Archive for the ‘Data Protection’ Category

O’Dwyer extradition raises copyright profile

Monday, March 19th, 2012

As Cameron and Obama were recently discussing the current extradition laws between the 2 countries, Home Secretary Theresa May approved the extradition of Richard O’Dwyer to the US, after a UK court had earlier decided he could be extradited for copyright infringement for hosting sites that provided links to unauthorised copyright material on other sites, which could then be download.

Mr O’Dwyer argues he had not downloaded the infringing material but merely directed searchers to other sites.

The two countries’ copyright infringement laws differ; Mr O’Dwyer is facing a maximum penalty of 5 years imprisonment in the US, compared with 2 years in the UK.

This decision will certainly concern UK infringers; although whether this will set a precedent will perhaps depend on Cameron and Obama’s recent discussions. Either way, we can be sure that Mr O’Dwyer’s case will only add to the current debate on whether UK copyright law can stand up to technological advances.

Laura Mackenzie

Laura Mackenzie
0121 237 3959
lmackenzie@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 10.0/10 (1 vote cast)

Tags: , , , , , ,
Posted in Commercial contracts, Data Protection, IT Contracts | No Comments »

Beware the Data Punishment Act

Monday, February 20th, 2012

Three Councils have recently been handed significant fines by the Information Commissioners Office (ICO) for serious breaches of the Data Protection Act 1998.

Whilst the Information Commissioner and the Department for Communities and Local Government hoped that the ICO’s powers to use monetary penalties would need to be used “only sparingly” the total fines imposed since May 2010 exceed £1M. These latest cases highlight just how serious the ICO takes breaches in the safeguarding arena.

To prevent being caught out it is clear that robust systems need to be put in place to ensure that sensitive information is properly managed and carefully disseminated. The ICO emphasized procedures and training as being fundamental to any Data Protection system.

I wonder what the ICO would have done if the Councils had demonstrated effective systems and shown that these employees had received training on those systems, and the loss was simply a matter of bad luck.

Posted by Ceri-Sian Williams, who specialises in defending claims brought against social services

Ceri-Sian Williams

Ceri-Sian Williams
0115 976 6563
cwilliams@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 3.0/10 (1 vote cast)

Tags: , , , , , ,
Posted in Data Protection, Social Care | No Comments »

Social media – its role in the riots

Thursday, August 11th, 2011

Its apparent that social media has been used extensively by those involved in the riots to organise and incite unrest. BlackBerry Messenger (BBM) has been the most popular method of communication with messages then being posted on social network sites like Twitter and Facebook to increase circulation.

Research in Motion, the maker of BlackBerry and a global leader in wireless technology, has committed to assist the authorities ‘in any way it can’ and the police have said they will track down and arrest those who have posted ‘really inflammatory’ messages on BBM and social network sites.

However, its going to be a difficult task due to the number of messages involved, potential resistance from media companies to handover user details and, because BBM messages are usually encrypted when they leave the sender’s phone making tracing calls difficult.
The police will have to adapt their own policing methods to tackle this use of technology as a means of organising unlawful activities.

Posted by Sara McNeill, who specialises in non-contentious intellectual property matters, including licensing, franchise, collaboration and development arrangements and IP audits and strategy; experienced in drafting and advising on commercial agreements.

Sara McNeill

Sara McNeill
0121 237 3930
smcneill@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 10.0/10 (1 vote cast)

Tags: , , , , , ,
Posted in Brands, Data Protection, Intellectual Property | No Comments »

Cookie law change on the horizon

Thursday, May 19th, 2011

The new Privacy and Electronic Communications (EC Directive) (Amendment) Regulations will come into force from 26 May 2011. The regulations cover any information which may be stored on, or accessed from, a user’s computer, but for the sake of brevity such information will be referred to as cookies.

The position prior to the amendment was that websites needed to inform users ofcookies how they used cookies and how users could opt out.

The new position is that websites must obtain the consent of users before storing any cookies which are not strictly necessary to the functioning of the website, or for the sole purpose of transmitting communications. Consent could be gained through the use of pop-ups, splash pages or notices on web pages.

The Information Commissioner’s Office has provided useful guidance here. Initially it seems the ICO will leave it to site operators to decide the best ways to obtain consent, treating operators who can show they have taken steps to comply more leniently than those who cannot.

Posted by Simon White, who specialises in drafting and advising on commercial contracts, advice to public and private sector bodies on data protection and freedom of information.

Simon White

Simon White
0115 976 6532
swhite@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 10.0/10 (1 vote cast)

Tags: , , , ,
Posted in Advertising & Marketing, Data Protection | No Comments »

Switching to cloud computing – a sensible move for the insurance CIO?

Thursday, April 28th, 2011

It’s always useful, when advising on issues such as cloud computing, to hear the views of CIOs, so I was delighted to be invited by Post Magazine to be part of a round table discussion on the subject – looking at cloud computing in the insurance sector.

To me, the benefits of cloud computing make a switch nearly inevitable, although there are some significant and justifiable fears about both data security and availability – particularly in the light of recent events, making the choice of a private cloud the more palatable option for critical business functions.

There are practical restraints on use of cloud computing in the insurance sector but the consensus was that these could be overcome. Indeed, several of those present were actively looking at a switch to cloud computing in the near future.

With the right contractual assurances and safeguards in place it seems cloud computing is coming – even to the (traditionally risk-averse) insurance sector.

Posted by Richard Nicholas, who specialises in commercial, IT and outsourcing agreements, complex projects for private and public sector clients, collaboration, distribution & agency contracts, e-commerce and consumer law.

Richard Nicholas

Richard Nicholas
0121 237 3992
rnicholas@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 0.0/10 (0 votes cast)

Tags: , , , , , , ,
Posted in Commercial contracts, Data Protection, In-house Lawyers, Insurance, Insurance - Advisory, IT Contracts, Outsourcing | No Comments »

Government ICT strategy launched

Wednesday, April 6th, 2011

The UK Government recently released its ICT Strategy following on from manifesto commitments made prior to the election.

It makes for interesting reading. The proposals for the sharing of IT infrastructure is one that struck a particular chord as it’s one that we recently advised on and seems a common sense approach to making ICT more efficient.

Other proposals worth picking up are the preference for open source software where possible, to make greater use of cloud computing, a presumption against large projects and an environment for SMEs in particular to be able to access contracts and to test solutions.

Inevitably, given the scope of the strategy, it is short on detail on any one area. Some areas however (cloud computing, use of open source solutions, use of many providers) will need careful management if government-held data about all of us is not to be kept securely. Data security is likely to be key to ensuring that these proposals turn out as planned.

Posted by Richard Nicholas, who specialises in commercial, IT and outsourcing agreements, complex projects for private and public sector clients, collaboration, distribution & agency contracts, e-commerce and consumer law.

Richard Nicholas

Richard Nicholas
0121 237 3992
rnicholas@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 0.0/10 (0 votes cast)

Tags: , , ,
Posted in Data Protection, IT Contracts, Local Authorities, Outsourcing, Projects & partnerships, Public Sector | 3 Comments »

An eye for an eye makes the whole world blind

Friday, December 10th, 2010

Online freedom of speech activists continue to campaign against companies that have declined to do business with WikiLeaks. Companies such as Mastercard and Visa have said that WikiLeaks failed to comply with their terms and conditions. Activists feel that these companies have in fact bowed to anti-WikiLeaks pressure.

The LOIC bot tool, through which distributed denial-of-service (DDoS) attacks are carried out, has been downloaded more than 31,000 times. DoS attacks have been an offence since 2006, under the Computer Misuse Act 1990, as is supplying or obtaining a programme for use in such an attack. But this does not necessarily deter participants. As well as causing business interruption, DDoS attacks can result in serious data security problems – see the example of ACS:Law.

In the past, conventional wisdom might suggest disassociating yourself from such a controversial enterprise as WikiLeaks. But with collective movements taking advantage of strength and relative anonymity in numbers online, will companies now consider the wider picture before acting – or just get better protection?

Posted by Oliver Sweeney, who specialises in regulatory matters; including compliance, representation e.g. company prosecutions and public inquiries; transport issues; commercial litigation, including reputation management, contractual litigation and injunctions.

Oliver Sweeney

Oliver Sweeney
0115 976 6247
osweeney@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 9.0/10 (1 vote cast)

Tags: , , ,
Posted in Advertising & Marketing, Brands, Data Protection, Intellectual Property | No Comments »

Information Commissioner fines public and private sector alike

Wednesday, December 1st, 2010

From April this year the Information Commissioner (IC) was given new powers to serve monetary penalty notices (up to a maximum of £500,000) on data controllers for breach of the data protection principles.

Last week saw the IC exercising its new power for the first time – twice in fact, in the same week. The first (for £100,000) was issued to Hertfordshire County Council for faxing highly sensitive personal information in relation to child sex abuse cases to the wrong recipients. The second (for £60,000) was issued to employment services company A4e for the loss of an encrypted laptop containing sensitive information concerning 24,000 people.

Clearly these two cases suggest that the IC is prepared to use its power against both private and public sector organisations. The maximum of £500,000 has not been reached (even for a disclosure of very sensitive data in respect of child abuse) but I suspect it will not be long before we see a penalty up to the maximum limit.

Posted by Sara McNeill, who specialises in non-contentious intellectual property matters, including licensing, franchise, collaboration and development arrangements and IP audits and strategy; experienced in drafting and advising on commercial agreements.

Sara McNeill

Sara McNeill
0121 237 3930
smcneill@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 10.0/10 (2 votes cast)

Tags: , ,
Posted in Data Protection | No Comments »

Data protection seventh principle – skip it at your peril

Wednesday, August 25th, 2010

DSG Retail Limited has been found in breach of the Data Protection Act after discovery of customers’ credit agreements in a skip at one of its PC World Stores.

DSG’s Chief Executive, John Browett, has given a formal undertaking to the Information Commissioner’s Office agreeing to change DSG’s procedures to ensure that this doesn’t happen again.

Whilst the breach of the Data Protection Act has caused bad press, DSG Group can consider itself  lucky that the personal information contained in the credit agreements were not used by criminals – if they had been, DSG would have been on the wrong side of a £500,000 fine from the Information Commissioner as well as likely damages claims from the individuals concerned.

The case highlights the need for all organisations to comply with the Data Protection Act and, in particular, the ‘seventh data protection principle’ which requires that organisations have appropriate measures in place to guard against accidental loss of, destruction of or theft of personal information.

Posted by Simon White
0115 976 6532
swhite@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 2.0/10 (1 vote cast)

Tags: , ,
Posted in Data Protection | No Comments »

Fines for Data Protection Breaches Are Coming

Monday, April 19th, 2010

The Information Commissioner has new powers to fine organisations up to £500,000 for breaches of the Data Protection Act that take place after 6 April. 

Fines can only be imposed if a breach is serious and likely to cause substantial damage or distress. Also, only deliberate breaches or breaches where reasonable steps to prevent a foreseeable breach were not taken are covered. 

The example of a ‘serious’ breach given in the Information Commissioner’s guidance is the loss of medical records during a move.

The Information Commissioner has said that he will “not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law”, and the next company or government department who hit the headlines for losing information should expect to be hit with a punitive fine as well as bad publicity.

Giles Parsons

Posted by Giles Parsons
0121 237 4557
gparsons@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 0.0/10 (0 votes cast)

Tags: , ,
Posted in Data Protection, Intellectual Property | No Comments »

Tory Technology Treaty

Friday, March 19th, 2010

The campaigning has started by all the major parties, and anything said at this stage before an election is to be taken with a pinch of salt, but there are likely to be a fair few people whose attention might have been caught by the Conservative Technology Manifesto not least, anyone involved in public sector IT projects (as supplier or customer) any vendors of open source software, makers of smart meters and/or with an interest in data protection.

The document is a short one and, as with any pre-election material, has some positive suggestions in generic terms – an end to wasteful IT projects, a “right to data” policy and greater openness in most areas of public sector life, including publishing online all spending over £500 by local governments.

What might surprise some IT companies that contract with the public sector at the moment however, whatever their political persuasion, is the suggestion that contracts with local authorities that exceed certain thresholds (£500 for local authorities, £25,000 for central government and Quangos) will also be published “in full” – including in particular all performance indicators, break clauses and penalty measures. It’s a brave step and one that might highlight contracts that are overly favourable to suppliers and where the public sector is being unfairly penalised.

On the other hand – from the supplier’s perspective this raises issues of its own – “if you (large IT supplier) can provide those services and meet those service levels for that cost for the public sector, then why not for me, your prospective private sector customer?” There is a risk that too much transparency could mean public sector customers no longer get a better deal than the market.

And what about contracts provided by named “Key personnel” – will these individuals earn a celebrity of their own through contracts published online, or will data protection concerns override requirements in future legislation? Certainly the 35,000 most senior civil servants whose salaries are also required to be published online may have something to say if they can be identified from this information.

However this manifesto plays out, if, as currently predicted the conservatives are likely to be the next government, there are likely to be a few lively debates with the Office of the Information Commissioner before this manifesto becomes law.

Richard Nicholas

Posted by Richard Nicholas
0121 237 3992
rnicholas@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 0.0/10 (0 votes cast)

Tags: , , ,
Posted in Data Protection, IT Contracts, Public Sector | 1 Comment »

T-Mobile staff sold personal data

Friday, November 20th, 2009

On Wednesday it was reported that staff working at T-Mobile had passed on details of thousands of their customers to third party brokers. The brokers sold data about customer’s renewal dates to other phone firms, so that they could cold call the customers prior to the expiry of their existing contracts with T-Mobile.

T-Mobile said that data had been sold without their knowledge, and they had worked with the Information Commissioner to identify the source of the breach. The Information Commissioner is preparing a prosecution against those responsible.

The story is the latest in a line of high profile cases involving the illegitimate sale of personal information, and public concern about the use of the large amount of personal data kept by organisations is running high.

However the value of selling personal data would seem to outweigh the risk of being caught and punished at present. The current maximum penalty under the Data Protection Act is a fine of £5,000.

How highly should this type of information be valued? Would the threat of a higher fine or a prison sentence deter such activity?

Fiona Carter

Posted by Fiona Carter
0115 976 6224
fcarter@brownejacobson.com

VN:F [1.9.15_1155]
Rating: 0.0/10 (0 votes cast)

Tags: ,
Posted in Advertising & Marketing, Data Protection | 1 Comment »