Sending data abroad and clause 152 of the Coroners and Justice Bill

Mary Hawking ukcrypto at chiark.greenend.org.uk
Mon, 23 Feb 2009 10:21:10 +0000 

David
>> [1] their assertion is, "GROS will own all Scottish census data. The
>> data will be processed in Scotland and remain here at all times in both
>> paper and electronic formats. Only British and Irish registered
>> companies will have access to personal census data - no US company has
>> any access to the data."
>>
>> <http://www.sacc.org.uk/index.php?option=content&task=view&id=624&catid=
>> 33>

Nicholas
>Governments often display a naive failure to understand company law.
>
>Anyone can register a company in the UK (and as far as I know in 
>Ireland), so such companies may be wholly owned and managed by US 
>bodies, and may have no assets in the UK against which any kind of 
>enforcement could be undertaken.  Limiting access in this way has no 
>useful effect whatever.

My understanding under the Data Protection Act is that data can only be 
exported to jurisdiction with the same level of protection as the UK, 
and this does not include the USA: obviously this is routinely breached 
by government subcontractors without, apparently, any penalties being 
imposed (How *did* the details of the NI learner drivers end in Omaha? 
And *was* anyone penalised for this apparent breach of DPA?).

Will clause 152 of the Coroners and Justice Bill , allowing any minister 
or secretary of state to remove any law protecting data - including the 
DPA - and to allow onward sharing without, apparently, any requirement 
or possibly power to control that onward sharing end the pretence that 
we have any protection from the promiscuous sharing of personal 
sensitive data - including medical records and financial details?

I've got a presentation coming up on whether data sharing will destroy 
confidence in confiding sensitive information, and in the 
people/organisations/professions to whom the information is given.
AFAIAA, the only *legal* protection of information is that between 
lawyer and client: even the confessional is not exempt, and the duty of 
confidentiality between doctor and patient is a common law and ethical 
one - both  mentioned in clause 152 as being within the power of an SoS 
to remove in pursuit of his/her policy objectives...

Mary Hawking
PS would it be excessive to destroy a database rather than share it 
under compulsion?

-- 
Mary Hawking