Another New Approach

As well as looking at security issues with consumer electronics and services we're also spending time trying to unpick some of the illegal resale of personal data across the UK and EU. We're not alone either - there's a small group of people also willing to ensure responsibility is applied to organisations stepping outside the law.

However the Information Commissioners Office seems to be inundated with complaints and is too busy to address all of them in due time. As a result we thought we'd help them - and you - out by publicising some of the shady operations spamming or selling your personal data without your consent or knowledge.

Of course it's not as simple as just sticking a badge on a brand identity, there has to be some granularity as some situations aren't necessarily as clear as others. So we've created three alert levels to apply; each situation may by upgraded or downgraded depending on the developing situation too.
Grade 1 Alert


 This first level is basically a flag raised; a spam email or text has arrived perhaps, showing that there may be an element of malpractice or illegal data re-use. At this stage everything is unconfirmed and no significant checks have been performed on the organisation(s) in question. There may still be mitigating circumstances.

Grade 2 Alert
When a grade 2 badge has been applied there will have been some sort of checks which revealed further discrepancies. At this stage it very much looks like the organisation(s) involved are hiding something - but we don't know the extent of the issue. Usually in this scenario there's clearly something going on but we're awaiting for either their responses or them to rectify a problem.

Grade 3 Alert
If all efforts at reasonable resolution have failed; if the organisations are failing to respond or rectify any issues we've disclosed; if we now feel that the ASA, ICO and - in extreme cases - action in the courts the scenario is for an upgrade to this alert.

Of course various attributes to each scenario can determine how serious the situation is:
  • Have the company acknowledge or responded to communications professionally?
  • Has there been a clear definition of the organisation and it's hierarchy?
  • Is anyone acknowledging responsibility for data protection issues?
  • Is the situation still developing?
  • Are terms and conditions questionable?
  • Are T's & C's unusually overprotective of the organisation vs. the individual?
  • Have they ignored SARs?
  • Have we raised complaints with legal bodies such as ICO and ASA?
Although not a complete list these are good indicators of how responsibly organisations are dealing with an individuals private information.

Comments

Popular posts from this blog

Scam Alert - DMR Financial

Scam Alert: iProfile / Vertifi / Jobzooma

Scam Warning - SpellJobs.com