Wednesday, 14 September 2011

UK transparency & privacy review

The independent review of the impact of UK government transparency on privacy, commissioned by the Cabinet Office and led by Dr Kieron O'Hara, is now out:

Comments are invited, to privacyreview@cabinet-office.gsi.gov.uk. No deadline date seems to have been given. (The public consultation on open data, launched in August,  is still open - deadline 27 Oct 2011.)

Conclusions

  • Privacy is extremely important to transparency. The political legitimacy of a transparency programme will depend crucially on its ability to retain public confidence. Privacy protection should therefore be embedded in any transparency programme, rather than bolted on as an afterthought.
  • Privacy and transparency are compatible, as long as the former is carefully protected and considered at every stage.
  • Under the current transparency regime, in which public data is specifically understood not to include personal data, most data releases will not raise privacy concerns. However, some will, especially as we move toward a more demand-driven scheme.
  • Discussion about deanonymisation has been driven largely by legal considerations, with a consequent neglect of the input of the technical community.
  • There are no complete legal or technical fixes to the deanonymisation problem. We should continue to anonymise sensitive data, being initially cautious about releasing such data under the Open Government Licence while we continue to take steps to manage and research the risks of deanonymisation. Further investigation to determine the level of risk would be very welcome.
  • There should be a focus on procedures to output an auditable debate trail. Transparency about transparency – metatransparency – is essential for preserving trust and confidence.

Recommendations

"…which are intended to implement these conclusions without making too strong a claim on resources":
1. Represent privacy interests on the Transparency Board.
2. Use disclosure, query and access controls selectively.
3. Include the technical paradigm.
4. Move toward a demand-driven regime.
5. Create a data asset register.
6. Create sector transparency panels.
7. A procedure for pre-release screening of data to ensure respect for privacy.
8. Extend the research base and maintain an accurate threat model.
9. Create a guidance product to disseminate best practice and current research in transparency.
10. Keep the efficacy of control in the new paradigm under review.
11. Maintain existing procedures for identifying harms and remedies.
12. Use data.gov.uk to raise awareness of data protection responsibilities.
13. Investigate the Vulnerability of Anonymised Databases.
14. Be transparent about the use of anonymisation techniques.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Tuesday, 16 August 2011

Google's ICO privacy audit out

The UK Information Commissioner's Office has published the results of its consensual data protection audit of Google Inc's privacy processes, initiated as a result of the Google Streetview collection of wifi payload data.

The audit was based on a desk-based review of relevant documentation, an on-site visit at Google Inc in London on 19 and 20 July 2011 including interviews with staff, and an inspection of selected records.

Verdict - there's been progress in Google's privacy procedures, but more improvements are needed.

For more info -

For anyone interested, there's a full Guide to ICO data protection audits.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Thursday, 7 April 2011

Libel reform - free seminar 13 April

First in a debate-style Media Law Seminar Series from Centre for Commercial Law Studies, Queen Mary, University of London and City Law School, City University. This series "will focus on the cutting edge legal issues affecting all forms of popular media."

"This house believes that the English libel laws are unfit for purpose in the Twenty-First Century."

Date: 13 April 2011 - 6-8pm

Venue: Queen Mary, University of London 67-69 Lincoln's Inn Fields London WC2A 3JB

Free, but you have to register - e-mail your full name, your company name and position to k.zaim@qmul.ac.uk. Deadline 12 April.

2 CPD points.

Via http://www.law.qmul.ac.uk/events/.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Friday, 1 April 2011

"Outsouring" to "loud computing"

It may be 1 April but these typos I found are real; perhaps worth adding to the eggcorns database?

Those wary of staff discontent about "outsouring" -

- will still have heard much about "loud computing"-

- which probably beats "clod computing"!

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Wednesday, 30 March 2011

Census sabotage?

Privacy or confidentiality concerns about the UK 2011 census? The census director's careful choice of words quoted in ComputerWeekly certainly seems noteworthy - "The UK Statistics Authority and the Office for National Statistics will never volunteer personal information for any non-statistical purpose…". So, they won't offer it to just anyone off their own bat, but they'll give it if - made to? Told to? Just asked to?

Apart from data protection or privacy worries, others are uncomfortable about the contractor engaged to process the census, Lockheed Martin. So the ingenious recommendations by Peace News on How to Fill In Your Census Form without Lockheed Martin Profiting may well be taken up by some.

It's (possibly unintentionally) absolutely hilarious - with suggestions like -

  • don't fill the census form in online
  • "accidentally change a digit of your telephone number and ditto for an email address"
  • send written queries to the FREEPOST address, perhaps direct to the Director
  • make small changes to names so you know the source of any "data protection failure"
  • and oh they might have scanning issues if

    "- The form was wrongly inserted in the envelope;

    - A different envelope has been used;

    - The outer bar code has been covered before the form was put in the envelope;

    - Some or all of the outer bar code’s white spaces were filled in with black pen or otherwise obliterate.."

  • not to mention that scanner paper feeds can "go temperamental" if there -

    "a) could be things like post-it notes, loose bits of paper and other detritus, stains, obviously unreadable barcodes, etc.

    b) could be of the form of additional staples, tears, folds, creases, spots of stickiness such as a marmalade spillage or a fragment of bluetack, improvised repairs of torn sheets with sellotape, additional pieces of paper glued to the side, etc"

  • bar codes on the form - "can be rendered ineffective by neatly filling in some or all of the white gaps between the bars of with a black pen or entirely covering with stickers – do not use post-it notes for they are easily removed. Do not allow any complete horizontal strip (however narrow) of the complete barcode to remain. (Many people “blacked in” or obliterated bar codes to great effect on Poll Tax forms in 1989-1991 and greatly increased their processing costs). Make sure you don’t miss any other codes and serial numbers."
  • tick both boxes "Male" and "Female", or “Jewish” and “Sikh”…
  • "Refusing to answer such questions [considered intrusive or privacy-invasive] could, in principle, cost you £1000 and will make no difference whatsoever to Lockheed Martin. It will be more effective to tick a few random boxes and write some random stuff in the text sections, then cross it all out again, and write something like “I don’t understand this. Please explain” This will take up time to deal with in the processing centre. You cannot be fined for not understanding a question or for being confused by it and you have made the effort."
  • "It is easy to make a mistake or even to forget to answer a question – we are all human after all. No problem: just write to the processing centre (Addressed to “Census Processing Centre” in whatever place name you remember from the form) to tell them to put it right on your form. A considerable amount of clerical work could be involved… If you supply a missing answer, keep a copy of your letter so that you can prove that you made a real effort to comply with your legal obligation to answer all questions."

I won't go on. You can finish the article direct, it's an amusing read.

Ironically, I know at least one person who's done some of the things they've suggested - not through any intention to muck up the form, but just because their situation is unusual (though not that uncommon), and they didn't think the form was clear or helpful enough as to how they were meant to complete it, hence crossings out galore!

Via Peter Judge, eWeek.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.