Slashdot Mirror
Data Protection in the UK?
Graham Moore asks: "I am getting really concerned about where my personal information goes nowadays. In the last two weeks I have read two news articles here in the UK that talk about call centers and other agencies being set up in India that will transparently deal with customers from the UK (see the this article from The Register). On the UK mainland we have the Data Protection Act to fall back on if we believe the data is knowingly being misused or we wish to see what is stored about us. I suspect that once off of the UK mainland our details can be used or abused unhindered. I have contacted my MP, Melanie Johnson, who is also the Minister for Consumer Affairs, and have not yet had a response. Am I worrying about this unnecessarily or should we all start to get very concerned?"
Damn there goes my Karma.
...And when they came for me, there was no one left to speak out for me." - Martin Niemoeller (1892-1984)
I read this article about the EU stroing arming US companies to comply with EU privacy guidelines. I can't believe this wouldn't be the case for India as well.
A lot of US companies were upset about this, as was the federal government, but I think the US ended up enacting laws that mirror the EU to ease tensions. Anyone has info on this?
A speech...
If i've read this right, then a company with an office in the UK that is using offshore call centers with out telling you, especially if they get their call center staff to lie about their location, will either be guilty of a breach of the Data Protection act or fraud.
If the call is advertised as ending overseas then I don't think there is much you can do about it.
Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
IANAL.. that said..
A few years ago the UK signed up to the EU convention on human rights. If any person who is asked this question does not wish to answer it and suffers as a result I believe they have grounds for legal action.
In SOVIET RUSSIA the hot grits profit you!
Perhaps the answer here is this: Make Palladium/TCPA mandatory--but also make individual's personal information subject to the same sort of DRM. If I apply for credit, for example, the information I submit should be unable to be copied, forwarded, printed, or viewed except as I authorise. Similarly, my medical records at the hospital should be unable to be forwarded to anyone except the portions I designated that my insurer would have access to.
They have Internet there?
:-) truth hurts!
You know we invented internet and saved the world in World War 2 right?
(Use the Preview Button! Check those URLs! Don't forget the http://!)
There's no dichotomy there. The root of both issues is that a person has the right to control their own property. If I go buy the latest Crap Band(TM) CD, that is now my property, and so I should really be able to do whatever I wish with it. Similarly, my own personal information is my own property unless I sell it to someone else. My doing business with someone does not give them the right to sell my personal information, much like I am not allowed to make thousands of copies of that Crap Band CD and sell them.
Another issue is the fact that there is no reason I should have to purchase a CD without having been able to listen to it beforehand to determine whether or not it's worth the price, especially since it cannot be returned or exchanged for another one after being purchased. But that doesn't really have anything to do with your suggestion.
Your suggestion about applying DRM-style limitations to consumer personal data is an interesting idea, however the notion that Palladium would aid us is rather disturbing, and I have a hard time even rationalizing it.
It is unlikely that any harm will come of your information being revealed to those Darkies. Besides, the Darkies are to ignorant to understand what they are reading, if they can read at all. Wouldn't you say so? But, I understand where you are coming from, they just don't know their place anymore, not like the good old days in Inja.
What have you got against poor Melanie Johnson? Is there some particular reason why you feel you must harrass her with your inane whining? And why would you try to Slashdot her site? Hmmm?
Poor girl....
"Without knowing exactly what the danger is, would you say it's time for our viewers to start cracking each other's heads open, and feasting on the goo inside?"
"Yes I do, Kent"
Political Correctness is doubleplusungood.
Hate to break this to you, but the practice of having the call routed
to some foreign country is already common in the UK (Yes, I live in
the UK) and has been for years.
I called Iomega technical support a few years ago to get a free
replacement when one of my ZIP disks died. The telephone number I
dialed was a UK one, so I was quite surprised when I found the person
who answered had a very strong German accent. I asked where she was,
and she told me the call centre she was working in was in Ireland!
Now I know in this case the call wasn't going very far from the UK,
but it just as easily could have been. As for what this means for data
protection law, I couldn't even guess. IANAL.
Over a few weeks The Guardian covered, in a series of supplements, the current state of privacy in the UK: Big Brother, it may answer some of the questions you have.
troodon.net
Its all a sham.
If a company is found to be in breach of the Data Protection Act there is no "comeback". They simply get wrapped on the knuckles and are told to sort the matter out as soon as possible. There is no penalty, and no penalty if they DON'T sort the matter out.
Be afraid. be very afraid.
IIRC, If a company exports data to a country without eqivelent or better data protection laws they are committing an offence under the act. I can look up more information if you are interested.
But first they must leave the mainland, and that is where the breach of the Act would occur.
An analogous situation - I do work in London for a Swiss bank. Some of the processing involves trading counterparty data, but under Swiss law it is illegal to export this data to the UK. As a result, we get obfuscated data that is meaningless to us, but which the Swiss office can decode back into meaningful counterparties. In other words, the UK is complying with Swiss data laws.
Now, admittedly it's unlikely that the police are watching every internal FTP transfer. We could transfer real data. Doing so would be a crime however, so we don't. The same situation apply to India - whilst it's technically possible to transfer the data, doing so would be a breach of the law.
So...do you trust the company you're doing business with? If you do, then I would suggest that you have nothing to worry about. If you don't, well...
Cheers,
Ian
(I don't, by the way...)
The Information Commissioner is the person to raise this with first, rather than your MP, even if she is a minister (or the cynical would say, especially if she is a minister...)
I can understand your concerns. However I work for the forementioned company and since it is a government intiative with the contracted help of a private sector company, it has a very strict process. Obviously I cannot go into intricate detail but I can confirm, as assumed by mccalli, your information is obfuscated to 99% of the people who handle it, be it in this country or another. Also all parties have government CTC clearance or a synonymous international equivalent. Then the information is processed by bodies which already HAVE the information. i.e. Local Police/National Identification Service. The only question is, are the government keeping this information. But that could be said in several scenarios these days, and amounts to the age-old "is big brother watching." The answer is simple, if they were willing to break several EU and Data Protection Laws, then yes, once again Big Brother is watching. Quick somebody call Robert Redford. Alas, as far as this process goes, your information hasnt exchanged into any NEW hands. Regards