Our personal data does not always need to be deleted by companies to comply with Data Protection Rules.

This week I am delighted to be a guest blogger for the Political Idealist website, which covers political, news and current affairs both in the U.K. and around the world. The Political Idealist is a website maintained by the talented Jack H. G. Darrant, who has keen interests in British democracy and environmentalism, regularly writes for The Independent newspaper, in addition to his weekly contributions in the ever popular ShoutOut blog. If you would like to know more, or enjoy this article, check-out the Political Idealist.

Many have questioned the safety of our personal data.  Now it appears that a loophole in the law could result in organisations holding personal data records, even when the information is no longer necessary for processing purposes.

Recent data protection guidance published by The Information Commissioner’s Office (ICO) has revealed that organisations that are unable to justify the storage of personal data they had been previously processing, may not have to delete the information immediately, despite the fifth principle of the Data Protection Act 1998, which states that organisations are not permitted to store personal data processed beyond what is “necessary” for the “purpose” or “purposes” of that processing.

However, the ICO has stated in their new guidance, that recognised challenges can be faced by organisations during the process of deleting personal data. Thus, the ICO has stated that it would generally accept those “challenges”, provided that organisations put unjustifiably held information “beyond use”. The guidance states that:

“The ICO will be satisfied that information has been ‘put beyond use’, if not actually deleted, provided that the data controller holding it: is not able, or will not attempt, to use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way; does not give any other organisation access to the personal data; surrounds the personal data with appropriate technical and organisational security; and commits to permanent deletion of the information if, or when, this becomes possible. We will not require data controllers to grant individuals subject access to the personal data provided that all four safeguards above are in place[…] Nor will we take any action over compliance with the fifth data protection principle. It is, however, important to note that where data put beyond use is still held it might need to be provided in response to a court order. Therefore data controllers should work towards technical solutions to prevent deletion problems recurring in the future”

The ICO  have also stated that organisational and technical safeguards will be necessary, yet  they have failed to provide any guidance as to the procedure of how organisations should implement the safeguards required, to ensure that organisations will not attempt to use personal data after it is no longer required. Furthermore, the ICO guidance stated that companies are allowed to retain personal data that is no longer justifiable in keeping, if they are unable to detach the information from other data contained in a legitimately stored “batch”, if the result of a “technical reason”. “In cases like this the organisation holding the information may be prohibited by law from using it in the same way that it might use live information,” the ICO said.

An example provided by the ICO is where: ” a court has ordered the deletion of information relating to a particular individual but this cannot be done without deleting information about other individuals held in the same batch.”

However, the ICO added that the permanent deletion of electronically stored information from the “ether” was not something that organisations would have to ensure. Thus, “the ICO will adopt a realistic approach in terms of recognising that deleting information from a system is not always a straightforward matter and that it is possible to put information ‘beyond use’, and for data protection compliance issues to be ‘suspended’ provided certain safeguards are in place“.

It would appear that the general view of acceptance by the ICO is that if personal data has been deleted with no intention to use or access this again, but still exists in the electronic ether, then data protection compliance is no longer applicable, because the data is no longer live. A potential problem could arise when the computers are later discarded, as there appears to be no guidance as to how to discard the equipment in a manner that would prevent access to the computer’s ether by a third party.

There are numerous methods in which third party sales companies and rogues can attain our information, ranging from companies selling our information onto third parties, unshreaded documents left lying around in an outside bin, the internet, public electoral roll records, or even the telephone directory. Perhaps this latest loophole discovery also answers the question as to where some international companies may be attaining our supposedly private information from.

This matter links in with the view of The Working Party, a committee made up of representatives from each of the EU national data protection authorities (DPAs), who have recommended that individuals should generally not be identifiable when their personal data is being processed. They recommend that organisations should be required to “anonymise or pseudonymise” personal data when processing the information if it is “feasible and proportionate”, as recommended as part of a published opinion on the European Commission’s proposed General Data Protection Regulation.

I am sure most of us will be in accord with The Working Party’s recommendation that:
 “The concept of pseudonymisation should be introduced more explicitly in the instrument (for example by including a definition on pseudonymised data, consistent with the definition of personal data), as it can help to achieve better data protection, for example, in the context of data protection by design and default.”

Perhaps “pseudonymised data”, if possible, is one way to prevent the possibility of potential abuse of data retrieval, should companies be negligent in their methods of discarding of any obsolete computer equipment during future system upgrades.

Advertisements

“Get outta m’ house!” New Law Criminalises Squatting

This week I am delighted to be a guest blogger for the Political Idealist website, which covers political, news and current affairs both in the U.K. and around the world. The Political Idealist is a website maintained by the talented Jack H. G. Darrant, who has keen interests in British democracy and environmentalism, regularly writes for The Independent newspaper, in addition to his weekly contributions in the ever popular ShoutOut blog. If you would like to know more, or enjoy this article, check out the Political Idealist.

September is now upon us, and at a time when an increasing number of people are falling into redundancies, unable to find employment, unable to pay their rent, and ending up without housing; the new squatting law comes into force as of today. This new piece of legislation now makes squatting a criminal offence in England and Wales. However, squatting in commercial premises will remain a civil matter.

The new offence, introduced by section 144 of the Legal Aid, Sentencing and Punishment of Offenders Act, will be punishable by a maximum prison term of up to six months, a maximum £5,000 fine, or both. Under this new law, the Police will now be able to assist landlords in evicting squatters from their property.

This change in the law has been described as ‘a tax subsidy’ for landlords, with the Chair of the Housing Law Practitioners Association, Giles Peaker, stating that:

‘ [Landlords] will no longer have to pay to get people evicted; it will be the police’s job to do it, paid for out of the public purse’.

Right-wing homeowners are delighted; whilst left-wingers such as lawyer and journalist, David Allen Green stated on Twitter:

“Bit by bit, the British state is shifting property rights from a civil law to a criminal law basis. Both misconceived and highly illiberal.”

A Law Society spokesperson said: ‘Residential occupiers are already adequately protected from trespass under the Criminal Law Act 1977, and for that reason we, along with the Metropolitan Police, the Magistrates’ Association and many others, did not see the need for the introduction of a new criminal offence for squatting.’

Campaigners have warned that criminalising squatting in residential buildings would lead to an increase in some of the most vulnerable homeless people sleeping rough. Furthermore, once a person is confined to a life on the street, it is very difficult to find a way out. Employment is unavailable to those without a fixed address, leaving a large number of people destined to life of homelessness for as long as they are unable to squat or have their name listed on a very long waiting list for council accommodation – provided they have a disability or dependents. As the homeless charity, Crisis, has stated, the new law will now criminalise vulnerable people who are just trying to find a place off the streets, leaving them in prison or facing a fine that they are unable to pay.

Image
Ultimately the Government needs to tackle the reasons as to why homeless people squat in the first place by helping, not punishing them. “It also misses the point,” Leslie Morphy, the chief executive of Crisis, said. “There was already legal provision that police and councils could, and should, have used to remove individuals in the rare instances of squatting in someone’s home.”

Justice Minister Crispin Blunt also added: “For too long, squatters have had the justice system on the run and have caused homeowners untold misery in eviction, repair and clean-up costs. Not any more. Hard-working homeowners need and deserve a justice system where their rights come first – this new offence will ensure the police and other agencies can take quick and decisive action to deal with the misery of squatting.”

Certainly, one advantage to the new law is that having the police involved in removing squatters is surely more preferable to an unscrupulous landlord “sending the boys round”, which might also put innocent tenants at risk in a case where a home has been sublet without the landlord’s permission, unbeknown to the innocent subtenant.

Image

Whilst the right-wingers and homeowners may continue to cheer as they read these words, I raise the question as to whether the police will have the resources to enforce this new offence, given their previous unwillingness to act with the previous law outlined by section 7 of the Criminal Law Act 1977. Not to mention that the new law is poorly drafted. Unlike section 7 of the 1977 Act, which previously protected homeowners by making it a criminal offence for a squatter to remain in a property after being ordered to leave by the owner; the new law does not cover gardens. Therefore, a person squatting in someone’s garden shed will, technically speaking, not be covered by the new law. Thus, we might now discover some truth in the fairytale phrase “pixies at the bottom of garden”…

Image

On that note, I wish you all a nice weekend.