Thursday, January 17, 2008
Yesterday, the UK's
Information Commissioner's Office (ICO) found
Carphone Warehouse, and its sister company
TalkTalk, in breach of the Data Protection Act after investigating complaints concerning the way in which both organisations processed and stored personal information. It has now ordered both these companies to refine their data protection practices or be prosecuted.
We must applaud the ICO for taking enforcement action on this matter. Without a doubt, the ICO seems to be taking centre stage these days with the heightened number of privacy breaches in the UK (and believe me, with the rest of the world too). It is now asking for several improvements to its powers which are currently too weak to enforce the law effectively.
According to
Privacy Laws and Business, the House of Commons Justice Committee published a "Protection of Personal Data" report on the 3rd of January 2008 amongst others, recording evidence given on the 4th of December 2007 by Richard Thomas, the Information Commissioner, to the Justice Committee hearing on the protection of personal data. The ICO is seeking for mandatory audits, criminal offence and data breach notification.
In Belgium, the situation is no better. Perhaps it is worse - for many breaches are not publicised, contrary to the UK. Perhaps we need to put it out in the open here. Perhaps we need to complain more, and not just accept it when something goes wrong with our personal data. Perhaps the Belgian public must be better educated. Perhaps Belgian organisations too. Perhaps we need the Belgian press to provide greater publicity on privacy issues.
And perhaps the
Belgian Privacy Commission should follow in its fellow privacy defender's footsteps and demand the same. These privacy promoters are currently toothless lions, sad to say.
Currently, the Belgian Privacy Commission's powers are merely supervisory - giving advice and recommendations, and whilst being able to send warnings, and denounce violations to the public prosecutor, it is unable to sanction. One must remember though, that with regard to the latter powers, a complaint must first reach the Commission. Yes, so it does have to start with you, the individual who suffers.
Given the large number of malpractices in organisations with regard to the protection of personal data, and given the attitude of the public in not wanting to prolong their suffering, Privacy Commissions' powers, both in the EU and the rest of the world should be reviewed. It is high time they are given greater control and ability to protect personal data. It is after all, for our well-being.