High Court: UK data-retention Act incompatible with EU law

The High Court ruled last week that emergency surveillance legislation rushed through Parliament last summer is incompatible with EU law on the grounds that it breaches human rights. As reported in June, the challenge to the Data Retention and Investigatory Powers Act (which relates to the harvesting of data by security forces and police) was brought on behalf of two MPs. The Act will now be sent back to Parliament for revision, although the government has said it intends to appeal the decision.

Privacy row brews over request for NHS patient records

Privacy campaigners have criticised demands from the UK Prime Minister’s office to access millions of patient records as part of government proposals to reform the National Health Service (NHS). There are fears that the request for data on family doctor appointments in England could lead to individual patients being identified. The decision to send the request to the company that manages online appointment booking (EMIS) has been described by Phil Booth of the MedConfidential campaign as an attempt “to sneak round doctors and patients… [and] a massive breach of confidence.”

Putin approves Russian “Right to be forgotten”

President Vladimir Putin last week signed a law giving individuals the right to have information delisted from the internet, in what is the final step towards introducing the so-called Right to be forgotten in Russia. The law, which comes into force in January 2016, applies to inaccurate data, accurate data that is no longer relevant, and unlawfully disseminated data. Fines will be imposed on search engines that fail to respond to requests and subsequent court orders.

European Parliament passes flight data collection proposal

Last week the European Parliament’s Civil Liberties committee approved a controversial bulk-data collection proposal (PNR) which places a duty on member states to collect personal data on passengers flying into, out of or through EU territory. The EU-PNR proposal goes beyond existing powers, which allow for data such as addresses and food preferences to be collected in relation to specific flying routes. German MEP Cornelia Ernst said the measure was a “clear infringement on the fundamental rights to privacy and data protection for all citizens”.

Insurer admits 86,000 policy-holders at risk after breach

Alfa Specialty Insurance Corp and Alfa Vision Insurance Group confirmed this week that information stored on one of their servers was accessible to the internet, with potentially 86,000 people affected. The firms are writing to customers to inform them that names, addresses, drivers’ licence and social security numbers relating to car insurance policies stored on a server in Tennessee were exposed in May this year, and are offering identity theft protection.

Visa portal closed after glitch exposes personal data

Visa-processing company VFS Global closed its online portal after it emerged users were able to access personal data belonging to other applicants, four days after the company said it had fixed the software glitch. VFS provides the service to 45 governments, including Norway, the UK and Italy. It said last week it had fixed the problem affecting application forms for Italian visas. However an investigation by SC Magazine revealed it was still possible to view the contents of applicants’ forms by simply typing in a serial number at random.

Hackers steal data from infidelity dating site

Personal data has been stolen in a cyber attack on Ashley Madison, a Canadian-owned dating website which matches married people seeking to have extra-marital affairs. Customer names, addresses, profile details and credit card transactions were taken by a group calling itself Impact Team, which has threatened to publish the data online. Ashley Madison’s owners, Avid Life Media, confirmed the breach and added that the site had been secured.