Demos The New Politics of Personal Information FYI

An excellent report published by the Demos Think Tank titled The new politics of personal information FYI was made available last year, quote: "We no longer control what others know about us, but we don't yet understand the consequences..."

As Demos allow redistribution I created the online HTML version as only a PDF was made available at the time by Demos -- so it is be easily searchable using standard online tools now!

No online marketing opt in

I wrote about Phorm the other day. While thinking about this online marketing problem I had a quick look online. There are ways to confirm you don't opt into online web tracking services. The BBC even put up a page about their tracking of visitors.

So the list of steps sites to set the special cookies:

DoubleClick no marketing opt in.

Onmniture (WebSideStory) SiteCatalist HBX Hitbox no marketing opt in.

Nielsen no marketing opt in (make sure you click "Total Opt-Out" !)

Google Web History remove guide. (Highlighted on ORG-Discuss list)

I do think we need an international standard ad-tracking opt out like the BBC say.

For the meantime we just need Firefox and other browsers to start shipping with these cookies set by default. Also we need a Firefox extension which let's users control the cookies in a more friendly manner.

Phorm unique tracking

BBC ran a story earlier this week: Ad system 'will protect privacy'. Also the PMs site has a petition worth signing. The Phorm site has a privacy page with some more information.

Phorm say their tracking is anonymous, but surely they have miss-understood the definition of Anonymous (from the Greek ανωνυμία):

Oxford English Dictionary:

Anonymous a.
1. Not identified by name; of unknown identity.
2. Having no individual or unusual features.

Or as Chambers Dictionary puts it, "without character; nondescript"

Once I have been assigned a unique number which identifies every communication with me uniquely, surely I am no longer anonymous?

Once they have tagged my interests as "cars", "music", "travel" and "gadgets" surely that would constitute something along the lines of "individual or unusual features" ? I'm certainly no longer nondescript.

The honest way would be for Phorm to phrase it: "uniquely identified, profiled and browsing categories tracked by a number rather than a name".

Let's see what the Information Commissioner's research into Phorm reveals.

Phorm privacy problem

The UK PM's site has a petition We the undersigned petition the Prime Minister to Stop ISP's from breaching customers privacy via advertising technologies. Please consider signing it, already on 2,009 signatures, going up 500 per day!

OpenID security issue

I am very pleased that OpenID is finally taking off, I have too many site logons as it is. However, it does raise a security implication, because once my personal data has been concatenated to the point that it's as dangerous as a leak of enriched uranium waste.. someone gaining access to my bank logins subject me to fraud ultimately. I personally am pleased my online banking all has a different login system for security. if banks did ever unify their login systems I'd hold out to have a separate account for each system, as I would never use my bank login from a web-cafe as I can't be sure if it's secure.

Warning - MPS Junk mail opt out only lasts 5 years!

Having just registered with the UK's MPS (Marketing Preference Service) to stop getting junk mail I got a confirmation letter warning that it will expire in 5 years, and that it will take them up to 4 months to stop their marketing association members from junk mailing me. Not very effective+efficient is it.!? Why can't it last for ever?

What policies should prevent companies sending spam in the UK?

I guess I am fortunate that my BSc Computer Science degree included a module on Computing in Society. I was able to watch the Data Protection Act 1998 come into force (replacing the 1984 act). then in 2003 we received the the Privacy and Electronic Communications Regulations thanks to the EC!

Both of these laws prevent companies adding our personal information to marketing databases without our express consent and knowledge. There cannot be a default "opt-in" too. The Information Commissioner (formally the Data Protection Commissioner) deals with any requests for assessments when an individual needs to involve his office because the Data Controller in an organisation is not resolving an issue. Companies also need to register their use of our personal data, and provide a way to unsubscribe at the bottom of each marketing email etc.

Also register with the MPS to take away another excuse for companies sending direct marketing!

If any company breaks the rules, take them to task and get them to delete your personal details, ask for compensation if it's wasted some of your time too!

Check your insurance file

Insurance Database Services Limited run the Claims and Underwriting Exchange which holds a database of information passed to them from Insurance companies on any claims you have made. I checked my record recently and found errors on the record which Elephant had twice assured me they had corrected!

Fill in this form and write to them yourself at:
The Company Secretary
Insurance Database Services Limited
1st Floor, 100 Fenchurch St
London EC3M 5JD

Oddly they ask on that form for us to tell them what claims had been made, surely they should be the ones telling us that so we can check?

It costs slightly more than the credit reference agency file, coming in at £10, but maybe you can argue for it back if there are errors?

Check your credit file for only £2

I'm glad I checked my credit file recently, both Experian and Equifax had erroneous data from two banks.

The good news is we can pay £2 by cheque or postal order to the companies and get a full copy. Be sure to include your D.O.B. full name and previous addresses in the last six years!

Write to:
Experian Limited
PO BOX 8000
NOTTINGHAM
NG1 5GX

Equifax
Credit File Advice Centre
PO BOX 1140
BRADFORD
BD1 5US

Consumer Services Team
Callcredit plc
PO Box 491
Leeds LS3 1WZ

Interestingly, although they hold a database on us, it is currently regulated by the Credit Act rather than the Data Protection Act (so the Information Commissioner does not directly regulate).

Missing Data Protection Contoller contact details

I've noticed in recent years that I will purchase something or donate to a charity, and then discover that despite not ticking the box to opt into their marketing (or vice versa, always ticking to opt-out!), I've been added to their marketing databases. Often my details are then sold on to other companies, I've had Oxfam passing my details to Crisis, and also SmileTrain have just passed on my details to RNLI and MINT I suspect.

The problem is, they don't include a clear address to write to get in touch with the Data Protection Controller and track down the cause of this leak. Also the organisations are often unwilling to put in place policies to verify consent was provided before they buy in data. Many Data Protection Controllers do not even keep records of where they obtained the data from (Gateshead Council Electoral Roll return slips) (Gateshead sold my details to Harveys Furniture Store).

In my experience many Controllers are unwilling to divulge who they have distributed personal data too, or the source when they must have records of it.

I think we need a few "cultural" changes relating to Data Protection of persons information by organisations which we hope we can trust:

• Include full contact details for Data Protection Controller in all communications.
• Data Protection Controller needs to keep records of where personal data arrived from and that permission has been provided and verified.
• Penalties and compensation for breaches of personal data and the time taken to sort out the problems of unauthorised data leaks.
• ICO office being given more powers to investigate/audit organisations, and do spot checks to verify data breaches and record keeping in organisations.
  

Some organisations are not even registering on the Data Protection Register, in my view they should be fined and audited by the ICO, charging them for the cost of the audit.

The HMRC incidents in the UK really highlight how lapse this situation is at present. So Data Controllers, have a new years resolution to do your jobs properly! ;)

Cookie filter and block for Firefox?

I use Firefox's Adblock and Filterset.G.Updater extensions to ditch the advert pollution on many pages of the interweb. What we really need is a decent CookieBlock and CookieFilterset updater, the sort that blocks cookies like urchin I blogged about before. Is it that because cookies aren't visible they're not annoying enough to start blocking the unique trackers on pages? Should have been available before now, so as Mozilla guys aren't implementing as a core feature I hope someone will scratch the itch as an extension ;)

When even the Information Commissioner's office is tracking us, who's left to trust?

I posted last month about cookie tracking, and now I noticed that none other than the UK Information Commissioner's website is also assigning me a unique number which does not expire until 2009!! Spot the referal tracking too? and what does "organic" mean?

I could not believe that this would be something the ICO Richard Thomas, would have allowed his office to set this up. I can't even think this was an oversight, as it is necessary to sign-up for the tracking system account before you can use it!

Interestingly, even googling for "information commissioner" gives me the warning that the website is trying to set a unique tracking cookie on my computer.
Before anyone posts saying it is anonymous, check the definition of anonymous -- "lacking individuality, unique character, or distinction", oops Mr ICO!

So much for warning of the big brother state then Mr Thomas!?

The ICO is an independent office of government, responsible for protecting access to personal information and providing access to official information. Covering the following legislation: Data Protection Act 1998, The Privacy and Electronic Communications (EC Directive) Regulations 2003, and the Freedom of Information Act 2000.

Let's see if the ICO practices what preaches regarding privacy any time soon...