Wednesday, September 17, 2008

ICO Speaks Total, Utter Sense

No irony meant, honest.

OUT-LAW again say: "Organisations must not use the Data Protection Act as a smokescreen for not giving out information, privacy regulator the Information Commissioner's Office (ICO) has warned.The ICO has identified the most common data protection myths which it says are used to avoid transparency or that have just developed through ignorance of the actual law.

Deputy Commissioner David Smith said that "The Data Protection Act does not impose a blanket ban on the release of personal information. What it does do is require a common sense approach," he said. "It should not be used as an excuse by those reluctant to take a balanced decision."

Too bloody true. Unfortunately the examples given by the ICO are mainly related to the public sector: universities refusing to send results to anyone but the students themselves, schools refusing to let people take photos of children in school plays. In Pangloss's experience these bodies are usually fairly reasonable; eg there are often good reasons not related to DP law to reveal results to no-one but students in person, to do with confidentiality, trust and over demanding relatives, and as a bright line it still seems the best policy. Most universities will however send results to a student's home address on request, which deals with the "student off abroad and parents desperate to know" problem.

Those who really choose to use the DPA as the Don't Tell Anyone Anything Act are notoriously not non profits like schools, but the commercial sector and in particular, communications, banking and utility companies who cynically use the slice of lime factor of " it's against DP law" to cynically get rid of annoying customers and minimise customer service. Pangloss, eg, has spent many an unhappy hour trying to pay money INTO various accounts to pay for TV, cable, Internet and other bills and been told this wasn't possible "because of the data protection act". What possible release of personal data to the payer need this involve?

Another problem is what happens when one member of a couple has set up an account eg for telephone, and they then split up acrimoniously. It is hardly sensible, and potentially even dangerous, to advise the other partner that they cannot later acces or alter the details of their account without getting the estranged partner to ring. Indeed in some seperations, communication may have entirely broken down and it may be vital to change details eg if the matrimonial home is rented to a new tenant. All utility and similar companies should have sensible procedures in place to deal with such situations (an, crucially, which are trickled down to call centre level).

Should using the DPA to repel honest enquiries or non-privacy-invasive transations be regarded as a kind of corporate fraud? So long as there is effectively no real hard infringement of DPA law, large companies will continue to use the DP as a stonewalling excuse, because the nature of bureacracy is to gather as much data and reveal as little of it to others as possible. the evaporation of personal service in favouir of anonymised call centres with pre written scripts also has a great deal to answer for.

1 comment:

Dumpling said...

A friend had the same problem as you with paying money into an account.

She was trying to sort out internet service at her old house after a breakup with her partner.
The ISP repeatedly refused to let him pay the bill, as it was in my friends name, and they had cut off service.
She called to find out why they wouldn't allow her ex to pay it. They claimed only she could pay it (she was refusing to, as it wasn't her debt), and told her to speak to her ex and get the money, and pay it in herself.
She said she couldn't, as the reason they split was he was physically abusive (a lie, but we wanted to see how customer-friendly their customer service was).
They still insisted she should meet with him to get the money, and when she refused again, they asked that she get him to leave the money with a 3rd party for her to collect.

All her ex wanted to do was give them money to pay the bill, but they refused to let anyone but the named person pay it, even when she was saying it was nothing to do with her, and she wouldn't go near the one who wanted to pay it as she was afraid of him...

Data protection? Ha!