Information Commissoner fyi

  ayrmail 21:11 29 Mar 04
Locked

Looking through old topics on the forums and see i had not let you all know what the IC said about PCWorld.click here
"I have written to the company and informed them that it is likley they have processed your personal information in breach of the seventh data protection principle. The Commissioner dose not envisage taking any further action at this stage; however the case will be kept on file and may be refered to at a future date."

  spuds 23:05 29 Mar 04

I had a number of dealings with the said Information Commissioner's office in 2003. Every reply that I received stated that they would take no further action against the companies that I had complained about,even though they admitted, the matters that I raised were in breach of the Data Protection Act, but they would place the matter on file.

One matter that I raised click here

  spuds 23:12 29 Mar 04

Whoops, got the link/url wrong, try this click here

  Forum Editor 00:26 30 Mar 04

for the Information Commissioner's office to 'take action' in these cases. They seem to prefer the softly, softly approach involving a letter to the offending data controller advising him/her of the breach, and offering help to find ways that a repetition can be avoided.

I think that the guiding principle here is whether or not an individual has suffered a material loss, or a loss of status within the community as a result of the breach. If the answer to those questions is in the negative then the Commissioner takes the view that no punitive action is necessary.

Most of us would suffer no financial loss if details of our bank balance were inadvertantly passed to a third party, and I doubt that our status in the community would suffer either, unless the third party lived in the same community, and decided to spread the word that we only had £100,000 left in our current account.

It would obviously be a tad unworkable to have a system whereby all breaches of the terms of the act - however minor - were punished.

  ch0pper 00:46 30 Mar 04

To use the FE's logic, it is equally unreasonable to prosecute motorists who exceed the speed limit by a small amount, at a time when the roads are empty, and when no-one is at risk from said driver.

If a standard has been set, and a law made, then ALL breaches of laws should be prosecuted.

Just like the fact that possession of cannabis is still an offence, albeit the classification reduced to a class "C" - how many prosecutions will you now see for that?

Try informing companies house about a firm that is in breach of any of the regulations under the company act and they will "request rectification in all but the most serious cases".

It is more a question of gaining compliance than a 100% prosecution policy, although in the case of PCW one would think they have had enough warnings for a prosecution to be justified if only to remind them that they are not above the law!

  Forum Editor 07:18 30 Mar 04

Before you accuse me of being "quite wrong" I suggest that you actually study the terms of the Data protection act.

In cases where the Information Commissioner has reason to believe that no material loss has been suffered by the individual whose data was compromised, or that the person has not suffered any permanent loss of status in the community, the Commissioner would normally consider issuing an enforcement notice to the offending data controller. This means that the data controller would have to comply with the recommendations of the Data Commissioner, or face possible prosecution.

In more serious cases the Commissioner may issue a summary prosecution, resulting in a fine.

Finally, an individual always has the opportunity of taking a civil action for damages against the Data controller concerned. In this situation the Data Commissioner isn't involved, and the person taking the action must produce evidence of material loss and/or mental distress.

So you see ch0pper, it's not a question of punishing each and every breach - the law wasn't passed with that in mind. It's a question of ensuring compliance, as Smiffy99 has said. What you might not realise is that breaches of the terms of the act occur very frequently - normally by accident, and normally they're very minor breaches. A sophisticated society takes account of the fact that human beings make mistakes - if we hauled every Data controller into court when even a tiny breach occurred (as you suggest we should do) We would have to build hundreds of special courts to cope with the workload - at the taxpayers' expense.

  ayrmail 18:15 30 Mar 04

The only problem with the IC, is the same problem i have with PCWorld there procedures were not robust enough. The action of the IC dose not sound as if they were givin advice on who to prevent only that a breach was likly to have happened. PCWorld's response was as you would expect to blame human error, the people I met in the store came over as polite helpful and diligent, they did however show signs of having a great depth of knowledge in there field, although I sell food but I am no chef. My point is I am not convinced they understand the problem therfore they are unlikly to fix it however I'll wait and see. Oh and yes it would have been nice to have got a little more than a £50 voucher, a refund of the £179 ExG would have been more appropriate although now they will have a chance to prove me wrong.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Hands-on with the Star Wars fighting drones you can fly yourself

15 macOS Sierra tips | How to use macOS Sierra: Secret tricks and best new features in Apple's new…