence, breach of contract and other charges.
In many cases, courts however have tended to dismiss lawsuits in data breach cases. Several courts have held that consumers cannot claim compensatory or punitive damages in data breach cases unless they can demonstrate that they have suffered actual monetary damage as the result of a breach.
The notion that someone might become the victim of ID theft in future because of a data breach cannot be used as a basis for claims, courts have held.
One exception was in the Heartland case, where the company agreed to pay $4 million to settle claims stemming from several class-action lawsuits.
I thought that other students particularly US nationals may find this of interest. Whilst I was researching privacy I came upon the New-born Screening for Genetic and Metabolic Disorders Act (I think that is the correct title or something very similar). What I found interesting is that the Act, intended to be used to establish genetic abnormalities in new-borns, may have a more sinister application. Although US legislation is not my forte it appears prima facie that this Act gives unprecedented access to the DNA profiles of all US New-borns (born after 2007/8). Furthermore, it appears that parents/guardians do not have to give consent for the clinicians to take samples.
What surprises me is the apparent lack of protest against such a database. If a government body is to administer the database, what is to stop other agencies in the future such as the FBI using the database for criminal investigation? If all new-borns have their DNA profiles taken then eventually the US will have an absolute DNA database excluding only those who are born without medical supervision.
In Europe the ECtHR case – S and Marper v United Kingdom [2008] ECHR 1581 was a clear indication of the illegality of collecting such databases. For example, in Scotland if you commit a non-serious crime your DNA profile taken at the police station will be destroyed within a set period. Although, in England and Wales the Home Office is much more unsure on how it should proceed.
Should information which is derived from a biological source be of greater importance for protection? And if so should the state face specific legal obligations for its safe and secure eradication? Most of the Home Office literatures are guidelines.
