The Privacy, Identity & Consent Blog

A senior police officer has stated that the pervasive use of CCTV in the UK has failed to cut crime and is an 'utter fiasco'. with only 3% of London's street robberies being solved using security cameras.

According to a Press Association report, the Department for Work and Pensions has allegedly been breaching its own security policies:

Government staff have been sending out highly sensitive data in packages that include the passwords.

The errors at the Department for Work and Pensions "defeat the purpose" of tighter security rules brought in after last year's data loss scandals, according to an internal email.

The startling admission comes in a message circulated to staff by one of the DWP's security advisers, and will provoke fresh doubts over Government systems.

The Criminal Justice Justice and Immigration Act has received Royal Assent. Why does this matter? Because it gives the Information Commissioners Office new powers to fine organisations that deliberately or recklessly abuse the Data Protection Act. ICO representatives have been talking a much tougher story recently, so let's hope that they're prepared to follow through with rigourous action against offenders. The acid test will be whether they're prepared to fine public authorities who fail to look after personal information.

The US has a wealth of state and federal laws intended to protect privacy, but what it doesn't have is a federal equivalent to the EU Data Protection Directive. There's even a law to protect privacy of video rental information (and if you're not familiar with the story behind that, then it makes for great reading). The US Constitution doesn't specifically protect privacy, although this is covered in the 9th amendment. Despite that, an aggressive Federal Trade Commission and active litigation combine to offer good privacy protection.

Security guru Bruce Schneier has called for a US privacy law - a federal equivalent to the EU Directive. I'm sceptical that this will happen, but it would certainly be worth a try.

Congratulations to Heather Brooke for her High Court win. Heather has fought the case to force MPs to reveal their expenses, and this should hopefully lead to an overhaul of the Commons' expenses system.

The attempt to bury MP's expenses was a thoroughly shameful episode for Parliament, and the fact that public funds were used to defend the case makes it doubly reprehensible. The system needs to change. I've never worked for a company that would pay out so much as a penny in expenses without a valid VAT receipt, and there is no reason why our elected representatives should be treated any differently - particularly since it's our money they're spending.

The Identity and Passport service has confirmed that all five bidding organisations - CSC, EDS, Fujitsu, IBM and Thales - have gone through to the next stage of procurement. This will give these companies the opportunity to bid for the first four packages of work.

The Crewe and Nantwich by-election has seen two notable trust hiccups:

• the Conservative Party sent a list of 8,000 local party members to Manx radio by mistake;
• local Labour Party members accused Conservative candidate - and now MP - Edward TImpson of 'opposing making foreign nationals carry an ID card,' in a bizarre move to appeal to ultra-right voters.

Hopefully this isn't the shape of things to come in party politics over the next few years.

In light of James Garner's marathon effort, I'd like to put in a sponsorship plug for my forthcoming charity cycle ride. Please read on and lend your support!

Data Protection guru Chris Pounder has put forward an excellent argument that there is no legal requirement for a security breach notification law in the UK because we already have a requirement for this under the Data Protection Act (1998). I'd also argue that there is no need for such a law because there's simply no point in it. Unless you're a pilot.