The ICO says that Wigan Council breached data protection law through allowing unencrypted data on school pupils to be downloaded to a laptop. The laptop was then stolen, holding personal data on most children and young people in Wigan’s schools, about 43,000 pupils.

Source: Kable

The Information Commissioner’s Office said today it had been “badly let down” by parliament, the courts and newspapers in its attempt to stop the “flourishing” trade in illegally obtained confidential personal information.

The information commissioner, Christopher Graham, who took over the role at the end of June, claimed that custodial sentences could end the practice “at a stroke”.

He said the office had tried to “sound the alarm” about the scale of the problem. “We were let down by the courts, who didn’t seem to be interested in levying even the pathetic fines they had at their disposal; we were rather let down by parliament in the end, with no legislation; and we were let down by the newspaper groups, which didn’t take it seriously,” he said.

Source: The Guardian

Public sector organisations should avoid creating large centralised databases of personal information and keep clear audit trails of how identity data is used, under new proposals published today.

The Scottish Government is consulting on Identity Management and Privacy Principles that aim to raise confidence in the management of personal data. Draft principles include:

• Proving identity or entitlement: people should only be asked for identity when necessary and they should be asked for as little information as possible
• Governance and accountability: private and voluntary sectors which deliver public services should be contractually bound to adhere to the principles
• Risk management: Privacy Impact Assessments should be carried out to ensure new initiatives identify and address privacy issues
• Data and data sharing: Organisations should avoid creating large centralised databases of personal information and store personal and transactional data separately
• Education and engagement: Public bodies must explain why information is needed and where and why it is shared

The consultation closes on November 23, 2009.

Source: The Scottish Government
Consultation: Privacy and Public Confidence in Scottish Public Services: draft Identity Management and Privacy Principles

The Home Office has confirmed that the volume of data on a lost memory stick was much larger than originally reported.

Its resource-accounts for 2008-09 show that 377,000 records were on the device, lost in August 2008 by contractor PA Consulting. The department had previously said the lost memory stick held information on 127,000 people.

A spokesperson told GC News that the extra 250,000 is data on uses of the Drug Interventions Programme. …

Source: ZDNet

Two people have been charged with breaching the Data Protection Act after a British National Party membership list was leaked on the internet.

Source: BBC News

The Department for Work and Pensions (DWP) has admitted that it does not keep a running total of security breaches committed on its sensitive Customer Information System (CIS) database, prompting accusations that it is not taking adequate steps to protect personal data from intruders.

Source: Computer Weekly

Bookstores like Tattered Cover in Denver and Kramerbooks in Washington, D.C. stood up against government demands for book records. And thanks to their efforts, as well as others, the government has generally failed to force bookstores to turn over reader information without a court-issued warrant — or in some cases, even more than a warrant. Similarly, states across the country have passed public library privacy laws that require a court order before reading information is turned over.

Given this backdrop, we asked Google to promise that it would fight for those same standards to be applied to its Google Book Search product. We want Google to promise that it will demand more than a subpoena (which is written by a lawyer and not approved by a judge) or some other legal process that a judge has not approved before turning over your book records. In essence, we asked Google to tell whoever came to them demanding reader information: “Come back with a warrant.”

Honestly, we thought it would be an easy thing for Google to do.

Unfortunately, Google has refused…..

Source: Electronic Frontier Foundation

An entrepreneur whose fledgling business was ruined by a false entry in a court database has had his claim for compensation rejected by a High Court judge.

The decision could set a broad and troubling precedent, because Mr Justice Bill Blair QC - brother of the former PM Tony Blair - ruled that the civil service cannot be found liable for the damage caused by its record keeping mistakes.

Source: The Register
Hat tip: Glyn

* Cardiff and Glasgow councils sacked staff after they looked up celebrities’ personal records
* Tonbridge and Bromley councils sacked workers for looking up their friends
* Brent sacked someone who looked at their girlfriend’s details
* A worker at Torfaen was sacked for looking at his own details

But this may just be the tip of the iceberg. Many of the breaches were discovered after sample checks, raising concerns that other breaches may gone undetected.

Over 200,000 government officials have access to the database, including staff at 480 local authorities, and numerous government departments, including the Department of Work and Pensions, HM Revenue & Customs, and the Courts Service. The Child Support Agency uses the CIS to trace missing parents, …

Source: Computer Weekly

The number of errors by the Criminal Records Bureau (CRB) has more than doubled in the past 12 months, despite intense pressure for it to improve its performance.

Source: Telegraph.co.uk