Mar 312012
 March 31, 2012  Posted by  Breaches, Non-U.S.

A Slough letting agent and one of its directors who unlawfully obtained details about their tenants from a rogue employee at Slough Borough Council have been found guilty of committing offences under Section 55 of the Data Protection Act 1998 (DPA).

At Reading Magistrates yesteday, SAI Property Investments Limited, trading as IPS Property Services and represented at the hearing by Director Mr Punjab Sandhu, was fined £260.00 for two offences under the Act and ordered to pay a £15 victim surcharge and £702.08 prosecution costs. Another director at the company, Sundeep Jaswal, was fined £260.00 for two offences and ordered to pay a £15 victim surcharge and £351.03 prosecution costs.

Ounkar Singh Nainu – who supplied both men with information relating to individuals in receipt of Housing and Council Tax Benefit, whilst employed at the council as a Customer Service Advisor – has been fined £690.00 for three offences and ordered to pay a £15 victim surcharge and £351.03 prosecution costs.

The first offence took place in September 2009 when Jaswal made contact with Nainu and asked him to obtain personal data about some of their tenants from housing benefit records. This information was provided without the Council’s knowledge and used by the company to chase up their tenant’s outstanding debts. An unsuccessful attempt was then made to obtain further information from the Council’s records in March 2010.

The Council received an anonymous tip-off that Nainu had been illegally accessing the data, and launched an immediate investigation before reporting the matter to the ICO.

Information Commissioner, Christopher Graham, said:

“This case clearly demonstrates the contempt that all three individuals held for the privacy rights of the people affected.

“The council employee was responsible for handling important information relating to some of the council’s most vulnerable residents. He abused his position hoping to make money and found two unscrupulous individuals who were happy to acquire this information through any means necessary.

“This case highlights the need for a more appropriate range of deterrent punishments to be made available to the courts. There must be no further delay in introducing tougher powers to enforce the Data Protection Act, otherwise unscrupulous individuals will continue to see a mere fine as a price worth paying.”

Unlawfully obtaining or accessing personal data is a criminal offence under Section 55 of the DPA. Offenders can be fined up to £5000 at Magistrates Court or an unlimited amount at Crown Court. This also applies to attempts under the Criminal Attempts Act. The ICO continues to call for more effective deterrent sentences, including custodial, to be made available to courts to prevent the unlawful use of personal information.

The fines aren’t huge, but I posted this because it was handled as a criminal offense. Would that more willful shenanigans like these were treated as criminal in both the U.K. and U.S.
Mar 302012
 March 30, 2012  Posted by  Business, Court

Eriq Gardner reports:

Huang Hoang, the actress who sued IMDb for revealing her real age, got a small boost Friday in Washington federal court. The judge overseeing the case has decided that Hoang’s allegations that IMDb breached contract and violated laws on consumer protection are plausible enough to continue. But the judge also offered some relief to the subsidiary by dismissing two of Hoang’s core claims and striking her wish to collect $1 million in punitive damages.

Read more on Hollywood Reporter.  The claim about what the privacy policy meant in terms of use of her data is an issue privacy advocates will want to watch – if the case doesn’t settle before trial.

via @kurtopsahl

Mar 302012
 March 30, 2012  Posted by  Laws, Online, Workplace

Some state legislatures have responded rapidly to the issue of employers asking job applicants for their social media logins. As I noted yesterday, a bill is progressing through the Illinois legislature. One is also moving through  the Maryland legislature. Robert Lang reports:

The House of Delegates is due to take a final vote Friday on a bill that would bar employers from requiring employees or job applicants give them passwords to email or any social media.

Baltimore City Delegate Mary Washington is the sponsor of the bill.

Washington tells WBAL News that the measure is designed to protect the privacy of workers or job applicants.

Read more on WBAL.

Mar 302012
 March 30, 2012  Posted by  Online

Back in January, Neil Richards had commented on attempts to amend the Video Privacy Protection Act (VPPA), suggesting that allowing “seamless” sharing could be cutting back on important privacy protections that we should not weaken. Neil’s argument didn’t convince me that we shouldn’t allow those who want to share, to share, and I posed some questions to him.

I am pleased to point readers to Neil’s fuller article on this topic, which will be published in the Georgetown Law Journal, “The Perils of Social Reading.” Here’s the abstract:

Our law currently treats records of our reading habits under two contradictory rules – rules mandating confidentiality, and rules permittingdisclosure. Recently, the rise of the social Internet has created more of these records and more pressures on when and how they should be shared. Companies like Facebook, in collaboration with many newspapers, have ushered in the era of “social reading,” in which what we read may be “frictionlessly shared” with our friends and acquaintances. Disclosure and sharing are on the rise.

This Article sounds a cautionary note about social reading and frictionless sharing. Social reading can be good, but the ways in which we set up the defaults for sharing matter a great deal. Our reader records implicate our intellectual privacy – the protection of reading from surveillance and interference so that we can read freely, widely, and without inhibition. I argue that the choices we make about how to share have real consequences, and that “frictionless sharing” is not frictionless, nor it is really sharing. Although sharing is important, the sharing of our reading habits is special. Such sharing should be conscious and only occur after meaningful notice.

The stakes in this debate are immense. We are quite literally rewiring the public and private spheres for a new century. Choices we make now about the boundaries between our individual and social selves, between consumers and companies, between citizens and the state, will have unforeseeable ramifications for the societies our children and grandchildren inherit. We should make choices that preserve our intellectual privacy, not destroy it. This Article suggests practical ways to do just that.

You can download the full article from SSRN.