Lose Data and ‘Go to jail’

In an earlier blog i suggested that if a private company had lost the sort of data lost by various government bodies has recently, their directors could face prosecution. Well under a proposed addition to section 55 of the Data Protection Act, that is exactly what could happen.

If the proposed legeslation voted through the House of Lords, is voted through the House of Commons individuals negligently disclosing personal data could be jailed for upto 2 years. The Justice Secretary would have to consult with the Information Commissioner’s office and other appropriate bodies before the penalty could be increased, in the same way that the second amendment works for people that deliberately trade in personal data.

If passed the amendment will remove exemptions from prosecution for government departments and certain crown officials that currently exist.

It is not yet clear what will constitute neglect, but guidelines suggest incorrect data protection procedures or use of unencrypted devices might constitute offenses.

Lord Erroll said “Data controllers need to wake up to the importance of personal data, whether in the public or the private sector”, and tory shadow home affairs minister James Brokenshire is quoted as having said “reckless handling of personal data by government officials should be made an offence”.

Lose Data and ‘Go to jail’

Are IP addresses personal data?

.net this month (April) has an interesting piece about whether our ip addresses should be regarded as personal information and protected under the data protection act.

It would seem that this debate has been raging across Europe if not the world, with the German data protection commissioner (peter Scharr) telling the European Parliament that if a person can be identified from an IP address, then it has to be regarded as private. A recent French court, on the other hand argued that IP addresses relate to specific computers or networks and not specific users therefore they do not constitute personal data.

While it may seem an insignificant point, as to whether an IP should be classed as personal data or not, it has huge impact of the way search engines and webmasters collect data on who is accessing, and indeed how there sites are being used.

Googles spokes person told .net that it “depended on the context”, where an ISP assigns an IP address to a user, and knows that users name and address this may be considered personal data, but where an IP address is collected by a website simply as a statistic then it is not. Google store IP addresses for all users performing a search for at least 2 years to help improve their search statistics and accuracy.

The implications for all of the worlds websites and search engines that collect IP’s for statistical purposes having to treat these as confidential data, and go through the data protection procedures to protect them are huge.

Another huge implication will be to the peer to peer piracy police, where IP addresses are being used to identify, track and prosecute people illegally copying, sharing and publishing audio/video and software illegally.

This is a very grey area and I would imagine that the debate will go on for some time.

Are IP addresses personal data?