• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency


Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance


Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records


Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation


Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Information Commissioner

New guidance only shows the problems of surveillance oversight. Where are the solutions?

Posted on by Dan Nesbitt Posted in Civil Liberties, Data Protection, Information Commissioner, RIPA, Surveillance | Leave a comment

iStock_000016822421MediumFinally clarifying what was already widely accepted, a publication by the Information Commissioner’s Office (ICO) has confirmed that surveillance legislation is “complex”. “Surveillance Road Map” (PDF) seeks to set out the responsibilities of each body tasked with overseeing the laws that govern surveillance as well as highlighting some of their overlapping functions.

One of the aims of the guidance is to show members of the public “the avenues available to challenge or complain about any alleged breach of surveillance legislation”. Whilst this is a laudable aim it misses the real problem: that in too many cases roles are unnecessarily duplicated.

One prime example is of the Surveillance Camera Commissioner (SCC) and the ICO. The guidance states that the two bodies’ CCTV Codes of Practice “dovetail”; in fact they repeat each other. There is no reason for both bodies to be responsible for CCTV oversight. As the document points out the SCC has no “complaints handling or enforcement function”. Action should be taken to rectify this, as a result the SCC could be made responsible for a single, enforceable Code of Practice and the ICO would be able to focus more attention on its other functions.

Read more

Yet another Government Database Mooted

Posted on by Dan Nesbitt Posted in Data Protection, Databases, Information Commissioner | 1 Comment

serversEven plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.

Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.

At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.

Read more

When patient privacy and google collide

Posted on by Big Brother Watch Posted in Google, Information Commissioner, Privacy | 6 Comments

Clearly when data is held by a third party, a dna-3different set of risks exist – from concerns about foreign Government access to the use of the data by the third party for other purposes. Patients appreciate their information will be held by the NHS but do they think it will end up on a server in California run by companies who base their business model on knowing more about people? That is perhaps what is most troubling about the revelation that PA Consulting uploaded the entire NHS England hospital patient database was uploaded it to Google.

The point was highlighted by Sarah Wollaston MP, a member of the Health Select Committee, who tweeted: “So HES [hospital episode statistics] data uploaded to ‘google’s immense army of servers’, who consented to that?”

Read more

Care.data delay is not the end of the issue

Posted on by Big Brother Watch Posted in Databases, Information Commissioner, NHS | 7 Comments

Times_caredataIn a campaign victory for Big Brother Watch, medconfidential and others, the care.data scheme has been delayed for six months.

This is not the end of the issue. We have significant ongoing concerns regarding the care.data scheme, both in terms of how patients have been told about what is happening and the long term privacy implications of creating a new database and releasing data that could be used to re-identify patients.

We welcome the fact that NHS England has recognised its efforts to communicate the scheme have been inadequate, something we have repeatedly warned about, not least the use of a junk mail leaflet to households that did not mention any of the risks involved.

Simply, however, NHS England had one job – to ensure patients and GPs were properly aware of the scheme and could make an informed choice about participation. Despite more than a year to achieve this, they have totally failed to do so. NHS England has serious questions to ask about its strategy that has tried to railroad through a significant change in how our medical records are used.

Read more

Care.data – rhetoric is easy but the reality is not so simple

Posted on by Big Brother Watch Posted in Databases, Information Commissioner, Medical Records, NHS | 2 Comments

3797160719_337b4742e7_bToday two articles have appeared on care.data, with are worthy of a few comments.

Firstly, George Freeman MP writes in the Telegraph:

“We must do everything to ensure a robust regime that will protect data from hacking and from any potential misuse. But at the same time, we must not block life-saving advances.”

As we have repeatedly pointed out, the Data Protection Regime is woefully inadequate and those who committ a criminal offence under Section 55 of the DPA cannot be sent to prison, merely fined. Mr Freeman does not suggest this should change, as we have repeatedly called for.

Equally, Mr Freeman writes: “we need to move health from being something done to you by government to something citizens take responsibility for themselves”

Interestingly, Mr Freeman also has his own legislation on this topic – the Patient Data Bill. The first two principles the bill states are:

(2) The Ownership Principle is that patients own their medical data.
(3) The Control Principle is that patients have the right to access their medical data and to control its use (including the right to share it for research or other purposes).

Yet care.data does neither of those things – quite the opposite. If you believe in people controlling their records, pulling them into a central database purely on the back of a junk mailing is hardly making patient ownership and control a reality.

Read more

Paper on security and privacy for the ISC

Posted on by Big Brother Watch Posted in CCDP, Civil Liberties, Communications Data Bill, Databases, GCHQ, Information Commissioner, Legal Action, Mastering the Internet, Online privacy, Technology, Terrorism Legislation, United States | Leave a comment

Big Brother Watch was invited to submit a paper to the Intelligence and Security Committee of Parliament, relating to it’s inquiry into the balance between security and privacy.BNUARLICcAAiyCZ.jpg large

You can now read our submission below.

EXECUTIVE SUMMARY

In a Democratic society, some secrecy is tolerated, as are some intrusions upon liberty and privacy, provided the legal framework is transparency, the oversight mechanisms robust and the overall sacrifices of liberty made with an appropriate level of understanding.

Recent revelations have made clear the scale of intrusion on our privacy in the name of security, enabled by an explosion in digital communications and the computing resources available to the state.

Ministers have assured the public no central database of internet communications would be created. We now know it existed already. Parliament and the public were not informed by Ministers, the Intelligence and Security Committee or the Commissioners.

Read more

The new NHS database : safe or not?

Posted on by Big Brother Watch Posted in Information Commissioner, Medical Records, NHS, Privacy | 3 Comments

dna-2We have warned for many months that the new NHS database is deeply flawed. Not only does it centralise data into what cyber-security experts call a ‘honeypot’ it also puts at risk patient privacy, both from abuse and also later re-identification.

We’ve highlighted how patients still don’t know what is going on, and remain convinced that a national leaflet drop is simply inadequate to ensure people know about a fundamental change to how their medical records are used.

However, it seems the NHS is equally confused about the risks. Compare and contrast:

February 2, 2013: Tim Kelsey, national director for patients and information at the NHS Commissioning Board, said that data sharing was vital for improving the NHS: “This does not put patient confidentiality at any risk. Data quality in the NHS needs to improve: it is no longer acceptable that at a given moment no one can be sure exactly how many patients are currently receiving chemotherapy, for example.”

And today: Mark Davies, the centre’s public assurance director, told the Guardian there was a “small risk” certain patients could be “re-identified” because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the “pseudonymised” records. “You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk,” he said.

So is there risk or not?

If you would like to opt-out, you can use the form here. Let us know if you have any problems or feedback from your GP.

Police database abused by officers

Posted on by Emma Carr Posted in Data Protection, Information Commissioner, Police, Privacy | 7 Comments

keyboardWe are barely into 2014, yet we are faced with yet another serious data protection breach concerning a public sector computer. On this occasion, a police officer has been charged with stealing thousands of accident victims’ details from her police force’s computer and selling them to law firms

This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.

A court has heard that Sugra Hanif accessed Thames Valley Police’s command and control computer to note down the personal details of members of the public involved in road traffic accidents, including the unique reference number each incident was given.

Read more

The punishment doesnt fit the crime when privacy is violated

Posted on by Emma Carr Posted in Data Protection, Information Commissioner | 2 Comments

keyboardPrivate Investigators who tricked companies and public services into handing over personal information have been found guilty of breaking data protection laws. Yet, despite committing thousands of offences in a single year, the individuals will only face a relatively small fine.

This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.  In this case, the court heard that nearly 2000 offences were committed between April 1 2009 and May 12 2010 by investigators working for ICU Investigations Ltd, whose clients include Allianz Insurance Plc, Hove Council, Leeds Building Society and Dee Valley Water.

Currently, unlawfully obtaining personal data is punishable by a fine of up to £5000 in a magistrate’s court, or an unlimited fine at a crown court. Many people will be shocked to learn that people who have been caught illegally accessing other people’s medical records and personal information will face such minimal penalties. We have consistently warned about the vulnerability of our personal information and we support the ICO in wanting to see stiffer penalties introduced for section 55 breaches.

Read more

Committee widens inquiry into surveillance laws

Posted on by Big Brother Watch Posted in Communications Data Bill, Information Commissioner, Legal Action, Surveillance, Technology, Terrorism Legislation | 2 Comments

5946829399_e633991652_oThe Intelligence and Security Committee (ISC) has announced plans to broaden its investigation into whether the laws on digital surveillance and communications are adequate in the internet age.

This is a welcome step forward given the widespread concern that Britain’s surveillance laws are not fit for purpose, having been written before Facebook existed and when few people had internet access. However, such a debate cannot be allowed to take place behind closed doors and without pressing questions being asked about the legal justification for what we know to be already happening at GCHQ and elsewhere.

Indeed, this is the basis of our legal argument filed as part of the Privacy not Prism campaign – that Britain’s legal framework is not adequate and the surveillance being undertaken is neither necessary nor proportionate.

Read more

1 2 3 4 5 6 7 8   Next »