Data Protection Act

4 October 2013 at 9:15am
If you look up "interception" in most dictionaries you’ll find that it happens before an action has completed: in sport a pass can no longer be “intercepted” once it reaches a teammate. In a legal dictionary, however, that turns out not to be true. According to section 2(2) of the Regulation of Investigatory Powers Act 2000 (RIPA) interception can take place at any time when a message is "in transmission", which is explained by section 2(7):
12 March 2013 at 11:14am
The Information Commissioner has published helpful new guidance on how organisations can support the use of personally-owned devices for work, commonly known as Bring Your Own Device (BYOD). This appears to have been prompted by a survey suggesting that nearly half of employees use their own devices for work, but more than two thirds of them have no guidance from their employers.
PB/INFO/005 Please note that this factsheet is written with no legal expertise and that no-one should take any action based solely on its content.  In particular, readers outside England and Wales may be subject to different legal systems.
2 July 2012 at 2:58pm
The Information Commissioner’s consultation on an Anonymisation Code of Practice is mainly concerned with the exchange or publication of datasets derived from personal data. However it once again highlights the long-standing confusion around the treatment of pseudonyms under Data Protection law.
7 June 2012 at 3:10pm
Cookie Law Update By Andrew Cormack 13 June 2012, 12.30-13.30 In 2009 an apparently minor amendment was made to European telecoms privacy law that turns out to have significant implications for websites using cookies as well as other technologies such as e-mail tracking. The change became UK law in 2011 and will be enforced by the Information Commissioner from May 2012. Programme: Discuss what organisations can do to work towards compliance Discuss some examples of how others have responded to the law Q&A Session
6 June 2012 at 11:02am
The JISC Legal Information Service have published a toolkit on the legal issues that should be considered by universities and colleges when planning to use external cloud computing providers, including Data Security, Jurisdiction, Confidentiality, Freedom of Information, Intellectual Property Rights, Equality and Accessibility, and Contracts.
6 June 2012 at 10:57am
Although consent is a key concept in Data Protection, discussions of it often seem confused and legal interpretations inconsistent. For example the European Commission has in the past called both for a crackdown on the over-use of consent and for all processing of personal data to be based on consent!
6 June 2012 at 10:20am
The Information Commissioner has now published his Code of Practice on Personal Information Online (also available as PDF), for which we gave early input. It  seems to contain a lot of helpful and pragmatic advice.
6 June 2012 at 10:18am
For a while I've been trying to understand how pseudonymous identifiers, such as IP addresses and the TargetedID value used in Federated Access Management, fit into privacy law. In most cases the organisation that issues such identifiers can link them to the people who use them, but other organisations who receive the identifiers can't. Indeed Access Management federations spend a lot of effort to make it as difficult as possible for the link to be made, using both technical and legal means to protect the privacy of users.
6 June 2012 at 9:47am
The Information Commissioner has now launched a draft text for a new guide on Personal Information Online, with an opportunity to comment on the text over the next three months. It's good to see that some of the issues I raised at a preparatory meeting have been included, so I'd encourage readers to have a look at the draft guide and provide their own comments.
Subscribe to Data Protection Act