ID Cards and The Verichip

lifttheveil · Site Admin

Thursday, 4 July, 2002
Technology trips smart card plans
BBC NEWS

The ID cards would carry a wealth of data

It could take years to develop the kind of smart ID cards the UK Government is keen to introduce and they are likely to compound the problems of illegal immigration, fraud and identity theft, say experts.
Home Secretary David Blunkett has indicated he favours introducing such cards, called entitlement cards, and has launched a six-month consultation.

Civil liberties groups have vehemently opposed the idea, stating that it will turn citizens into suspects.

The government says that by bringing existing identification such as driving licences and passports together, the system could be made efficient.

Card integrity

Human rights group Privacy International has warned that any ID card will be exploited by criminal groups with an increasing degree of technical know-how.

"The technology gap between governments and organised crime has now narrowed to such an extent that even the most highly secure cards are available as blanks, weeks after their introduction," said Privacy International's Director Simon Davies.

"Whenever governments attempt to introduce an ID card, it is always based on the aim of eliminating false identity.

"The higher the stated integrity of a card, the greater is its value to criminals and illegal immigrants," he said.

Return to basics

It could be years before smart ID cards came to fruition said one expert, who advised the government on the ID scheme.

Tim Conway, Industry Affairs Director at trade body Intellect, told Computing magazine that even the most basic of cards would take three years to develop.

The government favours computerised cards that could store a photograph, fingerprints and personal information including name and address.

It is estimated that basic plastic cards would cost £1.3bn, with the bill for cards able to hold data like fingerprints and iris patterns put at £3.1bn.

Mr Conway believes resources would be better spent on developing a card which would benefit citizens by making it easier to access government services.

The first step should be to bring together all the different identifications used by citizens, such as National Insurance and NHS numbers he said.

"What is needed is a card which doesn't necessarily identify you but has sufficient authentication to make the process very efficient," he told Computing.

source - http://news.bbc.co.uk/1/hi/sci/tech/2093341.stm

lifttheveil · Site Admin

The Times
October 28, 2006

Richard Thomas is determined to protect the public from being forever tainted by false information, but he seems torn between the right to privacy and the need for freedom of information (Richard Pohle)

Meet the man who stands between private lives and the right to know
By Alice Miles and Helen Rumbelow

Bank details, police files, credit ratings, shopping histories, tax and health records…one official is trying to keep it all confidential

Read the transcript of the interview with Richard Thomas in the next post

THERE seem to be an awful lot of locked doors and long passages to negotiate before we meet Richard Thomas. The defender of those twin pillars of British values — our right to privacy, and government by an open democracy — is found in a small, bare room that feels like an interrogation suite. The interview is watched by his information police, his private public relations company.

You probably have not heard of Mr Thomas, a mild, middle-aged man with the manner of a slightly baffled bureaucrat. But he is an unlikely freedom fighter in a battle that is becoming more fraught: the battle for information. On you.

As the Information Commissioner he is the man standing between you and a bad credit rating, between you and an inaccurate police record blacklisting you for life, between you and the Government hiding crucial decisions about your future. And now, between you and the companies, such as banks, playing fast and loose with your confidential financial details.

“We’re waking up in a surveillance society,” he said. “And when you start to see how many well-intentioned, apparently beneficial schemes are in place to monitor people’s activities and movements, I think that does raise concerns. It can stigmatise people. I have worries about technology being used to identify classes of people who present some sort of risk to society. And I think there are real anxieties about that.

“A company can send you a mailshot and say you’re clearly the type of person who likes this sort of holiday, they can profile you. In the same way, public authorities can profile you,” he said.

“You can manipulate data in a way now which builds up a very full picture, which may not be the right one. It may be an inaccurate picture. To treat somebody as a suspect when there’s no more than a potential for fraud is a serious matter.”

Scary stuff; and he got scarier.

“I would question whether there’s a greater case for convergence between police files and tax files and between bank records and health records,” he said. “There’s a trend towards greater convergence and it can classify people in ways which may be wrong and artificial. But there is also the risk of mistakes. There are risks the information is going to be mishandled.”

The threat is out there, but it’s all a little vague — which, given that Mr Thomas is dealing with theoretical dangers, may be understandable. His worst fear is of all these statesponsored monitoring systems linking up to one electronic Big Brother.

Take the children’s register: within a couple of years the Government aims to record electronically basic details about every child in England, including their address, school and doctor. Any professional who has concerns about a child will be able to add a red flag to their file, so that if others involved are also worried they can get in touch and share information. Is this an essential child-protection measure or a sinister bar-coding of childhood?

“I’m not persuaded that it’s necessary to set up an index of every child in the country where the rationale is to do with ensuring the social, educational, general health, wellbeing and thriving of all children,” he said.

“Now, if there are going to be flags of concern, let’s be precise — what do we mean by a flag of concern? If a child is being abused or there are very strong allegations of abuse, that’s clearly a concern. Is it a concern that the child is not thriving at French GCSE? We have to define this more precisely. And I think it’s part of our job to force those who are bringing forward these schemes to be as clear and open as possible on what they’re doing, why they’re doing it.”

So Mr Thomas tries to police this line between what should be your own affair and what it is necessary for the State to know. His job tugs him in both directions, upholding the Data Protection Act on the one hand, and forcing openness through the Freedom of Information Act on the other.

With the identity card database winging our way, as well as an NHS database that will hold every patient’s medical records, plus the children’s register, the Government seems to be seizing ever-greater control of citizens’ private details. This alarms the Information Commissioner.

“It’s not just unwarranted intrusions into privacy, it’s also the dangers of inaccurate information, of mistakes being made, of information being held too long,” he said. “And I think we’ve got to have some concept of rehabilitation. We have to have some sort of concept that young people do misbehave, young people do engage in antisocial activity. Should that blight their lives almost forever?”

He seemed to be talking about the criminal records database rather than the children’s database; Mr Thomas slipped between the registers so frequently that we could have lost him altogether. The children’s database will not hold any information about criminal records, although it may “flag up” that a child has had contact with the police, which could, of course, be damaging if, say, a school was selecting pupils and checked the database.

Mr Thomas’s concern about French GCSE results is similarly unfounded; the flurry of stories that floated around this summer about the register containing children’s academic records (and details of how much fruit and vegetables they eat) were untrue.

When Mr Thomas began his career, radicalised by going to university in the Vietnam years, he worked for the Citizens’ Advice Bureau, taking up the cases of poor immigrants in West London. But he now seems torn between what he calls his “double role”, one the referee, the other the campaigner.

Although there are no shortage of rulings from him — wearing away patiently at the Government’s resistance to releasing controversial information, at MPs refusing to give details of how much taxpayers’ money they spend and at the private sector for failing to safeguard people’s private data — his public warnings are rare and can be more than a little hazy.

The danger of being stigmatised through hidden data-sharing is the subject of a report to an international data protection conference in London next week. We had to press him hard to give examples of how it happens before he detailed the cases that cross his desk. The worst concerned a little girl’s chance remark at school that resulted in her father being refused work because he had been classed as a suspected paedophile.

“A little girl was overhead in the school playground to say, ‘My dad “bonked” me last night’. And the dinner lady heard this and reported it to the school authorities.”

The social services soon established that the girl was referring to her father tapping her playfully on the head with an inflatable hammer. They closed the file but, in the days that had elapsed, details had been passed on to the police — and they were not updated. Five years later the man discovered that he was still registered as a suspected sex offender. “And that, in my view, is wholly unacceptable.”

Mr Thomas was less comprehensible on what can be done to stop this stigmatising: among some long responses that do not quite answer the question, we pick out that he wants a “national debate” on the length of time that records stay active, and jail sentences for leaking confidential records.

His most emphatic answer of our conversation was when we asked if he ever felt paranoid about disclosing his own personal details in daily life. “No!” he said. “Full stop!” But at home in the Surrey stockbroker belt, with his wife of more than 30 years, he carefully disposes of all his sensitive documents. This is a little pointless if, however, you are unfortunate enough to deal with a business that is slapdash with your secrets.

“A number of banks have been very careless with people’s personal information,” he said. “I’ve been horrified by some of the stuff I’ve seen. I’ve seen rubbish bags [opened up] and there you find bank statements; we’ve got one example of a bank transfer of half a million pounds from one account to another. With loan applications which have been turned down, with a health insurance application, with paying-in slips, with cut-up credit cards.

“The bank’s the first to say, ‘Be careful with your personal information, shred everything, burn everything. Don’t leave any fingerprints around because identity theft is a growing problem’. But if the banks themselves are being careless with the information, that seems to me to be wholly unacceptable.”

The Information Commissioner is investigating branches of HSBC, Halifax, NatWest and Royal Bank of Scotland, as well as a post office. “They may have been concentrating a lot more on electronic security, they may have forgotten about some of the old-fashioned security. They will all say, I’m sure, we have procedures in place to stop this sort of thing happening. But procedures that are not actually operating in practice — there’s something wrong. What we’re seeing so far is highly disturbing and we need to send a very strong wake-up call.”

It is not just banks; they have had complaints about WH Smith, and the Grand Hotel in Brighton – where, for obvious reasons, people may not want their little getaways made public.

“You can imagine some people don’t want others to know that they’ve been staying at the Grand Hotel in Brighton. But when you’ve got copies of bills with details of who went there and when they were there and so on, that’s highly intrusive information.”

At least in the private sector you can take your business elsewhere. You can, like Mr Thomas, buy only from reputable internet sites; and you can choose from an increasing number of companies that sell themselves with the assurance that they will keep your details safe and not sell them on to others.

“I’ve got more concerns about the public sector where you have no choice. At least you can choose to go to Sainsbury’s, Tesco, Safeway, Morrisons or Waitrose,” he said. “In the public sector you’ve got a monopoly, whether it’s police or identity cards or tax or all the other public bodies. You have no choice but to deal with them.”

The public did not choose Mr Thomas as their champion, but does he reassure us? At the end of the interview he says he has not managed to communicate something very important. “Yes?” we ask eagerly, expecting more terrifying revelations, or an inspirational call to arms.

“I have not got across the three points I wanted to make, what drives me. One is empowering citizens; two, demystifying the law; and three, make sure that rights are effective.”

This is the most singularly appropriate thing about the Information Commissioner: he seems to make no distinction between information that is interesting and that which is not.

KEEP IT PERSONAL
# Shred everything, even junk mail (a criss-cross shredder is best). Cut up unused cards

# Check your bank statements for unfamiliar transactions. Never give personal or bank details to phone callers before checking who they are by calling them back on the organisation’s listed number

# Vary your password for different accounts. Don’t keep all personal data in the same place

# Redirect your mail when you move and also register with the Mailing Preference Service to stop unsolicited mail in your name being sent to an old address

# Ignore any unsolicited e-mail and never use a link in an e-mail to access a web page

# Don’t use public computers to access personal information

# When internet shopping give credit details or information only to secure sites that display signs such as Worldpay or Verisign

# Have your personal details excluded from the edited form of the electoral register used by direct marketing companies

# Regularly obtain a copy of your personal credit file from a credit reference agency

HOW APPARENTLY INNOCUOUS INFORMATION CAN BE USED

# A journalist showed how a discarded boarding pass stub could give a thief access to personal details to fake a passport

# Thieves can send out official-looking e-mails from banks to customers claiming to be updating records and wanting to confirm personal details

# This month Sarah Watkins, 38, a school governor’s wife, was jailed for using parents’ and neighbours’ credit card details in an £11,000 spending spree after gaining details from order forms at a school fundraiser she organised

Source - http://www.timesonline.co.uk/article/0,,2-2425298_1,00.html

lifttheveil · Site Admin

Times Online
October 28, 2006

Full text of the interview with Richard Thomas
By Alice Miles and Helen Rumbelow of The Times

Alice Miles and Helen Rumbelow interview with Richard Thomas, Britain's Information Commissioner, here in full on Times Online

The questions have been paraphrased and the transcript may not be 100 per cent complete.

Q: Today is the day MPs expenses come out. You have been appealing the House of Commons decision on that.

R: Well it’s not quite like that. The way the Freedom of Information Act works is that anyone can make a request for information to any public body. And the House of Commons counts as a public body. And there have been requests for information about MPs expenses and we’ve made some rulings in particular cases. The House of Commons already does disclose some general information about expenses paid to MPs.

Q: But the current expenses do not break it down.

R: That was done as a result of the Freedom of Information Act. It does encourage the proactive disclosure of information and that was a thing which my colleagues sat down at the House of Commons and encouraged them before the act even started to be more open. And that’s where they went at that stage. But then some people have been making requests for more detailed information. And we had to look at those on a case by case basis and there has been a number of cases where people have been to the House of Commons asking for more detailed information. They have claimed that various exemptions apply and therefore they’ve refused the information and then the individuals who want to can come to my office and they can lodge a complaint. And we investigate whether or not it’s right or wrong.

Q: What about details of travel expenses?

R: Well that’s what has been refused at the moment. We’ll have to apply the test of the Act and the Act says there’s a presumption of disclosure. Everything which is requested, there is a presumption of disclosure unless there are good reasons for non-disclosure. And the Act has a series of exemptions which spell out what the various type of exemption might be. And some of these are absolute. If they apply then that’s the end of the story. But most of them are what is called…(inaudible). It means that you then apply the public interest test and you say is there a greater public interest in knowing the information or is there a greater public interest in withholding it. And the way the act works is that the public interest in withholding it must be greater than the public interest in disclosing it in order for it to be justified as not being disclosed.

Q: What about accommodation?

R: Well there’s been a number of cases. There’s been some cases on individuals’ travel expenses, there have been cases on the costs of employing staff – the allowances which are paid to MPs and their staff. Now in one of those cases, the Speaker, as he’s entitled to under the Act, signed a certificate saying that it would be prejudicial to the effective conduct of public affairs to disclose the information. And that, in a very unusual situation, that converts it to being an absolute exemption.

Q: What was the particular case?

R: That was the information about the allowances paid to research assistants and people like that for MPs. That’s a highly exceptional case. That is a class for MPs as a whole.

Q: Why do you think that information ought to be public?

R: Well we don’t make those rulings. Somebody wanted it, we were investigating whether or not it should be disclosed and then the Speaker signed a certificate so we have no further function.

Q: Is it not likely the Speaker will do the same for cost allowances?

R: It is possible. This is meant to be a very exceptional process, it’s…(inaudible) in the Act, but he may do the same on other cases. But so far in those cases where we have made rulings on travel allowances there has not been such a certificate. We’ve ruled against the House of Commons, but they are appealing. They’re entitled to go above me to The Information Tribunal. And there have been a couple of cases of individual MPs, particular journeys and so on. They are saying that this is a breach of the privacy of the Members of Parliament concerned and falls within the scope of the Data Protection Act. But given that we actually administer the Data Protection Act we are fairly clear as to where the boundaries are to be drawn. And we’re saying that given that public money is being used for making these payments…

Q: Well they’re supposed to be journeys on public visits, so how can it be a breach of privacy?

R: Well it can be a breach of privacy in some situations. We’ve had quite a large number of cases now of people working in local authorities, people working in the education world, in the health world. We would not, for example, normally rule that the contents of a disciplinary hearing should be disclosed. Nor would we anticipate that we would disclose details of job applications. Now you could say well why not? That’s all public arena.

Q: I was talking about travel.

R: We make the judgement that travel warrants are meant to be used for public journeys at public expense and, therefore, people’s privacy should not be taken into account in that situation. And that’s now going to the tribunal. So the speaker in that case did not use the certificate process which would have short-circuited all.

Q: How long ago was this certificate?

R: That case was about 6 weeks ago. It’s been fully written down. We publish our decision notice, it’s on our website. We don’t make speculations on those. It’s in today’s Financial Times, we published this, this morning. This is the report of the first 18 months of the Freedom of Information. This is our track record over 18 months and this does include a lot of the examples. It’s got the BBC expenses, Alan Yentob’s expenses were under scrutiny. We made a ruling on that. Which went the other way in that particular case. I think we talked about MPs expenses somewhere.

Q: What about accommodation?

R: On that one I’ve lost track. You have to understand we’ve got 4,500 cases coming through the system. I don’t deal with all of these personally. I can’t recall whether we’ve ruled on that. I think we’ve got it under consideration. So I’m not able to talk about cases under consideration.

Q: When do you intend to order the release of information on MPs accommodation expenses?

R: My recollection of that is we’ve not made any rulings yet. I simply can’t talk about cases under consideration. I think you’ll find that story actually was a matter of speculation.

Q: Why is the House of Commons appealing on travel allowances?

R: In Scotland the Scottish Commission has had cases which have gone further than ourselves and there’s been a couple of cases in Scotland where the expenses of Members of Parliament have been put into the public domain and raised questions about the propriety of those payments. I haven’t seen the release myself but I think I’m right in saying that the Scottish Commissioner has put some materials out recently saying there’s been a dramatic drop in the amount of expenses claimed since those cases last year. I’m going off to Southampton tonight and I’m doing a lecture on where we stand with Freedom of Information. Public interest considerations. A lot of these cases turn on public interest and so we’re saying these are the sort of factors which will drive a public interest in requiring disclosure. First of all, informing debate on key issues. Promoting accountability and transparency and public spending. So as a prima facie rule, where public money’s involved, where there needs to be some sort of transparency, then prima facie one would expect there to be greater openness than there’s been in the past. Now that’s not to say openness in every situation. Now I’ve got a double role under this legislation, I have to be the impartial adjudicator – the referee – on each complaint that comes in. We’ve had 4,500 cases coming in so far. But also I have a statutory duty to promote good practice. So I define good practice in maximum openness, trying to get as much information into the public domain. I see this as very much a part of a sort of the democratic equation. More and more countries around the world have FOI legislation and I see FOI as a reminder that governments are acting on behalf of people, acting in their name and spending their money. And I think those are important sort of dimensions to this. So where public money is involved, unless there’s very good reasons to the contrary one would normally expect information to come into the public domain.

Q: Where are we on the question of charging for FOI requests?

R: Well at the moment, in the vast majority of cases there’s no charge. There’s for central government a £600 threshold. If the costs of collecting the information exceeds £600 – which is fairly rare – then they don’t have to deal with your request. Figure for the rest of the public sector is £450. The government has announced last week the cost of FOI is about £34m. Now whether that’s a very high figure or very low figure is for others to speculate. I haven’t get got to the position of any public comment on the fees and charges issue. And I’m not able to give full answers yet, but we only saw this last week and we will have a considered view probably in two or three weeks’ time.

Q: You weren’t opposed to the introduction of a nominal fee.

R: What I have said is that there’s a fee of £10 for a data protection request. And we don’t get many complaints about that, we don’t have many examples of people sort of feeling they’ve been denied access to their personal information. And I can see that there are some problems with what I call irresponsible use of the legislation. Serial requesters and people who are harassing public authorities and I think that’s probably bad for FOI. If that happens it discredits the concept. So I can see a case for some sort of flat fee. The government has published a paper last week setting out some options. They’ve actually rejected the option of a flat fee on the ground that it would be too much of a deterrent. I need to analyse their reasoning in more detail for that. And we’re looking at the other points which they’re making and say we’ll come out with something in two or three weeks’ time.

Q: Are they considering a sliding scale?

R: No what they’re considering is allowing public authorities to charge not just for the searching time, but also for the consideration time – how long it takes to consider whether or not to release the information. And that would count towards the £600.

Q: So they would reject more requests on the grounds that they were too costly.

R: They’ve done a piece of work by some economists and they are indicating something like 13% of the cases which currently come forward would not come forward if that were to happen. Cases go up and down to ministers and they consult 3rd parties and so on.

Q: So it is effectively going to be a sliding scale, depending on how long it takes to dig it out?

R: It’s not so much digging it out, the risk is that where it is important to bring into the public domain, but it may be quite complicated or it may be quite sensitive and take some time to go through. I mean there has to be a limit, no doubt about that. But the risk is that time is clocked up.

Q: If something is sufficiently important it shouldn’t matter how long it takes.

R: I buy into the equation that there’s a balance between openness and getting on with good administration, so I don’t think you can simply say that everything has to come out. There has to be a regime of a presumption and then the application of the exemptions. And you do have to take time in deciding whether or not information is inappropriate to go into the public domain. And there has to be a balance. But I have to give consideration to the total cost. £34 million. Is that particularly high? Some people are saying they’re surprised it’s as low as that.

Q: Is there a comparison with other countries?

R: That’s one reason why we’ve only seen these figures less than 8 days ago. We’re beginning to look and analyse this, but I’ve got no instant figures as to what it costs elsewhere.

Q: Written requests (inaudible)

There’s a threshold there, it’s the same thing, there’s a £600 threshold. And when it exceeds £600 the minister is entitled to stand up and say the cost of answering that question will be disproportionate. And so the same broad approach is adopted. There’s always a debate about costs. In the United States, Department of Defence, it was spending time and effort on dealing with FOI requests and they’ve had FOI for 40 years now. And someone then discovered that the cost to the Department of Defence was actually less than the cost of maintaining their golf courses. I think that sort of deflated the argument somewhat.

Q: What do you think about MPs defending their right to keep this information private?

R: Well I’m not sure the MPs are, I mean this is the house of authorities. I mean what is really (inaudible) is to have so much support for freedom of information across all political parties. This has been a matter of many years coming, it had been in successive manifestos of political parties – the Labour Party, the Liberal Party – for many, many years. When the government was elected in 1997 there was a White Paper within about 4 or 5 months of the May 1997 election. Now there was some delay in bringing it to parliament, but when it got to parliament there was cross party support and that’s, if anything, strengthened over the years since the Act’s come into force. And even last week when the suggestions that the government’s proposals might somehow undermine the legislation, you’ve got strong statements coming out from the back benches, from across the political spectrum. And I think the vast majority of Members of Parliament are strong believers in transparency. And FOI, being part of the democratic process, holding government to account – I mean we probably have an executive which has stronger powers than in many parts of the world and I see FOI as the latest weapon, if you like, a check and a balance to actually make democracy work as fully as possible.

Q: So you’re saying it wasn’t the MPs, it was the House authorities?

R: Well I mean the House authorities, they’re the ones who hold the information. So they make a decision. They don’t involve the individual Members of Parliament as far as I know. They’re making a decision about the information which they hold. These are the staff of the Commons. They have their own accountability to committees inside the house. I have no detailed knowledge as to how that works. I don’t think the House officials act entirely off their own bat, but they’re the ones we’re dealing with, we don’t have any contact at all with Members of Parliament. There have been speeches made by Members of Parliament actually criticising the fact that the information has not been released. That’s a very, very small part of the total piece. We get about a third of our cases relating to government departments. I think it’s the scale of the Act which I think does surprise some people. 115,000 public bodies are subject to the act, because it brings in every part of the National Health Service, every part of the education world down to a primary school. Every police force, every quango you can think of. It’s right down to doctors’ surgeries, dentists’ surgeries and so on. And so two thirds don’t relate to central government and one of the things I’m most pleased with is that the general public are by far the largest users of the Act. There’s no doubt about that. People thought it would be journalists and pressure groups. Well yes, they have their part in it, but members of the public are very substantial users of the Act. Probably about 60%, 70% or more. You know, the largest single category. And my background is rather varied. I worked in places like the Citizens Advice Bureau, consumer accounts for the Office of Fair Trading and sort of trying to actually empower the private citizen, the private individual and actually make laws meaningful for them in their daily lives. I think that’s hugely important from both FOI and data protection. So I’m pleased about that, it’s not just sort of for chattering classes. Some people dismissed FOI, it’s only of interest to The Guardian and one or two odd bods like that. But that’s not the way it’s working in practice. It has captured the public imagination. I don’t know if you want to guess how many people are aware of their right to get information under Freedom of Information. Guess the proportion. 73%.

Q: Do they know how to do it?

R: It’s not difficult to find out. Every public body now, if you go onto the home page of every single public body you’ll see an FOI statement on the home page of virtually every single public body telling you how to make a request. I’m going to Southampton University tonight. On their home page, I checked it a couple of days ago, there is our FOI policy, how to make your request.

Q: Are you subject to it?

R: Yes. We are, yes. Which is unusual, we’re about the only one in the world, I think. We’ve had 245 requests for information on almost anything. Anything relating to the administration of the office, to cases in hand. So a wide variety of cases, some we’ve disclosed and some we’ve withheld. And we’ve had to deal with complaints against myself. I’ve upheld some complaints and I’ve actually rejected complaints against myself. There’s a rather unusual situation.

Q: The government wants to withhold gateway reviews, doesn’t it?

R: There is a case which is in here. The case is under appeal. It’s the Office of Government Commerce. And they’ve appealed against a decision we made. This related to the gateway review of the identity card scheme. So quite a controversial topic. We said in this particular case, and I do stress we have to do this on a case by case basis. This is up to date as of last week. There’s another case about the cost of identity cards involving information supplied by the Department of Work and Pensions to the Home Office, but the case involving the gateway review is page 12. So far we’ve done a total of 370 formal decision notices, these are just the tip of the iceberg. But that one there, so that we require the Office of Government Commerce to disclose information linked to the gateway reviews of the ID card programme. This should be released in the interest of public accountability and transparency, despite arguments the disclosure will prejudice the formulation of government policy and the exercise of the department’s audit functions. So we said in that particular case it was the first gateway review, we looked at it, we had access to it ourselves. In most cases we see the information. Sometimes it takes time to get that. We get the information, we reviewed it, we said in the circumstances of that particular case it was appropriate to put it into the public domain. Now that’s being appealed and we will have to fight the appeal.

Q: Who are they appealing to?

R: To the Information Tribunal. It’s like a mini court. There’s a panel of people – a chairman and two lay people who are members of the tribunal. John Angel is the Chair of it. He’s a qualified lawyer, there are barristers, there are people from all walks of life who are members of the tribunal. And I decide if I rule against a public authority, the public authority can appeal. If I rule against the citizen or the requester, then the citizen or the requester can appeal. In either case the appeal’s against me. So I end up being on the receiving end of the appeal and we have to justify the decision that we have made. That’s why the original decisions can run anything up to 15, 20 pages in some cases. We give pretty full weight to our analysis and our rulings. Only a fairly small minority of cases are appealed and, so far haven’t been that many cases, been about 90 cases which have gone to the tribunal.

Q: Do they tend to uphold?

R: The outcomes are recorded here. Of the cases that have gone to the tribunal so far, 38% were withdrawn. 38% appeal dismissed and 24% either allowed or partially allowed. Only 37 cases so far have actually reached a conclusion. Only 9 have involved a situation being overruled. Just because we’ve ruled on that particular gateway review does not mean that all gateway reviews well get to air in public.

Q: Why do you think this particular one should be made public?

R: Well because the content of it was sufficiently non-controversial, non-sensitive. So we could see no harm coming out of that particular one and given, on the other hand, the importance of the identity card scheme, the way in which it’s going to work, we balanced the competing public interests and we said in that particular case it should be disclosed. One of the difficulties I have with some public authorities is that they sort of interpret this as having a precedent effect and they say we’ve got to fight this because otherwise all gateway reviews will be public. There was another case involving some minutes of a meeting at the Department of Education about school budgets. We looked at those minutes, they were meeting about 3 years ago now. We decided those minutes could and should be made public. The Department of Education has appealed against that, they said no, we are worried that if they’re made public civil servants won’t contribute to meetings in future. And we are somewhat impatient with that argument. We say no, you look at each case on its merits. If it’s appropriate to withhold the information, then there will be many cases we cite of the public authorities saying no, we accept that should not be made public.

Q: But is that still going through the appeal process?

R: That one will come to appeal in January, yes. About the problems faced by schools at that time with their budgets and decisions being made by the Department of Education as how to resolve budget issues for local authority schools. The Act works in a way which is blind to the identity of the requestor. So it’s exactly the same whether it’s Alice Miles the individual as Times Newspaper, it’s a company, it’s whoever. We just don’t take into account the identity of the requestor. Nor does the public body when it receives the request in the first place. Not allowed to.

Q: When does the gateway appeal happen?

R: That’ll be in February, March. One of the difficulties we have is that until the appeal is resolved, we can’t actually give any indication what is the subject matter of the information. And I wouldn’t disguise it’s quite difficult sometimes writing a decision notice to explain why it’s in the public interest for something to be disclosed when you can’t reveal what the information is or even what the public interest is because that would let the cat out of the bag and that would be wholly irresponsible. We can’t reveal the content of that, we can say and we say on our decision notice, we think there’s nothing in the content of that which gives a strong case for withholding it. What we can’t do is sort of attach a copy of it or summarise it or spell it out because that would give the game away.

Q: You must be a very good confidante.

R: That’s why I’ve never spoken to you lot yet. We see a lot of stuff. One of the most difficult cases I had in my first year was the legal advice on going to war with Iraq. And to have that as a commission as your first major case was extraordinarily difficult. And I saw those papers and we took time to consider those. In that particular case, because we grouped lots of cases together we issued an enforcement notice. And that required the Attorney General to release more information than had been released, but not all of the information. That’s a summary of it there, but that ran to 18 pages of my reasoning. I had to get involved very personally, I wrote a lot about myself. There were lots of schedules to it, we had to have United Nations resolutions, we had to have the deliberations of the government committees and so on all attached to weigh the various public interests. And we said in that particular case there was a public interest in disclosing more of the legal advice than had hitherto been published.

Q: Then they published anyway.

R: No, they published in response to our enforcement notice and what happened in that case we said you can’t go through the legal opinion striking out one line here and one line there, it wouldn’t make sense. So we called for what’s called a disclosure statement. And we then discussed the content of that with the Attorney General’s office and that was attached to the enforcement notice, so it came out. When we published our notice the disclosure of the advice, the reasoning of the Attorney General was actually attached to our notice. One benefit of that was that there was no appeal, so the Attorney didn’t challenge what we’d done in that particular case. But it was a high profile case and, as you say, seeing some of these materials, we have to be very strict – it’s actually a criminal offence, under the Act – for me to reveal the information without authority. We’re very conscious of that.

Q: How did you get involved in the row about the cost of ID cards?

R: Under my data protection hat, before the Bill had gone up to parliament, we had engaged in the debate about identity cards. We gave evidence to the select committee, we published a response to the government’s consultation paper. We tried to sort of set out the issues as we saw them from the data protection perspective. I took the view that when the Bill went to parliament on a very contested matter it was inappropriate for me and my office to be involved in something of such political controversy. So we took a much lower profile, we sort of withdrew from the debate at that point. Although we were quoted as the legislation passed through parliament. But then, under the FOI hat, when people are making requests for costings for example, or the gateway review, then we have a duty to consider the validity of the complaint to us and we make rulings on that.

Q: The gateway review, does it give us the idea of the cost of the scheme?

R: I rather doubt it would do that, I mean it would simply have some indication as that gateway review was done about two years ago now as to where matters stood at that time.

Q: There are other requests involving the case for ID cards.

R: There are other requests, I think we’ve got one or two others in our pipeline, but that’s the one which is so far adjudicated upon.

Q: What would you say to the prevailing view among journalists that you’re not aggressive enough in upholding the FOI?

R: That’s not been put to us, we like to think that we are balancing responsibility in being a quasi-judicial figure in like a sort of judge in these matters. In one case I have to sort of be impartial and do the job properly but at the same time, I think we’re to be quite robust. I mentioned earlier as well as being the adjudicator, I also have to be the promoter of good practice. We take that seriously. Before the Act came into force we published a great deal of guidance telling public authorities how to do it. We gave them a lot of help. In the first year we saw it as a bit of a learning curve for all concerned. It’s a massive cultural change for all parts of the public sector. And we ourselves were going through a learning curve. So we gave a lot of support and erm, guidance to public authorities. And there was a bit of a honeymoon all round. But we also made clear that after the first year or so we would be toughening our stance and one thing which we’re announcing today, in fact, there is a press release coming out today on this subject, is a new enforcement strategy. And it’s two of this paper and that does now signal a tougher approach to recalcitrant public authorities, where they’re dragging their heels, where they are persistent offenders, where systemic problems are emerging. You wouldn’t expect a sort of pattern to emerge in the first 12 months. But patterns now start to emerge after 18 months or so. So we’re sending a pretty clear signal here of those who are being deliberate or repeat offenders we will start using our powers. As well as ruling on the individual complains, we have the power to issue practice recommendations to serve enforcement notices and we’re setting out the criteria here. We don’t do large numbers but where, if you like, someone is just not taking it seriously, where we need to make an example of a public authority we’re going to be tougher and that’s the message coming out from the strategy being launched today. I don’t think it’s fair or right to say that we’ve been weak. You certainly talk to government departments, talk to local authorities they’ll say the opposite. We’re pushing the boundaries further than they feel comfortable with. There’ve been quite a lot of appeals made against our decisions made by government departments. We’ve recorded in here which ones are currently under appeal. They are nervous about us pushing the boundaries too far. I have to sit there in the middle, balance is a phrase I use quite a lot and in the area of FOI those are the sort of main balancing factors. We promote good practice, we’re impartial and we don’t have any bias one way or the other. We have to be as speedy, as usual friendly, informal on the one hand, we have to go through due process. We have to be robust and responsible. So those are the balances and another set of balance is between FOI on the one hand and data protection on the other hand. So if you think I’m somewhat pulled in different directions, you’d be right. I have to get the balance right on so many issues.

Q: Talk about the protection of personal information.

R: It matters to people. We did a survey and we repeated it last couple of years, asking the general public to rank the protection of personal information against other social concerns. Now crime always tops the list. Education and health vie for next position. Protecting personal information comes next. 83% of the population rank protecting my personal information as a serious or a very serious matter. That’s ahead in the rankings of freedom of speech, it’s ahead of equal rights for women and other minorities, it’s ahead of environmental concerns, it’s ahead of national security. So people care about these matters. At the same time, data protection has a somewhat mixed reputation. The law has been around originally since 1984, the current Act goes back to 1998. And it’s seen as something a bit scary, people often see data protection as a bit of a bogey. Organisations hide behind data protection. I mean the Chief Constable of Humberside, completely wrongly, hid behind data protection when he was held to account for what happened with the Soham murders. The position we took, which was nothing to do with data protection, was completely vindicated by the Bishard inquiry which looked into that. But you still see so many time we can’t do this because of data protection. And I get very impatient with that. I mean part of my mission is to take a practical, down to earth approach to data protection. To simplify, as far as possible, to demystify. And I’ve done a lot in the time I’ve been commissioner - 3 ½ years – to get across this message, it’s not actually protecting data, it’s protecting people. It’s people protection, it’s protecting personal information. And it’s not just unwarranted intrusions into privacy, it’s also the dangers of inaccurate information, of mistakes being made, of information being held too long. A little girl was overhead in the school playground to say my dad bonked me last night. And the dinner lady heard this and reported it to the school authorities. Absolutely correctly. Absolutely correctly they called in social services. They held an investigation. Within a couple of days they established that the girl had been taken with her sister to the local fairground by her father who’d won an inflatable hammer, one of these large hammers. And he’d gone up to the little girl, bonk, bonk, bonk. And social services, of course no problem whatsoever. File closed. But in the meantime details had been passed on to other authorities. I think it was health or police, someone like that. And so when they vindicated the family they did not update the record as it has been passed on to others. So some 5 years later, suspected sex offenders were still registered against that family. And that, in my view, is wholly unacceptable. We do about 22,000 case a year. We do 4,500 FOI complaints in 18 months. So 3,700 is the figure for an annual FOI. And the figure for data protection, where we have less strong powers I have to say, we get about 22,000 complaints.

Q: And they range from?

R: A woman aged 49 years old had a row with her next door neighbour. He was a policeman and he inappropriately accessed the police national computer. He discovered that she had a criminal record. Her criminal record was when she was 14 years old she was in care and she had hit her care worker. Had been taken to court and had received an absolute discharge, which shows it wasn’t particularly serious. At 14 years old. And the police said we still need to keep the information on our record, it was a crime of violence. And we, as a result of her complaint, we challenged the police and that went to the tribunal because they appealed against our motives. The tribunal said that police are entitled to keep it on their record, but they’re not entitled to share that information with anybody else. It only is for policing purposes, it can’t go for any of the other purposes for which police records sometimes can be used. They had a row across the garden fence and he said you’ve got a criminal record, haven’t you? That was the first she knew. From 14 to 49 she’d lived a blameless life. Another man was an accountant, similar situation, he stole his partner’s car. It stayed on his police record all these years. 17, 18 year old. He’s now a very respectable chartered accountant, wanted to go to the United States and get a green card. He was turned down for green card because he’d got a criminal record. These are some of the examples as to how data protection matters. And I get impatient of energy companies saying you can’t sort out your ancient mother’s gas and electricity bill, we can’t help you because of data protection. People hide behind it. Either they’re hiding because they’ve got things they’re just embarrassed about or, more likely, they’re just not properly organised and don’t wish to run any risk at all that they might somehow be in breach of the rules. So common sense is hugely important. A lot of it’s to do with the reasonable expectations of people. But the bigger picture, next week in London we’re hosting the 28th international conference of all data protection and privacy commissions. Some 200 and something people coming to London to discuss the theme of our conference which is a surveillance society? We’re having to charge for it, 2 or 3 hundred pounds or something. It is mainly a discussion amongst people who it actively engages. Primarily the commissioners conference but others are able to come, the media are welcome to come yourselves if you wish. But we are publishing a fairly major report which will document what – I use the phrase which The Times picked up a couple of years ago – are we sleepwalking into a surveillance society? I think actually now we’re waking up in a surveillance society. And when you start to see how many well intentioned, apparently beneficial schemes are in place to sort of monitor people’s activities, their movements, I think that does raise concerns and my agenda is to raise (inaudible)…other examples, when you’re on the internet it’s possible now for every search you make to be recorded. Your spending habits can be analysed by supermarkets. When internet companies say you bought this from us recently, would you like this instead? They’re profiling you. They’re getting more and more information. Much of it’s maybe highly beneficial. In terms of targeting individuals for benefit. But it can work the other way round. It can stigmatise people. I have worries about technology being used to identify classes of people who present some sort of risk to society. And I think there are real anxieties about that. One concern which needs to be more debate about is the fact that virtually everybody now who is called in by the police has their DNA taken. And whether you’re found guilty or not at the end of the day, your DNA is retained. There are clear public benefits for that. There are also some anxieties. The proportion of young people who are in trouble with the police means there’s going to be a disproportionate number of young people on the DNA database and then ethnic minorities will be there to a disproportionate extent.

Q: How does that stigmatise them?

R: The risk is that people will make assumptions about the characteristics of individuals as they collect more and more information. The general point is that technology can all start linking together. So the camera, the profile of your computer use, access to your electronic communications, all that can be linked together. So public and private bodies can build up a much fuller picture of who you are, what you’re doing. Now I’m not saying this is all sinister, this is all Orwellian, this is all something unacceptable. I am saying people aren’t aware of where technology is at the moment and where it’s going in the future.

Q: The point about stigmatising?

R: It’s a broader issue. In the same way as a company can send you a mailshot and say you’re clearly the type of person who likes this sort of holiday, they can profile you. In the same way public authorities can profile you in other ways. You may be somebody who is suspected of being a social security fraudster. You may be someone who is suspected of being an anti-social hooligan. And, you know, you can manipulate data in a way now which builds up a very full picture which may not be the right one. It may be an inaccurate picture. To treat somebody as a suspect when there’s no more than a potential for fraud is a serious matter. It may be quite legitimate and in line with people’s expectations that there is linkage between the tax files and the social security files. Many people probably assume there is already, there’s not, actually. But there may be a case for greater convergence there. But I would question whether there’s a greater case for convergence between police files and tax files and between bank records and health records. There’s a trend towards greater convergence and that’s the point I’m making. It can classify people in ways which may be wrong and artificial. But also the risk of mistakes. When more and more information is collected there is false positives and false negatives. I mean just where more and more information is being collected, there are risks the information is going to be mishandled. I mean a thing which I wanted to talk about a bit was allegations in the last few months that a number of banks have been very careless with people’s personal information. There’ve been cases now which have been quite strong prima facie evidence, which we’re urgently investigating, of banks’ rubbish bags being found on the public highway outside banks. And I’ve seen some of these where open up the rubbish bag and there you find bank statements, we’ve got one example of a bank transfer of half a million pounds from one account to another. With a lady with a rather unusual name. With loan applications which have been turned down, with a health insurance application, with paying in slips, with cut up credit cards. And I am very keen that we should investigate this as a matter of urgency, we will have to consider whether we use our enforcement powers. I think at the very least there needs to be a wake up call to the banks and building societies in this area. They may have been concentrating a lot more on electronic security, they may have forgotten about some of the old fashioned security. They will all say, I’m sure, we have procedures in place to stop this sort of thing happening. But procedures which are not actually operating practice, there’s something wrong. I’ve been horrified by some of the stuff I’ve seen. I think it’s wholly unacceptable.

H: How does this come to your attention?

R: Well I mean sometimes we get complaints. We had two cases last year, one involving WH Smith where someone found some of their customer records on a skip. We had a case involving the Grand Hotel in Brighton where hotel records were on a skip in the public domain. Now the Grand Hotel put its hand up straight away and said this is clearly unacceptable, we treat our guests’ confidentiality very seriously. You can imagine some people don’t want others to know that they’ve been staying at the Grand Hotel in Brighton. But when you’ve got copies of bills and so on with details of who went there and when they were there and so on, that’s highly intrusive information. But financial information, I mean there was real risks of identity theft, identity fraud. The bank’s the first to say be careful with your personal information, shred everything, burn everything. Don’t leave any fingerprints around ‘cos identity theft is a growing problem. But if the banks themselves are being careless with the information, that seems to me to be wholly unacceptable. What is worrying is that we’ve had allegations against a number of high street banks and some of those which we’ve had allegations of which we’re looking at at the moment, currently we’re looking at a Post Office, we’re looking at HSBC, Halifax, Natwest and Royal Bank of Scotland.

Q: Which branches?

R: Up and down the country. That’s what’s so concerning. One might understand the isolated incident. There have been allegations against each of these branches in different parts of the country.

Q: Can we know which branches?

R: Not yet. We’re investigating, we want to hear what the banks have to say. It’s only come to us in the last couple of weeks. And what we’re seeing so far is highly concerning, it’s highly disturbing and we need to send a very strong wake up call.

Q: Who’s bringing this to your attention?

R: Anybody. The particular example we had comes from a television programme which investigated this and they brought it to our attention. Other examples have come from members of the public, others have come from bank employees who said I’m not satisfied with the security going on here. There’s another case which was involving call centres in India, the Dispatches programme. And we said that prima facie raised urgent issues for investigation. This was mobile phone records which were being sold by corrupt employees inside call centres in India. And again we’ve got to look into that. But the wider picture is clearly where bank rubbish is routinely put out, that’s what I call a management problem. But there’s another problem, our report on What Price Privacy? which revealed in May of this year a pernicious black market in the buying and selling of illegal information. And this is corrupting either public officials or bank staff or whoever in order to get hold of personal information. There’s a very unhealthy market with a network of middle men which we’re trying to stifle that with attacks on both the supply and the demand end and then taking enforcement. We’ve got a big case coming up in court quite soon, but the penalties are far too low and I made a public call for an increase in the penalties which the government is now going along with. Also banks, credit companies, insurance companies, law firms, even local authorities chasing up council tax are amongst those. We’ve got search warrant powers and we’ve discovered they were involved in this as well. So it’s not just tabloid journalists. We’ve got cases of local authorities paying private detectives who have been using illegal means to track down people who owe money. Council tax arrears, for example. Now no way am I condoning people who walk off from their debts, but they’ve all got to act legally. It’s a breach of the existing criminal law.

Q: The children’s register that’s coming in is going to be the first point in anyone’s life where they’re going to be recorded and marked.

R: We’ve got a paper coming out on children’s databases towards the end of November. But want to set the scene first, as only one example of this. Children’s databases, my general position is I can see very strongly a case for good information sharing relating to children who are at risk. If there’s clear risk of physical or similar abuse, then I think not least it’s driven by the Victoria Climbie inquiry and I think it’s right and proper that social services, police, education, health, where there’s clear knowledge about a child at risk that they should do their jobs properly. I am far less persuaded that it’s necessary to shove up an index of every child in the country. Where the rationale is rather vaguer, where the rationale is more to do with insuring the social, educational, general health well being and thriving of all children. I think that gets into an area where it raises questions and I think we have to be amongst those who raise these questions about the relationship between the state and the citizen about the role of the state involvement in family life and so on. And, you know, we’ll be publishing a paper on that in November.

Q: Is it possible I don’t give my daughter all her injections so a health worker flags that and then a teacher flags something else?

R: At the very least if we’re going to have a system – and it’s gone through parliament now it went through parliament almost no debate at all - it was the Children’s Act of 2004. All the debate was about smacking. And this part of the Act, despite the controversy about identity cards for adults, this part got no parliamentary attention at all. And it’s now law so I don’t question that, it’s going to happen. The debate’s moved on now to exactly how it’s going to happen. And I say for example now if there’re going to be flags of concern, let’s be precise what do we mean by a flag of concern? If a child is being abused or very strong allegations of abuse, that’s clearly a concern. Is it a concern that the child is not getting all the right vaccinations? Is it a concern the child is not thriving at French GCSE? You know, we have to actually definite this far more precisely. And I think it’s part of our job and part of others who are concerned with these areas to force those who are bringing forward these schemes to be as clear as possible to be transparent and as open as possible on what they’re doing, why they’re doing it and we’re back to the old fashioned data protection principles. I was a bit rude about the Act earlier because it’s rather complicated, but the fundamental principles are crucial. And they’re easy. It must be necessary, it must be justified and it must be proportionate. That’s the starting point. Second, it must be secure, it must be accurate, it must be kept up to date. These are easy and they’re fundamental principles.

Q: When you talk about things being classified, what are the dangers there?

R: Automated processing, without human intervention, automated processing carries risks. There are two ways in which this can be problematic. One is if there’s some sort of inaccuracy. If there’s a suspicion which is ill founded. If it’s simply wrong, they’ve got you down as the wrong individual at the wrong address, and so on. So it’s just inaccurate. Some of the registers now, when you’re suspected of being a fraudster, is done by reference to the address. So people will move into a house and they find the previous lot were fraudsters and they’re somehow associated with that. We’ve sorted that problem with credit reference agencies, but we’re putting up concerns to say you must be very confident you’ve got the right person before you start sort of making allegations. But then sometimes the information can be accurate, but it stays with somebody for a very long period of time. In my example I gave you of the lady 49 years old, still on her record. And any policeman can discover this, that she has committed a crime of violence when she was 14 years old. Or the accountant who stole as a child. And I think we’ve got to have some concept of rehabilitation. We’ve got to have some sort of concept of young people do misbehave, young people do engage in anti-social activity. Should that blight their lives almost forever?

Q: Would you know that you’d been red flagged?

R: Well that’s another question. A very important principle of our law is that you’re entitled to see information about yourself. You can make a request and in most cases you get it. You won’t get all of it, you get most of it in most cases. So we’ll always be aware of it, but.

Q: Shouldn’t be the presumption be that you are told?

R: I don’t think it’s practical to notify everybody every time that a record’s met. It’s suggested now that every adult in this country, on average, is on 700 databases. I don’t think every time there’s an activity which is recorded you could tell.

Q: If a child was being red flagged, surely the parent would have the right to know?

R: Well I wouldn’t say in every case. No, I won’t be drawn on that because sometimes the Social Services may legitimately have a suspicion we need to watch a family and if a family knows it’s being watched it’ll modify it’s behaviour and that child may be exposed to greater danger as a result. So I don’t think you can make that sort of suggestion. But I do, as a broad principle, think that we’re moving into a society where people will know far more about what’s held on them and they will be able to check, they’ll have a better awareness to make sure that information is accurate, the ability to correct your own records I think is hugely important. You can do it with a credit card now. As we move down towards electronic health records, I think people rather than being deferential to doctors saying please, please what do you know about me? Have automatic access to their health record is, I think, a desirable benefit. I think the NHS scheme is moving in that direction. Internet access will be there, I’m sure. You can see your own bank account much more easily online, so we’re moving into a sort of…

Q: Are you worried about the NHS health register?

R: I’m very encouraged that those who are setting up the health project are taking privacy and confidentiality very seriously indeed. But the risks are great, and they’re very aware of those risks.

Q: Is it going to be a criminal offence to abuse the system?

R: I’m very pleased that it’s already a criminal offence. But I’m delighted that the chief executive of the health project was one of the first and men now have come along after him. He’s one of the first to go before a select committee. I fully support the Information Commissioner, I fully support the idea of a two year penalty to warn my own staff, if you like, large numbers of people in the National Health Service, this is a criminal offence. The government has now issued the consultation papers supporting it. I very much doubt that many people will go to prison. I think it’s highly unlikely we’re going to send people to prison. But it will stress the seriousness, it will serve a deterrent purpose.

Q: This applies to the identity register also?

R: That’s already the law. Two years for that is already on the statute book. But that’s only for national identity register, it’s not for bank records, for social security, for tax, for health, for everything else.

Q: But you want to expand it for all of those?

R: Every data base. Already it’s against the law, already it’s a criminal matter. Have you got a copy of our report? It documents very fully this black market. And we want it there to be increased, as it is already for the National Identity Register.

Q: Do you shred your bank statements? Are you paranoid?

R: No. I take a pragmatic view of life, and I’m aware of the risks I take. I have well informed judgements about my own personal life. I certainly destroy anything which could cause any sort of difficulty. But I’m not paranoid about it.

Q: And do you have store cards?

R: Yes. We have a Boots card. My wife uses it, she says she gets benefits from Boots.

Q: You’re not worried about buying things over the internet with your credit card?

R: No. But I take care. I make sure that I have confidence in those who I’m dealing with. I buy flights, I buy hotels. I’m not paranoid about this, but I’m aware of the risk concerned. And I wouldn’t hand out my personal information too lightly.

Q: When you’re buying things on the internet, they often ask you for a lot of personal information that they say is required for the transaction.

R: Increasingly now I want the business community, and I think they in the last two or three years have turned this corner. They’re seeing privacy as a matter of good business sense. It’s happened in the States to a huge extent where they alienated large numbers of customers by collecting too much information, by leaking information, by handling information improperly. And they’ve really, really had a sort of wake up call in the States. And this is happening now in this country and across Europe. A lot of business are making we look after information well as a selling proposition. It’s almost part of the competitive market place. You can trust us. And I think that’s a very healthy development. I welcome that. In some ways I’ve got more concerns about the public sector where you have no choice. At least you can choose to go into Sainsbury’s, Tesco, Safeway, Morrisons or Waitrose. They are paranoid about being accused of handling information inappropriately. Nectar got a very high penetration of households around this country. I’ve seen presentations they’ve made and they are absolutely totally aware the risks of inappropriate use of the information they are collecting. And their brand depends upon it. That’s great, well in the public sector you’ve got a monopoly, whether it’s police or identity cards or tax or all the other public bodies. You have no choice but to deal with them. And therefore I think that’s got to be a higher focus of our attention than private sector.

Q: Have you ever requested your medical records?

R: No I don’t think I have, really. No. If you want to, if you need to, you can get your credit reference file very easily, very straight forwardly, if you want to. But I’ve had no pressing need to get it, if you want it. But we have large numbers of people who do. By far our most popular leaflet is how to get hold of your credit reference file. Large numbers of people do it. It’s fairly straight forward and the companies running these schemes want people to do it. Actually want it now because it allows them to correct.

Q: How worried should a general Times reader be?

R: I want there to be an intelligent debate. I think there should be more awareness of how it matters. I mean next week’s conference will raise awareness, will make people think they’re looking at what the situation is like now in 2006, we’re rolling forward to what it might look forward in 2016. So I welcome that. I think when people discover that the banks have been dumping personal information in plastic bags on the high street, I think they’ll be horrified. And I think the sooner we can get to the bottom of this and, if necessary, take appropriate enforcement action as a wake up call to all banks. I’ve given you the names of those we’re looking at, but there may well be others. And this is going to be a matter for the entire…

Q: The report next week produced, is this you or internationally?

R: It’s a report that my office has commissioned from a group of academics. I can’t give it to you now, it’s still being sort of prepared in publication. It’s a very fully documented report with every sort of footnote you can imaging recording what’s going on at the moment, raising issues. It’s from several universities, they call themselves The Surveillance Studies Network. We had an open competition for this about 5 months ago.

R: I haven’t quite got across the 3 points I wanted to make, what drives me. One is empowering citizens, two: demystifying the law and three: make sure that rights are effective.

Q: If people are worried about these issues are you the person to come to?

R: We are the office which deals with these matters. We take action, we’ve got a number of actions where we’ve served enforcement notices. I served an enforcement notice against the Scottish National Party earlier this year. They appealed and we won. We challenged them because at the time of last year’s general election they sent unsolicited telephone calls by Sean Connery. These are automated telephone calls. We had a lot of complaints about that, we challenged their right to do it. We said that’s unsolicited marketing, they said oh no, it’s unsolicited political marketing. And we had a legal row about that and we won the case. The tribunal said that political marketing is governed by the same rules. We’re taking action against some of the telecom companies, Talk Talk and Carphone Warehouse. We’re taking action against them because we’ve had a lot of complaints that they’ve been telephoning people with marketing calls, people whose name is on the telephone preference service. And then we do these prosecutions, particularly with private detectives. We’ve got a big case coming up.

Q: What if they are based overseas?

R: It’s much more difficult. We can’t always deal with calls from overseas, but where are UK based organisation, for example, is sending its information to India, then we can take action. Spam email, unsolicited phone calls from overseas is much more difficult.

Q: How many days a week do you work?

R: Six and a half. This week I have been to Manchester, I’ve been to Brussels, I’ve been to London, I’m going to Southampton. Back to London. I am the Chairman and Chief Executive of this organisation. I’m the commissioner. My office is in Wilmslow outside Manchester and I spend a couple of days each week up there and I do two days in London every week and one day somewhere else. It’s a very demanding job. I’ve worked for the world’s largest law firm, I’ve worked in the rough end of north Kensington in the Citizen’s Advice Bureau. They’re all quite stressful jobs. But this is a very demanding, very challenging job. Intellectually, but also just in terms of the physical demands, trying to keep abreast of a whole range of issues. I mean freedom of information, data protection, they cut across all forms of human life. If you look through this FOI report, just read those cases and see the variety of things we have to be familiar with. Data protection, you know, right across police, health, education. I’m not complaining at all, don’t get me wrong. I have got a very satisfying and very responsible and very serious job. But it is demanding on me and on my staff.

Q: Why don’t journalists ask for more FOI requests?

R: I’ve seen a lot of people, including journalists, make rather amateur FOI requests, rather scattergun requests. If they’re a bit more precise and sort of targeted in what they’re trying to get, they would do better. Do a bit of research first and then make your own request.

(End of interview)

Source - http://www.timesonline.co.uk/article/0,,2-2425085,00.html