 |
|
| CURRENT SECTION :: News | UK's most visited IT Contractor Site - 250k unique visitors March 2008 |
|
 |
Information Commissioner Richard Thomas wants better controls on burgeoning public and private sector databases of personal information. But his recommendations ignore the risks posed by outsourcing – and the contribution made by contract professionals. They seem to know a lot about you, even if you have never dealt with their company before. But the give-away, if you've moved house in the last few years, is that the tele-marketer will have an old address for you, or some other out-of-date detail. They are using a version of the electoral register from before 2002, when full copies were available to anyone who wanted to buy them. (The chances are that they also won't know whether you've used the Direct Marketing Association's opt-out register to block marketing calls. These are companies operating outside any regulation.) In 2002, an amendment to the Representation of the People Act put a stop to the sale of the full register, enabling us to opt out of the commercial version by ticking a box. But use of these old registers means that our details can still be obtained. Following thousands of complaints, Information Commissioner Richard Thomas clamped down on a service called B4U and others who were making this old information available. Now Thomas has recommended that even the edited version of the electoral register should not be sold for commercial purposes. In what's been described as "a return to the pre-Internet Age", the register will still be available for viewing – but only at the council offices or public library. The Direct Marketing Association isn't happy, as a spokesman explained: "Removing access to the edited register for data cleaning purposes will make it harder for marketers to target accurately and effectively." Tough for them, but as private citizens, most of us will be pleased to become hard targets. Councils, too, are pleased, as a spokesman for the Local Government Association told the BBC: "It's no skin off our noses to stop running two registers. It's difficult, and fiddly. And, quite frankly, the only reason we do it is because the government forced us to so when they changed the rules in 2002." Restoring the electoral resister to the purpose for which it was created is only one of the recommendations of the Data Sharing Review report by Commissioner Thomas and Mark Walport of the Wellcome Trust. The review was commissioned by the Prime Minister against the rising public distrust of data handling by governments, banks and others. Remarkably, Gordon Brown asked for it a full two months before the first of the recent high profile losses of public data, the disappearance of two unencrypted CR-Roms containing records of 25 million children and adults en route between HMRC and the National Audit Office. "The advent of large computer databases has allowed the loss of massive datasets in ways that were simply impossible with paper records," the report says. It quotes a European Commission study which shows that Europe as a whole distrusts the people who handle our personal information. "Medical services and doctors were trusted by 82 per cent of EU respondents, and the police by 80 per cent; for the UK those figures were 86 per cent and 79 per cent respectively. By contrast, mail order companies were trusted by just 24 per cent of EU respondents and travel companies by 32 per cent. In the UK, those figures were 26 per cent and 35 per cent respectively. Market and opinion research companies scored lowest among UK respondents, achieving a 25 per cent trust rating." And 66 per cent of respondents reported a decrease in their level of trust in established institutions (such as government departments) to manage their personal information correctly. Among Thomas and Walport's recommendations are improved training for management and staff, and perhaps a data privacy qualification of the kind in operation in the US and other parts of the world. But one glaring omission is any consideration of the role of contractors in data-sharing –and at least one of the breaches of the past year involved a contractor who had taken discs home to work on. You will also look in vain for any mention of outsourcing –despite the fact that another breach involved data being processed in the USA. In fact, it's hard to see how anyone working outside a public or private sector organisation is supposed to keep up, since the authors dismiss the role of ISO standards. "It would be a mistake to try to mandate a specific security standard, whether based on the ISO 27000 series or otherwise. Rather, there should be a continuously evolving technology of best practice in the use of computer systems as tools to store and share personal information securely." Many of the consultants who provide ISO 27000 certification and advice are contractors, who have worked hard and spent a lot of money to obtain their qualifications. Thomas and Walport take a benign view of the private-sector companies which "make extensive use of personal information as they market their goods and services, and seek to satisfy our needs and our desires as consumers". But a far nastier picture emerged from two reports in June by the Penemon institute, a privacy and security research organisation in the US. According to Ponemon, 61 percent of UK marketing professionals had experienced loss or theft of customer information in the previous 24 months, but 90 percent of them had failed to report it. And in the US, Ponemon found that marketers were willing to share personal information such as credit card numbers, social security and bank details and even intimate information such as sexual orientation, regardless of the customer's statutory privacy rights. Ponemon also found that data breaches among companies who outsourced their marketing were 20 percent higher than those who kept them in house. So the people who present the highest risk aren't covered in Thomas and Walport's recommendations, while some of the professionals best qualified to improve matters – contract privacy and security specialists - are marginalised. Nick Langley Jul 14, 2008 Email this article Printer friendly page Previous Page
|
|
  |
||||||||||||||||||||||||
| All content © Contractor UK Limited | http://www.contractoruk.com/lists/?p=subscribe&id=1[Register for News Letter] | [Privacy Statement] | [Terms of Use] | [Top of Page] |