• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency

Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance

Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records

Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation

Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Data Protection

No Halt to the Sharing of Medical Records

Posted on by Dan Nesbitt Posted in Data Protection, Databases, NHS | 4 Comments

iStock_000016822421MediumDespite uncovering thousands of cases of patient information being wrongly disclosed to third parties a recent review into the sharing of medical records with private sector companies endorses the practice.

The Daily Telegraph reports that the review, conducted by Sir Nick Partridge found that “tens of thousands of records were wrongly passed to third parties”. However Sir Nick argued that the proper checks and balances were now in place.

This is not the first time questions have been raised about the NHS’ ability to keep patient data secure. Earlier this month Big Brother Watch published NHS Data Breaches, a report into the subject (PDF). It found that data security is an ongoing problem, over the last four years patient confidentiality had been breached at least 7,255 times.

The major issue to be resolved is the level of deterrent the Data Protection Act 1998 poses to individuals who are intent on breaking its provisions. Currently the courts can only hand down a fine to those guilty of maliciously breaching the terms of the Act.

Read more

EU DNA Database Back on the Agenda

Posted on by Dan Nesbitt Posted in Data Protection, Databases, DNA database, Europe, International | 1 Comment

dna-3Following Monday night’s confused debate on EU Justice and Home Affairs powers it has been revealed that the Government is embarking upon a scheme that would give European states limited access to the UK DNA database and potentially pave the way to a linking of the UK and EU databases.

This is a worrying development, made more so by the fact that, as the Financial Times reported, the move seems to have been made to appease certain member states who were concerned about the UK’s withdrawal from other EU police schemes.

It is disappointing that after sticking to their promise to stay out of the wider Prüm Convention, the Government seems to be getting close to implementing it in all but name, prioritising the wishes of other states over the safety of its own citizens.

Read more

Lib Dems set out their (draft) 2015 general election Civil Liberties Pledges

Posted on by Dan Nesbitt Posted in Civil Liberties, Data Protection, Surveillance | 2 Comments

http://www.libdems.org.uk/The Lib Dems have well and truly kicked off the next election cycle with the publication of their pre-manifesto (PDF); essentially a draft of what will become their manifesto in 2015.

The document contains a number of pledges on civil liberties, including:

  • The introduction of a new Freedoms Bill to protect the public from state intrusion and extend access to information.
  • Passing a Digital Bill of Rights, to protect people from “unacceptable intrusion” by organisations and give them more control of their data.
  • Identifying alternatives to secret courts.
  • Supporting net neutrality and the freedom of the internet.
  • Ensuring the proper oversight of our security services.
  • Safeguards for stop and search will also be improved, this will include tighter guidance and mandatory body-worn cameras for officers deployed with Section 60 stop and search powers.

The idea of a new Freedoms Bill is encouraging; the Protection of Freedoms Act 2012 introduced some real improvements. It is necessary that any new Bill continues on these lines and extends safeguards to protect members of the public from unwarranted and excessive state surveillance. Key to this is the expansion of judicial authorisation for surveillance warrants, for more details on how this can be achieved please read our paper on the subject: Enhancing surveillance transparency: A UK policy framework (PDF).

The idea of a Digital Bill of Rights is something that Big Brother Watch has supported for some time. It is vital that the personal data of members of the public is given greater protection, something that a Bill of this kind has the potential to do. It is also clear that the free and neutral nature of the internet is under threat by both government institutions and private companies. If this continues, other countries around the world have threatened policies that would lead to the “Balkanisation” of the Internet, wherein countries no longer trust each other and set about carving the web into separate national internets. Any proposals should aim to reflect Sir Tim Berners-Lee’s call to safeguard the principle that the internet should be an “open, neutral” system.

Read more

Another Day another Data Breach

Posted on by Dan Nesbitt Posted in Data Protection, Databases, Medical Records, NHS, Privacy | 1 Comment

3797160719_337b4742e7_bIn what is becoming an ever more regular occurrence for the NHS, it has been reported that the East Midlands Ambulance Service has lost a disk containing the notes of 42,000 patients’ who had been treated by paramedics in the last few months.

This incident once again underlines the dangers of organisations holding increasing amounts of personal information about individuals both electronically or in paper format. It seems obvious that the greater the amount of information that is held in one place, the more likely it is to go missing, either by accident or as the result of a deliberate breach. Indeed, just last week Kent Social Care Professionals unintentionally sent out an email containing the names, addresses and phone numbers of 120 elderly and vulnerable individuals to nearly 200 people.

Accidental leaks such as this make the need for proper data protection training amongst staff painfully apparent. If an organisation knows that it is going to hold large amounts of personal information, about staff or customers, it should ensure that its employees know their responsibilities under the Data Protection Act 1998 (DPA). Of course this cannot help to stop those who wish to purposely breach data protection law. This can only be achieved by improving the sanctions that are available to punish those who seek to misuse personal information.

Read more

Another Group backs the end of the Edited Register

Posted on by Dan Nesbitt Posted in Councils, Data Protection, Databases, Marketing, Privacy | 3 Comments

mail_splashThe Edited Electoral Register (EER) has come under fire in the past few weeks, with a series of reports indicating that the Register is proving to be more trouble than it is worth.  To add fuel to the fire,  the Local Government Association (LGA) has called for the sale of the EER to be stopped and the register itself to be scrapped.

Councillor Peter Fleming, Chair of the LGA’s Improvement Board  has hit the nail on the head with what is wrong with the EER, arguing that  councils resent having to pass “the electoral roll onto direct marketing companies”, continuing that “it demeans our democracy for the voters’ details to be sold off to help direct marketing companies make money.”

Indeed, one of the main problems with the EER is that it is of benefit to no one but the very marketing companies that purchase the data. In fact it is especially troublesome for residents who find themselves being deluged with junk mail due to their councils being forced to sell it on.

Read more

Traffic Enforcement: Over-Zealous and Heavy-Handed

Posted on by Dan Nesbitt Posted in ANPR, CCTV, CCTV cars, Councils, Data Protection, Databases | 3 Comments

Image20A single case has managed to combine all that is worrying about the way in which local councils carry out traffic enforcement. The story, reported in the Daily Mail, showed that after being caught on CCTV a driver was subsequently tracked down by bailiffs using a combination of mobile Automatic Number Plate Recognition (ANPR) and their access to the DVLA database.

The use of CCTV for handing out traffic fines is something that has raised concerns from a number of sources, for example Eric Pickles, Secretary of State for Communities and Local Government, who accused councils of “bending the law as a means of filling their coffers with taxpayers’ cash.”  The Surveillance Camera Commissioner (SCC) also published guidance on this practice, stating that cameras should only be used “when other means of enforcement are not practical”.

Research by Big Brother Watch (PDF) has highlighted that the use of static CCTV to tackle parking and traffic violations has proved lucrative for local councils, bringing in over £179m in 5 years. This reinforces Eric Pickles’ concerns that CCTV cameras are in fact being used to raise revenues, rather than actually improve traffic conditions.

Read more

New guidance only shows the problems of surveillance oversight. Where are the solutions?

Posted on by Dan Nesbitt Posted in Civil Liberties, Data Protection, Information Commissioner, RIPA, Surveillance | Leave a comment

iStock_000016822421MediumFinally clarifying what was already widely accepted, a publication by the Information Commissioner’s Office (ICO) has confirmed that surveillance legislation is “complex”. “Surveillance Road Map” (PDF) seeks to set out the responsibilities of each body tasked with overseeing the laws that govern surveillance as well as highlighting some of their overlapping functions.

One of the aims of the guidance is to show members of the public “the avenues available to challenge or complain about any alleged breach of surveillance legislation”. Whilst this is a laudable aim it misses the real problem: that in too many cases roles are unnecessarily duplicated.

One prime example is of the Surveillance Camera Commissioner (SCC) and the ICO. The guidance states that the two bodies’ CCTV Codes of Practice “dovetail”; in fact they repeat each other. There is no reason for both bodies to be responsible for CCTV oversight. As the document points out the SCC has no “complaints handling or enforcement function”. Action should be taken to rectify this, as a result the SCC could be made responsible for a single, enforceable Code of Practice and the ICO would be able to focus more attention on its other functions.

Read more

Yet another Government Database Mooted

Posted on by Dan Nesbitt Posted in Data Protection, Databases, Information Commissioner | 1 Comment

serversEven plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.

Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.

At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.

Read more

Almost 3000 NHS staff’s Equality and Diversity Information Accidently Published

Posted on by Emma Carr Posted in Data Protection | 3 Comments

3797160719_337b4742e7_bSouth Central Ambulance Service has found itself on the wrong side of the Information Commissioner’s Office (ICO) after it accidentally published the Equality and Diversity information of members of staff on its website. What’s worse is that the Trust was alerted to the data breach by the ICO, rather than by someone in the Trust itself.

We have previously warned about the serious data breaches that can occur in the NHS, with our report highlighting more than 806 separate incidents where medical records were compromised. This incident shows that patients aren’t the only ones at risk of a having their data compromised by the NHS.

The ICO found that the Trust had published 2825 current and former members of staff’s personal details on its website, with information including  the individual’s name, job and work location, nationality, marital status, age, gender, ethnic origin, disability, religious belief and sexual orientation.

Read more

Calls for urgent review of Met Police’s security measures following 300 data breaches

Posted on by Emma Carr Posted in Data Protection, Police | Leave a comment

filesAn investigation by the Press Association has revealed 300 serious data breaches in the Metropolitan Police Service (MPS), including information being passed on or sold to journalists.  These revelations are likely to have a direct impact on the level of trust between the public and police, so it is essential that MPS now launches an urgent review into the security measures used for confidential and sensitive information.

With increasing amounts of information being collected by police forces, these data breaches make it clear that there is simply not enough has been done to ensure it is protected. The information held on police computers is of huge significance and for details to be disclosed, maliciously accessed or lost is completely unacceptable.

The 300 breaches, which cover a five year period, and range from minor rule-breaks on social media to serious allegations of misconduct leading to arrests. The instances include:

Read more

1 2 3 4 5 6 7 8 9 10   Next »