Oliver Letwin’s faux pas over dumped personal information in a park bin got the Lincoln School of Journalism’s Barnie Choudhury thinking…why on earth didn’t he just use a shredder?
Data Protection. Just roll your tongue slowly around what must arguably be the five most un-sexiest syllables in the English language. And I should know. I’ve spent more than a hundred hours over the summer getting to grips with a law which ranks alongside “Elf & Safety”, in derision. If truth be told, before my enforced research, the only data I was interested in was the robotic character from Star Trek. Now, though, I have a grudging admiration for the Data Protection Act 1998 (DPA). It, the Information Commissioner’s Office (ICO) and I have become firm friends. While colleagues may think this an odd choice for buddies, I’ll remind them that Oliver Letwin’s mishap has propelled this oft-maligned topic into media-sex-on-legs.
In my best Victor Meldrew voice: “I don’t believe it!” Of course I care if the information were classified – the former Met Assistant Commissioner, Bob Quick, resigned after photographs showed his injudicious actions. But, if all this were true about the Minister’s actions, I’m probably more concerned that Mr Letwin would treat his constituents so shabbily. Without wishing to anger Hubris, I do feel he has only himself to blame. The MP’s advisers and civil servants would have warned him about the need to guard against the loss of anything personal. Why on earth didn’t Mr Letwin just use a shredder?
So why all this fuss, to paraphrase Zac Goldsmith’s tweet? Well, the point is that this law is there to protect all of us. How would you like to have your identity stolen because someone stupidly left all your details on a hard-drive he or she’s thrown away? Or maybe you didn’t want your Tory boss to know that you’re a card-carrying member of the Socialist Party. And isn’t that embarrassing illness you’re being treated for really no-one else’s business but your own?
Almost everything can be personal information and certain things are classed as “sensitive data”. When considering what personal information is, the tests for me are:
- Can you identify the living person?
and
2. Has anything you’re storing likely to embarrass, harm or cause irreparable damage to someone if that information falls into the wrong hands?
When it comes to identifying a person from data, the Information Commissioner is unequivocal:
When considering identifiability it should be assumed that you are not looking just at the means reasonably likely to be used by the ordinary man in the street, but also the means that are likely to be used by a determined person with a particular reason to want to identify individuals. Examples would include investigative journalists, estranged partners, stalkers, or industrial spies.
Well, that puts me in the category of the deranged stalker. Jokes aside, what if one of our students were escaping an abusive guardian and didn’t want to be found? Suppose we talked to that guardian without getting the permission of the adult learner? Across the land universities are wrestling with Data Protection. We’re asking questions which, taken out of context, look as if we’ve lost our marbles.
Can we take assignments home with us to mark…are we allowed to forward e-mails inside a department…will I fall foul of the DPA if I use a memory stick? And the one which has challenged the minds of many a journalism academic: if a student were to be sent to court on an assignment in a theory class, could she or he then use the information in a newspaper article?
After consulting the ICO colleagues and I decided that, as long as we took adequate precautions: we could mark assignments at home; it was alright to forward e-mails internally in a secure system; and as long as we use encrypted memory sticks, then we were unlikely to fall foul of the DPA. Now, when it comes to students sent on a theory assignment we’ve come up with, what we hope is, an ingenious plan. These are no longer theory assignments. Students should be told that it is our intention to publish the information they get from court. That way we can legitimately use one of the exemptions to the DPA.
It may seem as if we’ve gone over the top. But these are all legitimate concerns because get it wrong and the ICO can impose fines of up to a half million pounds. Oliver Letwin is now under investigation from the ICO. The Prime Minister’s already lost his Defence Secretary and if the press and media get into a feeding frenzy, they could claim another scalp. In all honesty, there is a part of me that does feel sorry for Mr Letwin. A little part of me thinks there but for the grace of God. Now where is that shredder?
This article first appeared on the University of Lincoln’s Expert Comment blog on 17 October.
Please read our comments policy before posting.
