Slashdot Mirror
Data Protection in the UK?
Graham Moore asks: "I am getting really concerned about where my personal information goes nowadays. In the last two weeks I have read two news articles here in the UK that talk about call centers and other agencies being set up in India that will transparently deal with customers from the UK (see the this article from The Register). On the UK mainland we have the Data Protection Act to fall back on if we believe the data is knowingly being misused or we wish to see what is stored about us. I suspect that once off of the UK mainland our details can be used or abused unhindered. I have contacted my MP, Melanie Johnson, who is also the Minister for Consumer Affairs, and have not yet had a response. Am I worrying about this unnecessarily or should we all start to get very concerned?"
If i've read this right, then a company with an office in the UK that is using offshore call centers with out telling you, especially if they get their call center staff to lie about their location, will either be guilty of a breach of the Data Protection act or fraud.
If the call is advertised as ending overseas then I don't think there is much you can do about it.
Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
Perhaps the answer here is this: Make Palladium/TCPA mandatory--but also make individual's personal information subject to the same sort of DRM. If I apply for credit, for example, the information I submit should be unable to be copied, forwarded, printed, or viewed except as I authorise. Similarly, my medical records at the hospital should be unable to be forwarded to anyone except the portions I designated that my insurer would have access to.
There's no dichotomy there. The root of both issues is that a person has the right to control their own property. If I go buy the latest Crap Band(TM) CD, that is now my property, and so I should really be able to do whatever I wish with it. Similarly, my own personal information is my own property unless I sell it to someone else. My doing business with someone does not give them the right to sell my personal information, much like I am not allowed to make thousands of copies of that Crap Band CD and sell them.
Another issue is the fact that there is no reason I should have to purchase a CD without having been able to listen to it beforehand to determine whether or not it's worth the price, especially since it cannot be returned or exchanged for another one after being purchased. But that doesn't really have anything to do with your suggestion.
Your suggestion about applying DRM-style limitations to consumer personal data is an interesting idea, however the notion that Palladium would aid us is rather disturbing, and I have a hard time even rationalizing it.
Hate to break this to you, but the practice of having the call routed
to some foreign country is already common in the UK (Yes, I live in
the UK) and has been for years.
I called Iomega technical support a few years ago to get a free
replacement when one of my ZIP disks died. The telephone number I
dialed was a UK one, so I was quite surprised when I found the person
who answered had a very strong German accent. I asked where she was,
and she told me the call centre she was working in was in Ireland!
Now I know in this case the call wasn't going very far from the UK,
but it just as easily could have been. As for what this means for data
protection law, I couldn't even guess. IANAL.