|
Title: HS2 - powers to snoop on opponents withdrawn Post by: grahame on November 20, 2016, 16:08:50 From Daily Mail (http://Read more: http://www.dailymail.co.uk/news/article-3954158/HS2-chiefs-planned-snoop-sex-lives-mental-health-political-views-opponents-controversial-project.html)
Quote HS2 chiefs planned to snoop into the sex lives, mental health and political views of opponents of the controversial project Company document shows rail bosses had power to gather sensitive data HS2 could also access information on religious beliefs and criminal record Data gathered on staff and suppliers, as well as anyone who complained Company could contact utility companies, credit agencies and doctors HS2 has now withdrawn its Privacy Notice and issued a statement [snip] The company's Privacy Notice, which has now been withdrawn, revealed how HS2 could access data relating to people's 'racial, ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health condition, sexual life,' as well as criminal records. Staff and suppliers were subject to these checks, as were 'complainants, correspondents, litigants, claimants and enquirers'. Intersesting, the article suggests that they planned to use the powers, but provides no evidence to back that up. Having registered under data protection for my own company's use, I'm aware how easy it is to register something far wider than you'll actually do. Title: Re: HS2 - powers to snoop on opponents withdrawn Post by: stuving on November 20, 2016, 20:29:30 Powers? really? Just by writing, registering, and publicising a privacy notice?
I don't think this tells you anything about the Mail (Online). In any case they lifted it from the Sunday Express (http://www.express.co.uk/news/uk/734205/HS2-rail-chiefs-controversial-route-spy-sex-lives-mental-health), with just a little luridification. And if it tells you anything about HS2, it's how inept they are. The Express does give more background; enough to work out what probably happened. Combine this: Quote HS2, which claims not to hold “information of affected communities or external individuals’ sexual orientation or political beliefs”, said its privacy policy was developed with “external legal advice and was based on a model approved by the Information Commissioner”. with this:Quote An extraordinary document was published by HS2 detailing how they would access and “process personal data” including details of individuals’ sexual orientation, trade union affiliation, criminal record as well as information about their physical and mental health. and ask yourself what your lawyers might do if you get into a legal dispute with someone. As part of the company’s Privacy Notice, HS2 said it could collect this information on a number of people, including staff and suppliers but also complainants and litigants, which would include those claiming compensation or objecting to the scheme. The information could be volunteered freely but it could also be gleaned from doctors, the taxman, lawyers, the courts, security companies and credit agencies. So it looks as if they took the idea of the privacy notice so seriously they got someone to list every bit of information that might be involved, and everywhere it might have come from. Why did they include what's involved in fighting a court case? Who knows. I doubt they really intend to do much lawyering in-house - you'd expect them to engage external lawyers, who would be privileged with respect to data protection. Or would they? There is an exemption in Schedule 7 to the DPA: Quote 10 Personal data are exempt from the subject information provisions if the data consist of information in respect of which a claim to legal professional privilege [or, in Scotland, to confidentiality of communications] could be maintained in legal proceedings. According to the ICO, notification is not needed if what you do is "judicial purposes", but it is for legal services. If you look in the ICO's register of notified data controllers, all the solicitors seem to have a standard set of words, very similar to that quoted as from the HS2 notice. An example: Quote This register entry describes, in very general terms, the personal data being processed by: EVERSHEDS LLP Nature of work - Solicitor Description of processing The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances. Reasons/purposes for processing information We process personal information to enable us to provide legal services including advising and acting on behalf of our clients and in some cases consulting and recruitment services. We also process personal information in order to maintain our own accounts and records, promote our services and to support and manage our employees. Type/classes of information processed We process information relevant to the above reasons/purposes. This information may include: personal details family details lifestyle and social circumstances goods or services provided financial details business of the person whose personal information we are processing education and employment details We also process sensitive classes of information that may include: physical or mental health details racial or ethnic origin political opinions religious or other beliefs sexual life trade union membership offences and alleged offences criminal proceedings, outcomes and sentences Who the information is processed about We process personal information about: clients suppliers and service providers complainants enquirers advisers, consultants and professional experts employees including volunteers, agents, temporary and casual workers relatives, guardians and associates of the data subject Who the information may be shared with We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with: family, associates or representatives of the person whose personal data we are processing current, past or prospective employers educators and examining bodies healthcare professionals, social and welfare organisations business associates trade associations and professional bodies suppliers and service providers ombudsman and regulatory authorities employment and recruitment agencies complainants, enquirers financial organisations debt collection and tracing agencies credit reference agencies private investigators courts and tribunals central government CCTV - Crime Prevention and/or Staff Monitoring CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry. Transfers It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the data protection act. See anything missing there? There's nothing about how they might acquire this information ... presumably it's not needed. Well, they should be able to understand what the act says. Title: Re: HS2 - powers to snoop on opponents withdrawn Post by: Tim on November 20, 2016, 23:43:00 of course for staff they may be collecting data on "protected characteristics" (gender, sexual orientation, ethnicity) in order to monitor compliance with non-discrimination/diversity policies. And we already know that the construction industry likes to keep tabs of who is in a union.
This page is printed from the "Coffee Shop" forum at http://gwr.passenger.chat which is provided by a customer of Great Western Railway. Views expressed are those of the individual posters concerned. Visit www.gwr.com for the official Great Western Railway website. Please contact the administrators of this site if you feel that content provided contravenes our posting rules ( see http://railcustomer.info/1761 ). The forum is hosted by Well House Consultants - http://www.wellho.net |