We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.
Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains constantly reminding us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex...)
So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.
He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s commitment to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.
Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: "It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made."

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighted in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?

Doubting Thomas?

We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.


Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains that constantly remind us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex…)


So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of The Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.


He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s dedication to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.


Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: “It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.”

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighed in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?


By the way, have a look at http://www.guardian.co.uk/technology/2008/oct/29/data-security-breach-civil-liberty for Thomas’ table on this year’s data breaches.


Ta ta for now, data chums!

A guest editor writes…

I’m delighted to announce that this week we have a guest editor, a Ms H.W. from somewhere in the South East. You’ll immediately notice the balance, reasoned argument and tolerance of other nationalities that has, until now, been so clearly absent from this blog. So, without further ado, I give you Ms H.W.:

A German Court has given permission for website operators to store internet protocol (IP) addresses of their visitors, claiming it does not violate data protection legislation. Surely not? I hear you cry. Yet they say that without additional information IP addresses can’t be classified as personal data because they cannot be easily obtained and used to determine a person’s identity. Note they said data cannot be easily attained therefore it is in fact still possible. The court in Munich did present a good case by ruling that ISPs could not present information to third parties regarding who had been using a certain IP address at a particular time without a court order.

The German court ruling is in fact consistent with the advice issued by the UK’s Information Commissioner last year. However, this did point out that IP addresses could constitute personally identifiable information (PII). This has resulted in people including The Article 29 Working Party (a reference to the 29th article of the European Directive concerning the protection of EU citizens’ personal data) to argue that if it could become personal data it should be treated this way regardless.

As a nation we put a certain amount of our trust in online actors including behavioural targeting firms, internet service providers and search engines, to use our data correctly and appropriately. The big question is: does using this data breach our privacy laws? The German court obviously thinks not.

I wonder if Pythias Brown, 48, from New Jersey agrees. He used to be a baggage screener at an airport and in charge of people’s property. He admitted to stealing regularly from his workplace and selling the stolen items on eBay using the handle “alirla”. Brown was found by investigators who tracked down this alirla account using Brown’s IP address for his home computer. This case provides a great argument against the claim that IP addresses cannot be counted and used as personal data. It would appear privacy here has most certainly been invaded.

Camden RIPA-off

Camden Town Council has more than quadrupled its surveillance of local residents since the introduction of the Regulation of Investigatory Powers Act (RIPA).

While the Act allows for the interception of communications and the use of covert human intelligence sources to prevent crime, including terrorism, it appears that Camden Council are using this legislation to spy on low-level offences, such as dog fouling, littering and checking whether or not a child lives in a certain catchment area.

Admittedly, Camden is the haunt of some of the most loathsome Untermensch that inhabit this fair city, from strutting, skinny-jeaned new media types to coin-eyed rip-off merchants selling “legal highs”.

But while I personally would be glad to sweep this whole swathe of faux-bohemia into the Regent’s Canal, I grudgingly have to admit that, owing to a loophole in the law, these people have the right to exist without being persecuted by the local council.

Of course, if the police and security services have reasonable grounds to suspect someone of planning a terrorist operation, that’d be a great time to start tapping the phones. But if you think that someone is mis-using a disabled parking badge, I would suggest that surveillance is both disproportionate and a fatuous waste of time and money.