Friday, 30 November 2012

ICO's code of practice on anonymisation

The Information Commissioner's Office has released its code of practice on anonymisation, following a consultation period earlier in the year.

It's quite a lengthy document, but is worth a look —
  • it reaffirms that anonymising data is an act of processing in itself, but one which is likely to be permitted under the "legitimate use" basis, and thus does not require consent;
  • there's an interesting discussion about the disclosure of anonymous data, and the "motivated intruder" test for determining whether something should be treated as anonymous or not; and
  • the second case study, on mobile footfall analytics, is particularly pertinent to the course here — my view is that the overall privacy harm (and public perception of the activity) would seem to demand more user control over the activity than ICO has seemed to suggest here.
What do you think? Does it set the bar too low, or it is realistic?
Posted by at No comments:

Tuesday, 27 November 2012

Unleashing the Potential of Cloud Computing in Europe


I saw this report from the EU commission and thougth to share it. It gives an overview and status of the cloud computing within the EU.

http://ec.europa.eu/information_society/activities/cloudcomputing/docs/com/com_cloud.pdf


Cloud computing requires clarity and knowledge about the applicable legal framework,
by making it easier to signal and verify compliance with the legal framework (e.g. through
standards and certification) and by developing it further (e.g. through a forthcoming
legislative initiative on cyber security).

Posted by at No comments:

Monday, 19 November 2012

Judge: Your boss has no right to your emails held by a third party


"Staff emails can’t just be accessed by a company whenever it feels like it, a UK High Court Judge has ruled, in what could be a guiding case on email privacy."

"The only way that emails could belong to a firm is if they contained copyrighted material or confidential information or if the employee’s signed contract with the firm already said so."


This is new to me, having been employed for so long, and it has  always been the case that employees should be careful on how to use their e-mails becuase the company has the right for accessing it.


Full text here.
Posted by at 2 comments:

Friday, 16 November 2012

Businesses need more guidance on how to verify cloud providers' data protection compliance, says EU watchdog


Organisations need to be provided with further guidance over how to ensure that the cloud computing providers they wish to contract with deal with personal data in a manner that complies with EU data protection laws, a privacy watchdog has said.

Full text here.

Certainly, personal data protection covers storing and processing within the cloud, therefore compliance with EU data protection laws is required.
Posted by at 3 comments:

Monday, 8 October 2012

Welcome to Information Security


As we start work on the module I want to make a posting which is perhaps rather different from the norm. If you have had the chance to look back at previous postings you will realise that they normally relate to topical issues. Today, I’m going to say a bit about myself and throw out some opening thoughts about the module.

I live in Glasgow and that perhaps says a lot about the potential of the Internet. I’m teaching this course for the University of Southampton which is about 500 miles away. I visit Southampton maybe 3-4 times a year and do the rest of my work over the Internet.

I’ve taught in the field of Information Technology Law for about 25 years. It feels longer.  My book on IT law is now in its sixth edition and I have a new book on Telecommunications Law due out early next year. Its aimed at the practitioner market and is being sold at an eye watering £150.

I’m married to Moira – who you will also get to know on the course – and we have 2 sons, Thomas and James.  Apart from the family another love of my life is Glasgow Celtic Football Club. If you ever want to contact me to ask a favour, you might check to see how we fared in our latest matches. We are doing quite well at the moment.

On to legal aspects of information security. We will start by looking at notions of privacy and then put this into an IT context by looking at what we in Europe call data protection  - and the rest of the world know as privacy protection. We will look at substantive provisions – such as the data subject’s (you and me) right to obtain a copy of data about us which is held on a computer – and then the internationally contentious issue of regulation of international (Transborder) data flows. . We will then switch focus somewhat and look at the topic of computer crime.

A few thoughts about privacy.  It’s certainly seldom out of the news. I was teaching in Tanzania a few weeks ago when the controversy erupted about the publication of topless photos of the Duchess of Cambridge. Breach of privacy was the cry. Three comments – or maybe points for you to ponder. Would anyone have been interested if the photos had been of Katy Ordinary Person?  In many respects the doctrine I linked to publication which is likely to affect only a few people.  A second comment.  You cannot view  the photos in any UK publication. I set my Tanzanian students the task of finding copies on the Internet. Time taken, less than 10 seconds.  Third comment and perhaps related to the previous  one. Traditional media outlets do try (generally) to comply with the law  and can face sanctions if they fail. I have a lawyer friend who is employed by a newspaper to read the text of every issue before it is published to ensure that it does not contain anything which is defamatory. Blogs and web sites are seldom so scrupulous. Last year, a famous English footballer secured an injunction to prevent publication of details of his private life (an affair with his brother’s wife). The injunction prohibited publication of anything that might identify him. At least initially, the injunction  was observed by the mainstream media.  Again, you could go on to the Internet and a couple of Google searches later you had all the salacious details. By my reckoning, however, 3 other footballers were (presumably) falsely identified on different web sites. Power without responsibility?

Anyway, please respond to this posting with a little bit of data about yourself and your thoughts, either about the points I have made or your own take on privacy. What, if any, aspects of modern Internet related life worry you?
 
Posted by at 2 comments:

Saturday, 6 October 2012

"NatWest suspends Get Cash app "

The bank NatWest has suspended its "Get Cash" application, which appears to have been used to commit fraud. Somewhat disappointingly, the bank does not appear to be in a hurry to provide refunds, blaming user behaviour rather than a platform which would appear to have a security problem enabling third party registration.

I'm a geek, but it makes even me think that ensuring the continuity of cash is a good idea!
Posted by at No comments:

"Facebook page shows Belfast women walking home after night out"

A piece on the BBC about a Facebook page showing photographs of women walking home after a night out, coupled with what is reported as some derogatory comments.

Fair depiction of actions in a public setting, or invasion of privacy? Censorship by the university or legitimate protection of students' privacy?


Posted by at 2 comments:
Subscribe to: Posts (Atom)