Tuesday, January 20, 2004

Privacy International - Know your Data Campaign

Privacy International has a campaign in the United Kingdom encouraging individuals to ask for access to their personal data from telecommunications companies, including internet service providers. The campaign is called the Know your Data Campaign, and their website includes a number of model letters for individuals to send to their ISPs. The kind of information being requested goes well beyond the usual billing information that most individuals think of automatically when they ask themselves what sort of info about them is held by their ISP:

In particular, the following types of personal data are sought:

  • "communications data" as defined by Section 21(4) and Section 21(6) of the Regulation of Investigatory Powers Act 2000;
  • any data processed by DSLAMs/routers/switches/servers/Message-Transfer-Agents(MTAs)/monitoring-systems or other software or hardware
  • devices under your control, which is retained and/or disclosed in hardcopy, electronic media, backup devices, transient storage or otherwise;
  • case notes on incidents, events, disclosures, collections, modifications or faults;
  • records of disclosures (including e-mails) to other parties including under the DPA 1998 Section 29(3) and other legal authorities;
  • the logic of any automated decision processes as required under DPA 1998 7(d) [2];
  • the sources of the personal data.

As required by the Data Protection Act 1998 section 8(2), please provide an explanation of the purpose, meaning, and context of the information.

The Campaign for Freedom of Information (also in the UK) has similar resources to advise idividuals about their right to access their personal information.

Awareness of PIPEDA is not very high among the general population in Canada, but I expect that will change over time. I wouldn't be surprised if Canadian civil liberties or consumer advocacy organizations were to mount a similar campaign eventually.

No comments: