Category Archives: not-entirely-serious

An Open Letter to Jacob Rees-Mogg

Dear Mr Rees-Mogg

I suspect you and I wouldn’t agree on many things, but, before I moved into private practice I spent many years in the public sector. I saw many examples of efficient and inefficient working there (as well as countless dedicated officers who rarely had time to be sitting at their desks when senior management deigned to visit).

So, despite our different worldviews, and in the spirit of helping improve the efficiency of the offices of Members of Parliament, may I make a couple of suggestions about data protection compliance?

First, you said recently, before the European Scrutiny Committee, that constituents who come to see you at surgery are asked to sign a two-page disclaimer. Nothing in our data protection law requires this (in fact, expecting them to sign one is likely to be contrary to those laws). You should give anyone whose personal data you collect certain information, generally in the form of a notice, but that’s just a matter of being fair and transparent – there’s no reason at all to require a signature or a disclaimer. You could even just refer them to a notice on your own website (your current one is rather well hidden). That should save you a bit of time and money.

Second, at the same hearing, you were concerned that you needed to delete files on constituents prematurely. Again, this appears to be a misapprehension on your part. Personal data should be kept for as long as is necessary in relation to the purpose for which it was collected: if you still need it, you keep it. There – another efficiency tip!

Third, and more generally, I do find that there is a lot of misunderstanding of data protection law. It has a dual objective – to offer protection to individuals and to allow for free movement of data (both of which are obviously subject to qualifications and provisos). I don’t pretend that the law couldn’t do with some revisions, and I’ve even spoken to some of the people helping with the reform programme to suggest a few. But in general, it’s quite possible to run the public bodies and businesses efficiently and also comply with the data protection law – but I fear that training and awareness of that law have been, and continue to be, handled rather inefficiently at government level.

Yours
Jon Baines

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Data Protection, GDPR, not-entirely-serious, parliament, Uncategorized

A royal letter before claim

Media reports suggest a USB stick from Heathrow Airport containing security information, including details of measures used to protect the Queen has been found on a street


Letter before small claims court claim

Mrs E Windsor
Buckingham Palace
London
SW1A 1AA

The Chap in Charge of Security
Heathrow Airport
The Compass Centre,
Nelson Road,
Middlesex,
TW6 2GW

Dear Subject*

Reference: cock-up with one’s personal data

As it has not been possible to resolve this matter amicably, and it is apparent that court action may be necessary, We write in compliance with the Practice Direction on Pre-Action Conduct (we considered treason charges, but One wishes to be tolerant).

We are informed that Heathrow Airport says it has launched an internal investigation after a USB stick containing security information was reportedly found on the street. The beastly communist Sunday Mirror reported that the USB stick had 76 folders with maps, videos and documents, including details of measures used to protect Us. A subject found it in west London and handed it into the paper.

From you We are claiming fifty guineas for distress.

We have calculated this sum on the basis that section 13(1) of our Data Protection Act 1998 (DPA) provides that one can grab a bit of extra money for the races by showing that one has suffered damage cos of a cock-up with one’s personal data. When We agreed the old DPA by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in the then Parliament assembled, and by the authority of the same, We thought one couldn’t grab said moolah merely if one was a bit peeved, but thought one had to have suffered tangible harm first. However, some of Our ghastly judges [who the bleeding hell do they work for?] decided a while ago, on the basis of a law passed by one’s distant relations that they would simply disapply Our section 13(2) [arses]. Given that, We might as well chuck Our Crown into the ring.

Listed below are the documents on which We intend to rely in Our claim against you:

Beastly seditious rag
Jolly old skit from the chaps at 11 Kings [WHAT?] Bench Walk
Treason Act 1351 (no harm in a quick reminder eh?)

We can confirm that We would be agreeable to mediation and would consider any other system of Alternative Dispute Resolution (ADR) in order to avoid the need for this matter to be resolved by Our (n.b. “Our”) courts.

We would invite you to put forward any proposals in this regard.

In closing, We would draw your attention to paragraphs 15 and 16 of the Practice Direction which [should give Our courts the power to imprison grotty oiks] gives courts powers to impose sanctions on the parties if they fail to comply with the direction including failing to respond to this letter before claim.

We look forward to hearing from you within the next 28 days.

Should We not receive a response to my letter within this time frame then We anticipate that court action will be commenced with no further reference to you [where’s Albert Pierrepoint when you need him?]

Yours faithfully,

E.

*Not “data subject”, naturally. We are the data subject.


The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under 7th principle, damages, Data Protection, data security, not-entirely-serious