Lee & White

A person's privacy is a fundamentalright which requires recognition and protection. Whilst it is incapable of precise definition, the concept has been linked with data protection, which interprets privacy in terms of management and handling of personal data.

About 75% of mail in Belgium is spam, usually associated with shady products or dodgy deals. But spam is just another word for unsolicited publicity mail - an email which you didn't ask for and which is completely useless to you or your business.

If you are sending out emails, be it just one email or in bulk, then consider very carefully if your email is going to be useful to the recipient. The best - and only legal - way is to actually have that recipient ask for the email in the first place - the opt-in. At any time the recipient must be able to revoke his request, and stop receiving further emails - the opt-out.

The law governing this is quite clear, the repercussions of not complying with that law aren't. In Belgium, BIPT - The Belgian Institute of Postal Services and Telecommunications - is concentrating on forcing ISPs - Internet Service Providers - to filter out unsolicited mail. BIPT confirms that they are unable to punish non-compliant ISP's. In any case, it is a useless exercise, as it only protects those companies or individuals who use the ISP's own email service. Those who use external email providers such as Gmail, Live or have their own email server are not benefiting from this.

Companies which send out unsolicited mail are neither targeted nor punished. In practice, the best that Belgium can do is to reprimand non-complying companies.

In the Netherlands, in a landmark case, Opta, the Dutch Independent Post and Telecoms Authority, reprimanded two companies and imposed a total of 510,000 euro fine for sending out unsolicited mail. This seems to be the highest fine ever imposed by Opta for spamming.

Belgium can certainly learn a lesson from its fellow EU member state.

"What's the big deal anyway?". A remark we hear very often when discussing personal data issues."Nothing to be concerned about, who would be interested in my personal data, and what can they do with it anyway?"

Finally something is happening in the Belgian Data Protection World.

OIVO, the research and information centre of the consumer organisations in Belgium, has filed a complaint against the Belgacom group to the Privacy Commission and the Federal Ministry of Economics.

OIVO states that the privacy notification on the invoices sent out by Belgacom clause is a violation of the Data Protection law. This notification states that 'customer data is stored in databases of the Belgacom group (Belgacom nv, Belgacom Mobile, Telindus, Skynet) and can be used by any member of that group for customer management and to send commercial information'. It also states that if a customer does not want to receive such commercial information, it should contact customer service.

This violates the data protection law on several points

Yesterday, the UK's Information Commissioner's Office (ICO) foundCarphone Warehouse, and its sister company TalkTalk, in breach of the Data Protection Act after investigating complaints concerning the way in which both organisations processed and stored personal information. It has now ordered both these companies to refine their data protection practices or be prosecuted.

Dutch care insurance company, CZ, recently made the headlines as a result of a faulty online quote system. Personal information of about 55000 people with regard to past applications could be retrieved by other parties. Such information included the
date of birth, bank numbers, social fiscal numbers, gender, name, address, post code, phone number and email address of these people. The online quote system has been removed from CZ's website.

The blunder was first discovered by two programmers who used the system for a quote and found the leak. CZ was informed of this but five days later, the information was still accessible and this led to contact with the newspaper, Algemeen Dagblad.

Whilst there is no proof of abuse of such personal information - or no proof yet, the fact that such a leak is happening should be sending warning bells to us. How many more websites visited are carelessly giving access to the same? How many more companies are just as negligent? This is just the privacy breach of one Dutch company - its negligence in implementing proper security measures to protect these personal information.

Also, if you look at CZ's website, you will come to discover that the vital online privacy policy which should be available to inform visitors of CZ's privacy practice and security is lacking.

What you should always look for when surfing on a website is its privacy policy and if you are not satisfied, do grill the organisation on it without divulging too much personal information. Use a pseudonym, or create a separate email account without using your name. Do read our previous entry Who is abusing my email? for more information on this.

Well, just to let you know that personal information is carelessly handled everyday.

Will it not end? Will we have to keep reading (almost on a daily basis now) about the security breaches involved concerning personal data?

Where is the fire this time? NHS Trusts in the UK, it would seem.

According to Reuters, nine National Health Service trusts have lost the records of hundreds of thousands of adults and children, in the latest embarrassing loss of data by official bodies.

Ever since the concern for data protection was augmented not too long ago by the UK government when it acknowledged it had lost CDs with the names and bank account details of 25 million people and exposing nearly half the population to possible fraud and identity theft, more and more news of failures to protect personal data by official bodies have been pouring in.

Yes, the government informed last week that one of its contractors had lost the detail of 3 million learner drivers! Now, how is this possible? How can it just be lost? What has happened to the compliance of strict procedures in protecting personal data? If this is happening within official bodies, how much more within companies and other organisations where almost no form of security procedure is adhered to concerning the protection of personal data? And whilst this is reported in the UK, where, mind you, they are much more strict about such matters, what is the situation like in other countries?

I shudder to think what is happening in Belgium, for instance - whereby about 97% of the companies (in a research in 2005) are not compliant to the Belgian Data Protection Law. To top it off, in a research in 2006, none of the non-profit organisations including the political parties were compliant either. And in Belgium, many cases do not make it to the headlines for some reason.

So, what do we do? Make more noise? Let this continue? If only those in power would start enforcing the sanctions and make examples of these organisations.

Microsoft has some serious thinking to do about its latest operating system - Vista. I'm sure we were all very excited when the eagerly awaited, glossy Vista was released early this year.

There is no doubt that Microsoft did an excellent job with the graphics and animations for Vista. However, is that all there is to Vista? A pretty image on your screen? It certainly does not do much if it is slow and hangs every few minutes. It would seem like Microsoft paid full concentration on visuals to make Vista trendy looking with its cool sidebar, and the animated switching between windows. However, they should have paid equal amount of attention to performance and efficiency.

With 30% of businesses (according to InformationWeek) having no plans to switch to Vista in the near future, will Microsoft re-engineer Vista? We hope so and soon too.

It is remarkable how far Christmas and New Year celebrations have been utilised for commercial gain. From selling ridiculous products under the pretext of Christmas gifts to spamming, Christmas has become nothing more than a time for advertising and marketing.

So what is Christmas spamming? Well, under the guise of sending you a Christmas and New Year wish through an email, these companies are actually trying to lure you into some new product or service. Yes, it is a commercial email and in many cases, there is no opportunity to unsubscribe from such emails and you might find yourself receiving it again in the following years if you don't put a stop to it instantly. A typical message would be something like:

"We at XABCX wish you a very Merry Christmas and a prosperous 2008!

By the way, do check our website http://www.xabcx.com as we are having some great promotions on VVVVV..."

Now, note that it is spam if you never asked or subscribed for such commercial emails. It is spam if you are not a customer of theirs and if you are a company, it is also spam if such goods/services offered are not similar to the ones in your company - meaning they are not intended for you. Oh and one more spam point. If the email is sent to your company at your personal email address, then that is spam too.

So, do look out for such emails and please, do your bit and get them to stop spamming! Happy Christmas and a great 2008 everyone!

It has happened again. It seems to be getting more and more frequent these days for organisations to lose or mishandle personal data belonging to employees, clients and/or suppliers. Proper security measures and procedures are not instituted or even if they are, these procedures are not complied with in the daily operations of the organisations.

It is a great shame that these companies cannot grasp the simple concept of privacy and its extreme importance. I cannot emphasize how vital the protection of personal data is. How many times must those advocating for privacy and the protection of personal data repeat the recurring problems that the world is facing with regard to such loose dissemination of personal information? Why can people not see the harm it is causing or likely to cause? Do you think it only happens to someone else and it is far-fetched to think it could happen to you?

Toyota Brussels is of no exception. It has joined the ever-growing pool of misfit companies with regard to the manner in which they handle personal data. The personal data of 2000 employees has gone missing. Great confidential information such as name, address, national number, date of birth and the names of partners and children of these 2000 members of staff.

According to spokesperson Etienne Plas, one of its employees took the CD with him and it was claimed to be stolen while using public transport on November 19. 'Of course, the disc should never have left our premises, but the employee was still young and inexperienced. We are taking the whole responsibility upon ourselves as a company, the man has hence not been fired.'

So, the mishap occurred on November 19. But when was this actually discovered by Toyota Brussels seeing that it is only out in the papers today, December 13? In the meantime, what has been happening to these personal data? Toyota Brussels says that the police and insurance companies have reassured the company that the chance of criminal abuse of the data is very small. It is confounding that they minimise the risk of abuse to make things not as bad as they seem. Everyday, personal data up for grabs are used by criminals for their benefit in every possible way - ranging from identity theft to kidnapping.

It is always the same sad story with these companies in Belgium. Never realising the risk, never understanding the consequences of failing to protect privacy. When such things happen in other EU member states such as the UK, the risk is not downplayed. It is emphasized repeatedly because the worst is possible. Yes, just take a look at one example from the UK's recent data loss which put 25 million people at risk of identity theft. At least they admit there is such a risk.

Toyota finds that the fact that the data is now up for grabs in the streets is very regrettable and apologises. But do you know what is truly regrettable Toyota? That you did not establish proper security measures and made sure they were followed through in the first place.