Lee & White

So, here we are again with another case in the series of data handling blunders. The recent careless use of personal data of the Luxembourg branch of Kaupthing bank confirms that proper data handling procedures are crucial. Email addresses of customers were leaked due to the misuse of email.

Inadequately defined procedures for data handling can, and will lead to improper and careless handling of personal data. We've seen this occur countless of times. For example, not too long ago, 25 million records were lost by the HM Revenue and Customs and according to the investigation, the problem was not with individual workers, but due to the lack of processes for data handling.

All organisations should have reasonable security measures to protect personal data from misuse, loss, unauthorised access, and abuse. These measures can be stated in a Data Handling Manual, and must be implemented in a way where all concerned parties are well informed of the handling procedures. It is simply a guideline for handling personal data that should and must be adhered to by all in an organisation.

Unfortunately, in most companies, not only are such manuals non-existent, but where there is such a manual, it is usually collecting dust in some shelf and most employees and contractors are not even aware of or do not adhere to the manual. The other problem is the fact that lack of adherence is usually not noted or if it is, it is not reprimanded regularly - well, at least until a big foul-up happens and becomes the headlines of major newspapers.

It is perhaps more than timely for organisations to draw up these guidelines and train their personnel, ensuring regular audits to maintain adherence - in addition to appointing data protection officers and registering processes of personal data.

If you would like some help in customising a data handling manual, please review our privacy policy and then contact Lee & White.

About 75% of mail in Belgium is spam, usually associated with shady products or dodgy deals. But spam is just another word for unsolicited publicity mail - an email which you didn't ask for and which is completely useless to you or your business.

If you are sending out emails, be it just one email or in bulk, then consider very carefully if your email is going to be useful to the recipient. The best - and only legal - way is to actually have that recipient ask for the email in the first place - the opt-in. At any time the recipient must be able to revoke his request, and stop receiving further emails - the opt-out.

The law governing this is quite clear, the repercussions of not complying with that law aren't. In Belgium, BIPT - The Belgian Institute of Postal Services and Telecommunications - is concentrating on forcing ISPs - Internet Service Providers - to filter out unsolicited mail. BIPT confirms that they are unable to punish non-compliant ISP's. In any case, it is a useless exercise, as it only protects those companies or individuals who use the ISP's own email service. Those who use external email providers such as Gmail, Live or have their own email server are not benefiting from this.

Companies which send out unsolicited mail are neither targeted nor punished. In practice, the best that Belgium can do is to reprimand non-complying companies.

In the Netherlands, in a landmark case, Opta, the Dutch Independent Post and Telecoms Authority, reprimanded two companies and imposed a total of 510,000 euro fine for sending out unsolicited mail. This seems to be the highest fine ever imposed by Opta for spamming.

Belgium can certainly learn a lesson from its fellow EU member state.

If you worry about your DNA and personal information being used to invade your privacy, now you have something else to add to your worries. According to a research by theElectronic Frontier Foundation (EFF) documents you print on your colour laser printer are able to indirectly identify you by encoding information that is not visible to the naked eye. Tiny dots are scattered on each page of your document. The information encoded includes time, date and the serial number of your printer. These are just the information that the EFF has managed to crack at the moment.

So, who is behind this brilliant system? The U.S. government, of course. They claim the purpose of this tool is to enable them to identify counterfeiters. Is that the only purpose for this tool? It is yet to be discovered.