Monthly Archives: March 2015


The Open Rights Group (ORG) in association with some other NGOs is organising a series of general election hustings in Brighton, Bristol and Manchester.  Details of the hustings are on the following meet Up pages: Brighton : http://www.meetup.com/ORG-Brighton/events/221341373/ Bristol: http://www.meetup.com/ORG-Bristol/events/221436815/ Manchester: http://www.meetup.com/ORG-Manchester/events/221281329/

Open Rights Group General Election Hustings


2
Following a series of high-profile losses of customer’s personal data suffered by major companies such as Sony, Home Depot and Target, Erik Sherman considers on the CBS Moneywatch website why companies do not improve IT security and safeguards for customer data. The answer is that although the cost of remediation and fixes following such data leaks looks enormous to the average person, the financial impact on companies is negligible.  For example, when Target lost 40 million credit card numbers and 70 million other records, the cost after deductions was 105 million dollars which is less than 0.1 percent of the company’s revenue. Even the reputational damage to companies from huge data losses seems relatively short-lived.  Following a major breach of Sony’s network the Ponemon Institute polled consumers every 48 hours to check the company’s reputation.  After less than six months the Sony’s reputation had recovered its place to where it […]

The reasons companies don’t fix cyber security


Neal Keeling reports in the Manchester Evening News that an investigation has been launched after scores of hospital staff at Salford Royal Hospital allegedly broke data protection rules to look at a colleague’s medical records. The person’s records were accessed via the Electronic Patients Record system which was installed two years ago.  Some 7,000 health care professionals have access to the system which is supposed to have a high level of security control, with users receiving formal training in information governance on an annual basis. The member of staff whose records were viewed had been admitted to the hospital for treatment a few months ago and is now believed to have commenced legal action against the hospital.

Hospital staff breached rules to view colleague’s medical records



The Intelligence and Security Committee (ISC) has issued a report into surveillance by the security services in the United Kingdom.  The report titled “Privacy and Security: A modern and transparent legal framework” is the result of a review started by the ISC in 2013, following revelations by the former US Intelligence contractor Edward Snowdon about the extent of surveillance by UK and US intelligence services. The report considers whether current legislation provides sufficient oversight and accountability and the impact of surveillance on privacy.  It concludes that there is a lack of transparency around surveillance which is not in the public interest.  This has come about due to the way the legal framework has developed in a piecemeal fashion. The key recommendation of the report is that the current legal framework should be replaced by a single new Act of Parliament governing the intelligence and security agencies. The report can be […]

The Intelligence and security Committee (ISC) Report into Surveillance in ...


2
Kevin Rawlinson reports on the BBC news website that the Parliamentary Office of Science and Technology (POST), has issued a report which states that banning online anonymity networks such as Tor, would not be technologically feasible. POST, which provides analysis and advice to MPs on public policy issues related to science and technology also stated that there was: “widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK”. The report highlights that anonymity often had legal and socially useful benefits such as protection of whistleblowers. While trying to block such sites would present significant technical challenges, as demonstrated by the difficulties the Chinese government is having with trying to block access to Tor in order to enforce bans on unauthorised websites. The report contradicts the view of Prime Minister David Cameron, who earlier this year said that law enforcement should be […]

Banning Tor unwise and not feasible, MPs told


6
Gareth Corfield reports on the Register website that a Supreme court ruling has effectively given carte blanche to police forces to retain personal data they have collected for virtually any purpose and hold it as long as they like – even when the people targeted are not violent and have committed no crime. The case involved John Catt from Brighton who had lodged a legal claim against the police for keeping records about his attendance at various political protests going back a decade.  In 2013 the Court of Appeal ruled that it was illegal for the Police to retain such records; however, the police appealed to the Supreme court. A particular concern highlighted in the article with the judgment, is the argument put forward by the court that the retention of data for “police purposes” is inherently lawful, albeit with the proviso that it is “regularly reviewed” for deletion (although […]

UK Supreme Court waves through indiscriminate police surveillance



2
Libby Brooks reports in the Guardian that MSPs have voted narrowly in favour of plans by the SNP Scottish government for a new identity database. A proposal by the Scottish Liberal Democrats to treat the proposals for the database as primary legislation, which would require them to be subject to full parliamentary scrutiny was rejected.  However, the Scottish government has agreed to wait for the results of the consultation on the proposed database before moving forward.

Holyrood backs Scottish identity database


Severin Carrell reports in the Guardian that the UK Information Commissioner says proposals to put every Scottish citizen on a central database accessible to 120 public bodies, risks breaching data protection laws and privacy standards. The Scottish SNP Government wants a single central identity database known as “Myaccount”, which public bodies would use to allow users to access services.  However, the scheme is similar to the UK ID card and national identity register that was rejected on civil liberties grounds by the UK government in 2010. The Information Commissioners Office (ICO) said ministers had failed to carry out the necessary privacy impact assessment before drafting proposals, and had failed to explicitly set out the reasons why the new national database was needed.  It also said that Scottish ministers were unwise to reject the much more privacy-friendly system for accessing public services now being considered by the Cabinet Office, where an […]

Scotland-wide ID database risks personal privacy and civil liberties – ...


“The current proposals which are being consulted on represent a bigger threat to Scottish privacy than the UK wide Identity Card system proposed by the last government in Westminster.” – Guy Herbert, General Secretary, NO2ID What’s the issue? Currently the Scottish Government and National Records of Scotland (NRS) are consulting on proposals to change regulations that govern what personal information is stored on the National Health Service Central Register (“the NHSCR”), and who that information can be shared with. This consultation is entitled “Consultation on proposed amendments to the National Health Service Central Register (Scotland) Regulations 2006” . What’s the Problem with this? The consultation proposes increasing the information held on the NHSCR to include more detailed postcode and address information. It also proposes to allow a whole host of Scottish public bodies (around 120) access to this information. Examples of the bodies who would have access to this information include […]

Parliamentary briefing – Creation of a Scottish National Identity Register