• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency


Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance


Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records


Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation


Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Data Protection

Yet another Government Database Mooted

Posted on by Dan Nesbitt Posted in Data Protection, Databases, Information Commissioner | 1 Comment

serversEven plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.

Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.

At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.

Read more

Almost 3000 NHS staff’s Equality and Diversity Information Accidently Published

Posted on by Emma Carr Posted in Data Protection | 3 Comments

3797160719_337b4742e7_bSouth Central Ambulance Service has found itself on the wrong side of the Information Commissioner’s Office (ICO) after it accidentally published the Equality and Diversity information of members of staff on its website. What’s worse is that the Trust was alerted to the data breach by the ICO, rather than by someone in the Trust itself.

We have previously warned about the serious data breaches that can occur in the NHS, with our report highlighting more than 806 separate incidents where medical records were compromised. This incident shows that patients aren’t the only ones at risk of a having their data compromised by the NHS.

The ICO found that the Trust had published 2825 current and former members of staff’s personal details on its website, with information including  the individual’s name, job and work location, nationality, marital status, age, gender, ethnic origin, disability, religious belief and sexual orientation.

Read more

Calls for urgent review of Met Police’s security measures following 300 data breaches

Posted on by Emma Carr Posted in Data Protection, Police | Leave a comment

filesAn investigation by the Press Association has revealed 300 serious data breaches in the Metropolitan Police Service (MPS), including information being passed on or sold to journalists.  These revelations are likely to have a direct impact on the level of trust between the public and police, so it is essential that MPS now launches an urgent review into the security measures used for confidential and sensitive information.

With increasing amounts of information being collected by police forces, these data breaches make it clear that there is simply not enough has been done to ensure it is protected. The information held on police computers is of huge significance and for details to be disclosed, maliciously accessed or lost is completely unacceptable.

The 300 breaches, which cover a five year period, and range from minor rule-breaks on social media to serious allegations of misconduct leading to arrests. The instances include:

Read more

Police staff forced to quit after snooping on familes and lovers

Posted on by Emma Carr Posted in Data Protection, Databases, Police | 2 Comments

keyboardFrom passing on incorrect information to snooping on friends, a number of shocking data protection breaches in police forces have been uncovered. With hundreds of incidents every year it is time to start asking whether it is too easy for police databases to be abused to snoop on innocent people.

Big Brother Watch has long been concerned about the number of data breaches occurring within police forces. In 2011, we published the report ‘Police Databases: How More Than 900 Staff Abused Their Access’. The report highlighted a shocking number of data protection breaches and the subsequent limited number of punishments that were handed out. We also commented on the recent case of a police officer being charged with stealing thousands of accident victims’ details from her police force’s computer to sell to law firms.

Read more

Patients remain ill-informed about changes to medical records

Posted on by Emma Carr Posted in Data Protection, Medical Records, NHS | 6 Comments

3797160719_337b4742e7_bLast week we wrote about the leaflet that every household will be receiving from NHS England detailing serious changes to the way our medical records are shared. We warned that such a lacklustre scheme to inform the public is arguably illegal under data protection law and goes against the Government’s commitment to give patients control over their medical records.

Today, the British Heart Foundation, Arthritis Research UK, Cancer Research UK, Diabetes UK, the Academy of Medical Sciences, the Medical Research Council and the Wellcome Trust have launched an advertising campaign encouraging people not to opt out of the initiative.

Quite simply, patients should not be forced, or feel pressured, to take part in a scheme that involved sharing details contained in their medical records. Especially at a time when NHS England has failed to properly inform patients about how medical records will be shared and which organisations will be able to see them.

Read more

Police database abused by officers

Posted on by Emma Carr Posted in Data Protection, Information Commissioner, Police, Privacy | 7 Comments

keyboardWe are barely into 2014, yet we are faced with yet another serious data protection breach concerning a public sector computer. On this occasion, a police officer has been charged with stealing thousands of accident victims’ details from her police force’s computer and selling them to law firms

This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.

A court has heard that Sugra Hanif accessed Thames Valley Police’s command and control computer to note down the personal details of members of the public involved in road traffic accidents, including the unique reference number each incident was given.

Read more

NHS England’s wholly inadequate leaflet drop

Posted on by Emma Carr Posted in Data Protection, Databases, Medical Records, NHS | 6 Comments

3797160719_337b4742e7_bWhen you check your letterbox for mail this morning, make sure you take a second glance because you might just miss a leaflet from NHS England detailing serious changes to the way our medical records are shared.

Last year we campaigned to ensure that patients have the right to opt-out of these changes, however, despite this victory for patient privacy, NHS England has taken the decision that if patients do wish to opt-out of sharing their medical records then they must visit their GP to do so. Given GPs are already very busy, people should not have to see their GP to opt-out of the system. It should be possible to opt-out online or over the phone, and people who opted out of previous NHS IT projects, such as the Summary Care Records, should have their choice carried over for this system.

Read more

The punishment doesnt fit the crime when privacy is violated

Posted on by Emma Carr Posted in Data Protection, Information Commissioner | 2 Comments

keyboardPrivate Investigators who tricked companies and public services into handing over personal information have been found guilty of breaking data protection laws. Yet, despite committing thousands of offences in a single year, the individuals will only face a relatively small fine.

This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.  In this case, the court heard that nearly 2000 offences were committed between April 1 2009 and May 12 2010 by investigators working for ICU Investigations Ltd, whose clients include Allianz Insurance Plc, Hove Council, Leeds Building Society and Dee Valley Water.

Currently, unlawfully obtaining personal data is punishable by a fine of up to £5000 in a magistrate’s court, or an unlimited fine at a crown court. Many people will be shocked to learn that people who have been caught illegally accessing other people’s medical records and personal information will face such minimal penalties. We have consistently warned about the vulnerability of our personal information and we support the ICO in wanting to see stiffer penalties introduced for section 55 breaches.

Read more

Ideas to start the debate and reform surveillance

Posted on by Big Brother Watch Posted in CCDP, Civil Liberties, Communications Data Bill, Data Protection, Databases, Europe, International, Internet freedom, Mastering the Internet, Online privacy, PRISM, RIPA, Surveillance, Terrorism Legislation, United States | 1 Comment

Dear Prime Minister,

cc Deputy Prime Minister; Chair – ISC;  Chair – Home Affairs committee; Chair – Joint Committee on the Draft Communications Data Bill; Chair – LIBE Committee of the European Parliament; Chair – Joint Committee on Human Rights;

Yesterday you said that you would be happy to listen to ideas to improve the oversight and operation of safeguards concerning our intelligence agencies.

This is an extremely welcome and timely intervention, and an offer that we would like to take up enthusiastically.

Below are just a few of the well-established proposals to improve the operation, scrutiny and safeguards of surveillance powers.

-       Commission independent, post-legislative scrutiny of the Regulation of Investigative Powers Act 2000 and the Intelligence Services Act 1994, legislation that covers much internet surveillance but was written years before Facebook existed and when few households had internet access. If Parliament intends to allow the collection of data from every internet communication, it should expressly say so in primary legislation, covering both metadata and content

-       Publish, as the US Government has done, legal opinions that are used to underpin the ongoing surveillance framework

-       Allow the Intelligence and Security Committee to report to Parliament, and be chaired by an opposition MP, as called for by Lord King. It should also be able to employ technical experts to assist its work.

-       Publish the budget and investigatory capacity of the ISC, Interception of Communications Commissioner and Surveillance Commissioners

-       Reform the Investigatory Powers Tribunal so there is a presumption its hearings are held publicly, that it should state reasons for reaching its decisions and that its judgements can be appealed in court

-       End the need for Secretaries of State to approve appearances of the heads of agencies before Parliamentary committees, and allow agency and service heads to give evidence in public where appropriate

-       Establish an independent body to review the work of the agencies, as President Obama has done with the Privacy and Civil Liberties Oversight Board, and ensure it has staff with relevant technical expertise

-       Lift any legal restrictions on British companies from publishing transparency reports about surveillance requests

-       Publish details of the use of surveillance powers broken down by agency, as opposed to the single UK figure currently published, including the scale of international intelligence sharing

-       Enhance whistleblower protection for those who wish to come forward from within the services

We would be delighted to meet with you or members of your Government to discuss these issues. At a time when the internet is an inescapable part of daily life, the modern economy and the delivery of public services, it is surely paramount that the laws that govern surveillance are fit for a digital age, and that the safeguards that operate are robust, properly resourced and can command public confidence.

Yours sincerely,

Anne Jellema, Chief Executive Officer, World Wide Web Foundation

Jim Killock, Executive Director, Open Rights Group

Gus Hosein, Executive Director, Privacy International

Guy Herbert, General Secretary, No2ID

Nick Pickles, Director, Big Brother Watch

Professor Peter Sommer

Ross Anderson, Professor of Security Engineering, Cambridge

Caspar Bowden, Independent privacy researcher

Douwe Korff, Professor of International Law, London Metropolitan University

Judith Rauhofer, University of Edinburgh

Duncan Campbell, Investigative journalist and author of European Parliament report on Echelon

GCHQ faces legal action over mass surveillance

Posted on by Big Brother Watch Posted in CCDP, Civil Liberties, Communications Data Bill, Data Protection, Europe, Featured, International, Internet freedom, Legal Action | 16 Comments

Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens.

We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy agency has acted illegally.

A dedicated website – Privacy not Prism – has been set up to fund the legal action.

The laws governing how internet data is accessed were written when barely anyone had broadband access and were intended to cover old fashioned copper telephone lines. Parliament did not envisage or intend those laws to permit scooping up details of every communication we send, including content, so it’s absolutely right that GCHQ is held accountable in the courts for its actions.

These concerns have also been raised by Parliament’s Intelligence and Security Committee, who questioned if the legal framework is adequate.

When details recently emerged in the media about the Prism and Tempora programmes, codenames for previously secret online surveillance operations, it was revealed that GCHQ has the capacity to collect more than 21 petabytes of data a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours. The disclosures have raised serious parliamentary concerns both in Britain and at the EU level.

Deighton Pierce Glynn solicitors represent the applicants, instructing Helen Mountfield QC of Matrix Chambers and Tom Hickman and Ravi Mehta of Blackstone Chambers.

 

1 2 3 4 5 6 7 8 9 10   Next »