Informationoverlord

I was talking with a few colleagues the other day about our professional body, CILIP, and reasons for renewing or not renewing subs. We also discussed the Update Magazine. I say this as I prepare to re-join after a year of non-membership.

What became apparent, from this small straw poll, was that the main reason for membership was the Gazette (which lists the latest jobs). Now, of course you can see most of these post via CILIP’s LISJob section on the CILIP website - without the need for membership.

So, dear reader, I guess my question is, if you’re a member, why are you a member? Out of habit? because you think it looks good if you are? some other reasons? If you’re not a member, what would make you want to become one??

Note: Comments are now closed on this post. Sorry Spammers, you now need to pick another post to target in an annoying manner.

The High Court has ruled that the Video Appeals Committee, must reconsider its decision to grant an 18 certificate to ManHunt 2.  This followed their overturning of an original BBFC decision to refuse to pass the film.

The BBFC appealed the the VAC judgement because in the Board’s view, it is based on an approach to harm which is an incorrect interpretation of the Video Recordings Act.

The Honourable Mr Justice Mitting sided with BBFC’s argument that the VAC had erred when considering whether Manhunt 2 could be considered harmful to minors who viewed it. Whereas the VAC interpreted this as “actual harm” the BBFC and Mitting believed it should be taken in a broader scope of “potential harm and risk of harm.” The BBFC also argued that the VAC based its decision on whether or not the game would have a “devastating effect on society” and argued that this “harm threshold” was too high.

The Irish certification body, the IFCO,  have also banned the game stating “strong graphic violence may be a justifiable  element within the overall context of the work. However, in the case of Manhunt 2, IFCO believes that there is no such context, and the level of gross, unrelenting and gratuitous violence is unacceptable.”

Australian telco Telstra has won its appeal against the ruling made in the Australian Industrial Relations Commission (AIRC), which had ordered it to reinstate Claire Streeter and pay her compensation for lost earnings, following its decision to sack her in the so-called ’sex-romp’ affair.

Telstra has sacked Miss Streeter in March 2007 following events that took place in a Sydney Hotel room after a work party and after claiming she sexually harassed three female colleagues by having sex (with two different men) just metres from where they were sleeping on a hotel-room floor. Telstra also claimed Miss Streeter had also sexually harassed a female colleague because she was naked in the hotel bath with two male employees in the presence of the woman, and that she didn’t leave the bathroom when someone wanted a pee.

When Miss Streeter took her case to the Industrial Relations Commission (AIRC) last August it upheld Ms Streeter’s claim that she had been unjustly sacked, and that Telstra must give her her job back. The commission said most of the conduct occurred well away from the workplace after, rather than during, a work function, and in a hotel room that was booked and paid for privately. It said that although the employees were upset by Ms Streeter’s conduct, her conduct was not directed to anyone else in the room, no-one in the room told her the conduct was unwelcome, the lights were off and she thought everyone else was asleep It was therefore not enough to constitute sexual harassment.

Ms Streeter’s conduct was hardly without blemish; however I have determined that any misconduct on her part was not such as to warrant the termination of her employment. I have dealt with the issue of her honesty previously. On the whole I consider she is a woman “more sinned against than sinning”.

A decision of the full bench of the AIRC, has now reversed that decision and backed Telstra, finding that Miss Streeter’s termination was not harsh, unjust or unreasonable. Miss Streeter is no considering whether to launch a further appeal in the Federal Court. The successful appeal means Telstra has no obligation to give Ms Streeter her job back or pay her compensation.

The Full bench found that Miss Streater’s dishonesty in not answering questions about the night, were not mitigated by the personal nature of events.

Whether the matters were personal or not, Ms Streeter had an obligation to answer Telstra’s reasonable inquiries honestly. In the circumstances, we do not see that the necessary relationship of trust and confidence can be compartmentalised as his Honour has done…Ms Streeter’s dishonesty during the investigation meant Telstra could not be confident Ms Streeter would be honest with it in the future. The relationship of trust and confidence between Telstra and Ms Streeter was, thereby, destroyed.

They concluded that:

We are not persuaded Ms Streeter has suffered any loss of confidence or self esteem as a result of the termination of her employment. We are also not persuaded the potential loss of employment opportunities for Ms Streeter through the Commission finding Ms Streeter was dishonest to Telstra is relevant to whether the termination of her employment was harsh, unjust or unreasonable.

Personally, I don’t think Miss Streeter did herself many favours in this one, but I also tend to come out, on balance, with the Judge in the first AIRC ruling that she is more sinned against than sinning.

Following the seemingly endless recent stream of stories concerning Data Protection Act 1998 breaches by various organisations, including the UK government; the UK Information Commissioner, Richard Thomas has published a wishlist of changes he’d like to see the act, to increase the ability of his office to deliver its commitment to “Strengthening public confidence in data protection by taking a practical, down-to-earth approach - making it easier for the majority of organisations who seek to handle personal information well and tougher for the minority who do not”.

The ICO comments that currently his powers are concerned with bringing an organisation’s/person’s future conduct into compliance with the act, but that there is a shortfall in sanctions available and the means with which to enforce the sanctions quickly and effectively. In particular, he highlights the issue of spam and how under the UK’s Privacy and Electronic Communications (EC Directive) Regulations 2003 , spammers know they can abuse the law, as besides the exception of issuing an enforcement notice under the Enterprise Act, the ICO’s powers are ineffective (just try and find any spammer prosecuted by the ICO). He also points to the fact that, whilst the FSA can impose large fines - as it did when it fined Nationwide £980,000 in February last year for failing to have effective systems and controls to manage its information security risks, following the theft of a laptop containing personal information and financial details from a Nationwide employee’s home in 2006, he would not be able to impose any penalty in a similar situation where an employer failed to manage the security of its HR records, or where a hospital failed to do so with regards its medical records.

He also states that: regardless of whether or not the enquiry into whether or not the enquiry into whether the HMRC acted knowingly or recklessly in allowing what the ICO regarded as an unprecedented security breach, by losing CDs containing private data on almost half the UK population, his office would have no powers to impose any penalty.

To this end, the ICO wants to introduce a new penalty of knowingly/recklessly failing to comply with the Data Protection principles - such as that of Carphone Warehouse and TalkTalk and their breach of 4 of the 8 principles in the use of inaccurate and incorrect personal data. Whilst conceding that the precise form of any penalty may require careful consideration, he suggests as a starting point for the new criminal offence:

1. A data controller who, knowingly or recklessly, fails to discharge the duty imposed by section 4(4) is guilty of an offence where that failure results in a substantial risk that any person will suffer damage or distress.

2. It is a defence for a data controller charged with an offence under subsection (1) to prove that he exercised all due diligence to comply with the section 4(4) duty.

[Section 4(4) of the Act provides that, subject to some exemptions, -

“… it shall be the duty of a data controller to comply with the data protection principles in relation to all personal data with respect to which he is the data controller” ]

The ICO believes this should be coupled with the threat of an unlimited fine.

Additionally, the ICO, has requested:

1) “a power for the Information Commissioner to inspect personal data and the circumstances surrounding its processing in order to assess whether or not any processing of the data is carried out in compliance with the Act.”

The ICO comments on the examination by the EU Commission into the UK’s implementation of the Data Protection Directive, and that the Information Commissioner’s powers are one aspect that the Commission has flagged as being possibly non-compliant. This he believes coupled with new requirements placed on him by the Data Retention Directive make it imperative that he has full compulsory inspection powers.

2)”a power for the Information Commissioner to require a data controller to provide him with a report by a skilled person”

This is based on power given to the Financial Services Authority, and most likely to arise in cases of security breach (the FCO has recently commissioned an expert report on its recent breach of security with regards its visa application website).

3) “enhanced enforcement powers to enable the Information Commissioner to bring seriously unlawful processing to an immediate halt, to place formal undertakings on a statutory basis and to enable the Information Commissioner to take enforcement action to prevent breaches of the Act that are likely to occur”

The ICO notes that currently the ICO has difficulty in enforcing the act against those who choose to ignore its requirements. The ICO believes in such cases it should have the powers to stop the alleged unlawful practices from continuing pending any prosecution or other enforcement activity.

4) “information notices that can be served on any person rather than just a data controller.”

The problems associated with acting against spammers is highlighted. The current information notice power is only applied to data controllers, whereas often the ICO will need information from people - telecoms service providers etc - to investigate such cases.

Richard Thomas is wise to strike whilst the iron is hot on this issue, at a time when there is quite broad cross-party support within Parliament to take (or at least be seen to take) this issue seriously. The public has also become, both more aware, and more vocal, in its concern about privacy issues - which will additionally make action attractive to many politicians.

As someone who has had an interest in this issue for many years, I have long felt that the UK’s attitude to data protection has been to merely pay lip service to potential problems. Even at a business level, the only fear organisations have is some potential bad PR, and even this until recent events was only something that few people would be aware of. As I mentioned in my post last week on the carphone warehouse case - this was a case where very large fines should have been coming there way. As it is they get a slap on the wrist and just have to promise not to do it again. Is it any wonder, when this has been the attitude to enforcement of the act, that data protection compliance is often not taken as seriously as it should be by many organisations.

The Government should draw up and SI to implement these proposed changes asap (which of course they won’t do. Waste some time, eventually draw up some draft regs, issue a consultation, sit on it for a while, then take the regs to parliament, and if anything has happened by the end of 2008 we’ll be doing good).

Ever wondered how the trains were doing in Zurich? NO, me neither, but this alpha site which plots ‘live’ train movements is actually pretty cool.

Floobs enables anyone to setup their own live internet and mobile TV Channel. You can broadcast live video and previously recorded video without installing any additional software.

CityTherapy is the new online platform & social planning tool for European city life and city travel. The site brings together the 4 pillars of city living, the people, the places, the events and the trips in one connected social network.

EveryBlock is a new service which that helps you find news and information in your city, neighborhood and even down to your block. The service is currently US based and only available in San Francisco, New York and Chicago at the moment.

TheAtlantic.com has opened its website up by dropping its subscriber registration requirement and making the site free to all visitors.

The Inner Temple Library has recently created a Facebook page. The page includes information on services, news, events, useful links and photographs. Inner Temple Library Facebook Page [need facebook account to view]

Orli at Go2Web has a post on boobik, which seems to be an ‘adult’ orientated version of Twitter. “if you’re looking for a place where you can share sexual experience, fantasies, pictures, videos and more, be sure to check out.” I tend to agree with Orli’s final comment that “I don’t think the site has so much content at the moment, but something tells me this will change soon…” The question is whether it will be on this site or on something similar, but one thing is for certain, there is always potential for hits and sex on the internet.

And for men that don’t get out enough, there is the chickipedia - I kid you not. Want that all important bio on whoever it is you’re lusting after, then this is the place (or not).

I mentioned Locate TV a while ago as a really good tool for searching for TV/Film information and schedules.

At the time I said:

There is no way to save your searches ( as least not that I could find - am I missing something Lottie?). If I don’t want a million embedded widgets or want to repeat searches each time I log on there doesn’t seem to many options, which quickly make this a much less useful site - outside of being a one-off search engine for media. Having a personalised splash page with your searches on it would be great, so you can see at a glance what is on and when for what you like / who you like - a sort of personal tv/DVD/webtv planner, if you will. Tie all that up with a nice rss feed and we are really talking.

Now, I have to confess I missed this, but just before Christmas the ability to save programmes to a page was introduced; so now you can have a personal schedule of sorts - like this.

Still don’t see a rss feed for the page though. A Facebook widget would be quite cool too.

The UK Information Commissioner’s Office (ICO) has issued enforcement notices to mobile phone retailer Carphone Warehouse and its retail telecom business Talk Talk for some quite spectacular breaches of the Data Protection Act 1998.

There are 8 data protection principles:

1. Personal data shall be processed fairly and lawfully

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7.Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Now the ICO investigation in this case found that Carphone Warehouse and TalkTalk seemed to have some difficulty with applying HALF of these principles properly when processing customer data. The ICO broke it down thus:

Subject access request - The failure to comply with subject access requests, having clearly received them as cheques were cashed and in certain instances further information was requested when it was not reasonably required.

Accuracy and Fairness - The setting up of accounts using incorrect details such as the name address and bank details, which in some instances had been obtained from old contract or purchase data, together with the refusal to amend inaccurate records without the permission of the account holder.

Security - The ability of customers to view confidential personal data of other customers when logging on to their online account and in some instances the emailing of such data to other customers.

Accuracy - The holding of inaccurate data and its disclosure to credit reference agencies or debt collection agencies and the failure to amend the data unless instructed to do so by the Commissioner.

According to the ICO “Carphone Warehouse and TalkTalk’s use of inaccurate and incorrect personal data has caused real damage and distress to customers.”

And what has happened to them? The ICO sent out an enforcement notice to them both and told them to sort things out within 35 days, and let the ICO what they are doing to sort things out, or face prosecution. What can the ICO do? “A data controller who persistently breaches the Act and has been served with an enforcement notice can be prosecuted for failing to comply with a notice. This offense carries a maximum penalty of a £5,000 fine in the magistrates’ court and an unlimited fine in the Crown Court”

In reality the potential fine the companies would currently face would be quite small, whereas it should - be more akin to the £980,000 the Financial Services Authority dished out to the Nationwide Building Society in February last year for failing to have effective systems and controls to manage its information security risks, following the theft of a laptop containing personal information and financial details from a Nationwide employee’s home in 2006. But, then again , I would be prosecuting on the information currently revealed and wouldn’t be giving the companies a month to come up with some undertakings to promise to do better in the future.

Momondo - search 434 website to find the cheapest flight. Not a bad little flight search engine.

Satisfaction - the people powered customer service site. Get (and give!) help around the products and services you use, love, and occasionally hate. Used it to leave some Snitter feedback

First-Ever Ranking of 40 Leading Banks on Climate Change Strategies . HSBC comes out top

2008 will be the year that knowledge process outsourcing - the outsourcing of high-value-add functions - takes massive strides in the UK, the National Outsourcing Association (NOA) has forecast as part of its annual trends survey.

The Library of Congress has reversed their decision to reclassify Scots authors as English. Quite right too.

Darwin Awards 2007

Newsgator have announced upgrades to their rss reader product collection and announced that all are also now available for free - including FeedDemon (also the desktop versions have free sync to Newsgator Online, which is pretty cool).

Tom Loosemore has an interesting post in which he asks if just owning a PC could mean that you need a TV Licence in the UK. He points to comments made by the BBC’s Director of BBC Future Media and Technology, Ashley Highfield, who states that whilst using the BBC’s iPlayer on demand Internet TV service would not need a licence, watching any live stream on BBC News 24, for example would.

As Tom points out this is an interesting question, the Communications (Television Licensing) Regulations 2004 (as amended ) section 11 reads:

(1) In Part 1 of the Wireless Telegraphy Act 1967, “television set” means any apparatus which (either alone or in association with other apparatus) is capable of receiving (whether by means of wireless telegraphy or otherwise) any television programme service but is not computer apparatus or a mobile telephone.

(2) In this regulation, “computer apparatus” means apparatus which -
(a) is designed or adapted to be used (either alone or in association with other apparatus) for storing or processing data, but not for doing so in connection with the reception by means of wireless telegraphy of television programme services; and

(b) is not offered for sale or letting as apparatus for use (either alone or in association with other apparatus) primarily for or in connection with the reception (whether by means of wireless telegraphy or otherwise) of such services;

Are modern day PC’s designed or adapted “in connection with the reception by means of wireless telegraphy of television programme services” ? Well , my current desk top machine came with an external digital TV card and many now come with internal TV cards, so I’d say the answer must be yes. BUT, if you don’t have a TV card and you’re just watching over your broadband connection? I think the wording of the regulation gives a bit more room to fudge the issue on this side of things, but at the end of the day I think there is an argument - that will only get louder over the next 18 months - that anyone with a computer/mobile phone capable of receiving the BBC live will leave its owner open to the charge of needing a TV licence to legally do so - if they don’t already have one/are covered by another one (.