1 2 March 2004

News:

Experts fear that the threat of phishing scams is not being taken seriously enough and are concerned that the public is being given poor advice,. The scam, which involves customers being sent to a dummy site, where fraudsters harvest personal security details, is becoming increasingly sophisticated.

European data protection officials issued fresh guidance on February 27 in an attempt to harmonise in practice the rules governing unsolicited electronic marketing.

German retailer Metro Group’s decision to shelve embedded Radio Frequency Identification chips in its loyalty cards will be of interest to retailers and privacy lobbyists. 10,000 cards are to be replaced with more traditional, bar-coded store cards after privacy groups alleged that the cards could enable stores to track customers secretly while they shopped. While a Metro spokesperson denied that the cards were ever used to store or process customer behaviour, the concerns raised were being taken seriously enough for the cards to be replaced.

Features:

When I arrived at Washington DC’s airport in the middle of February this year to attend a gathering of data protection professionals, I was expecting to see a grey sky and a snow blizzard. However, the USA capital greeted me (and the other 500 delegates attending the International Association of Privacy Professionals’ 4th Annual Privacy Summit) with a bright sky and spring-like weather. It was a real surprise that set the tone for what I was going to see and hear for the following two days.

Data retention and vetting burst into the headlines in the UK following the conviction of Ian Huntley for the Soham murders. Claims that crucial information had been deleted from police computers because of the requirements of the Data Protection Act led to an outcry. This article examines the obligations of public authorities and the poice force under the Act.

On 1 February, the Information Commissioner issued a new short guidance note - CCTV systems and the Data Protection Act 1998 (Ref JB v.5. 01/02/04). The guidance makes clear that many organisations that only use basic CCTV systems will no longer have to comply with the Data Protection Act 1998. This article looks at what the guidance means for both business and public authorities.

Data protection training is a regular feature in Data Protection Managers’ job descriptions. However, it is not a particularly easy aspect of the job to implement. Seattle-based training expert John Block considers some critical elements that apply to privacy awareness training.

The impact of data protection in corporate transactions is often overlooked. Nevertheless, a customer database is often one of the most valuable assets of a business and a failure to transfer customer data lawfully to a purchaser of the business could result in the buyer having to incur considerable costs in overhauling its data processing activities in order to achieve compliance with the Data Protection Act (“the Act”).

This article considers the right of privacy of personal information under the DPA and the right to demand openness of public authorities under the FOIA to be "two sides of the same coin", rather than contradictory concepts. Nevertheless, compliance with both Acts will require care and public authorities need to prepare themselves for 1 January 2005 when the FOIA comes fully into force.

Multi-nationals face numerous issues when they export personal data, particularly sensitive data. This article welcomes the Binding Corporate Rules and believes that, combined with a pragmatic regulator, export of personal data should now be simpler and easier.