cancel
Showing results for 
Search instead for 
Did you mean: 

PlusNet Privacy Policy, Data Protection Act, legal action etc.

HPsauce
Pro
Posts: 6,998
Thanks: 146
Fixes: 2
Registered: ‎02-02-2008

PlusNet Privacy Policy, Data Protection Act, legal action etc.

Firstly, a plea to the mods. This topic is clearly a result of the ACS:Law debate but is sufficiently separate and broader that is SHOULD NOT be merged into that huge thread.
My thoughts, which I throw up for debate are:
1. The privacy policy should include an explicit statement that personal data WILL be handed over to "others" where this is legally required. i.e. additional to the obvious requirements to perform normal business acts through others such as couriers etc..
2. It should also state that PlusNet will consider the protection of its customers and that the default position will be to challenge any court orders to release personal data, i.e. not to just "roll over" without considering the merits of the request
3. It should also state that whenever data IS handed over the details of what was supplied, including the full details of the data controller and other parties and the reasons for it will be given to the customer. Unless the court specifically prohibits this.
13 REPLIES 13
zubel
Community Veteran
Posts: 3,793
Thanks: 4
Registered: ‎08-06-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

I'll allow this line of questioning to stay separate from the main thread Wink
1.  I agree with this - Its just a clarification of existing policy anyway
2. Not sure on your wording, but I think it may suffice to clarify the "non compliant" stance
3.  I'd also welcome this change
Not sure the BT Legal Beagles would like the changes though.. 😕
B.
HPsauce
Pro
Posts: 6,998
Thanks: 146
Fixes: 2
Registered: ‎02-02-2008

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Thanks, Barry, to clarify:
1. Many companies say this anyway, but the PN policy is unusually brief (maybe a good thing?)
2. Is just a "topic" to discuss, not suggested wording, but is definitely a topic suitable for a "policy"
3. In the recent examples the costs of doing this should be passed on to the "plaintiff" anyway so PN should have no objection
Mand
Grafter
Posts: 5,560
Thanks: 2
Registered: ‎05-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

I agree personally with all 3 points.
I'll ask the questions.....:)
Simon_M
Grafter
Posts: 685
Registered: ‎05-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Mand, you always did swim against the tide.
That's why we love you. Tongue 
  Cheesy  Cheesy
Simon_M
Grafter
Posts: 685
Registered: ‎05-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

I would have thought that point 2 is the only one that would cause Plusnet any difficulty.
I'm sure that there has been legal advice that warns against challenging these orders.
1. It's not cheap & there is an argument that it's fighting someone else's battle for them.
2. The consequences of losing would be pretty horrendous - again, not for Plusnet, but for the users (no matter which ISP they used).
3. The legislation is in the process of changing anyway, so the time to test it in court is when the new rules are fully in place.
Mand
Grafter
Posts: 5,560
Thanks: 2
Registered: ‎05-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Quote from: Simon
Mand, you always did swim against the tide.
That's why we love you. Tongue 
  Cheesy  Cheesy

Thank you, I think.  Cheesy
Mand
Grafter
Posts: 5,560
Thanks: 2
Registered: ‎05-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Quote from: Simon
I would have thought that point 2 is the only one that would cause Plusnet any difficulty.
I'm sure that there has been legal advice that warns against challenging these orders.
1. It's not cheap & there is an argument that it's fighting someone else's battle for them.
2. The consequences of losing would be pretty horrendous - again, not for Plusnet, but for the users (no matter which ISP they used).
3. The legislation is in the process of changing anyway, so the time to test it in court is when the new rules are fully in place.

I was thinking of suggesting it in a differently worded way which would be less likely to scare the management team. Wink
FrogsLegs
Newbie
Posts: 2
Registered: ‎30-09-2010

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Firstly, I applaud the OP - the DPA and Privacy concerns here deserve a separate thread to the ACS:Law Issue.
Can PlusNet please tell us why, on their FAQ page (http://www.plus.net/support/acslaw.shtml), misleading or incorrect information is given?
For example, FAQ 10 says:  "Are Plusnet in breach of Data Protection Laws?" and the answer is "No".  But given that PlusNet allowed private customer data to be sent unencrypted via email, in clear breach of the Data Protection Act, the answer to that question is obviously "Yes.
Then FAQ 12 says: "Was Plusnet to blame for the leaking of the information?" and the answer is "No".  At best, the answer is "Partially".  Because if PlusNet had encrypted the data in the first case - as required by Order of the High Court - then there would have been less chance of it being leaked (yes, there still could have been a chance - I'm saying "less chance" here).
Will PN be correcting the misleading and inaccurate information in this FAQ to clarify that it is in breach of the DPA?
gswindale
Grafter
Posts: 942
Registered: ‎05-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Quote from: FrogsLegs

For example, FAQ 10 says:  "Are Plusnet in breach of Data Protection Laws?" and the answer is "No".  But given that PlusNet allowed private customer data to be sent unencrypted via email, in clear breach of the Data Protection Act, the answer to that question is obviously "Yes.

Not sure if that actually is the case?  From what I've read, the email was from BT's legal team to ACS:Law, not from PN.  There is nothing to say that PN provided the data encrypted and that the legal guys at BT ballsed up and sent it on unencrypted is there?
If that is the case, then PN haven't breached DPL as such, but their legal representative has.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

BT were acting on Plusnet's behalf so Plusnet are responsible.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Quote from: geofftswin
]If that is the case, then PN haven't breached DPL as such, but their legal representative has.

I guess it depends on the details of PN's registration with the ICO.  If it allows BT access to the data then PN are culpable as the data controller for not ensuring it was properly secured by their agents (BT).  If it does not allow BT access, PN are culpable as the data controller for passing it to BT.
Either way, there is no acceptable excuse for someone entrusted with access to personal and sensitive data disregarding the need to keep that data secure at all times.  In the words of the ICO, it shows a lazy and cavalier disregard for the wishes of data subjects (you and me).
Our incompetence doesn't matter because someone we trusted was more incompetent, doesn't really wash.
FrogsLegs
Newbie
Posts: 2
Registered: ‎30-09-2010

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

Quote from: mssystems
Quote from: geofftswin
]If that is the case, then PN haven't breached DPL as such, but their legal representative has.

Our incompetence doesn't matter because someone we trusted was more incompetent, doesn't really wash.

mssytems is exactly right - of course PN are culpable here.  As a lawyer, I can assure you the DPA quite clearly puts PN in charge of our data (because they asked for it and, as customers, we gave it to them under a contract between us and PN) and PN are quite clearly culpable.
So, I ask my question again:  Is anyone from PN reading this?  Why have you lied on your FAQ by saying you didn't breach the DPA when you quite clearly did?
Santiago
Grafter
Posts: 3,291
Thanks: 2
Registered: ‎10-08-2007

Re: PlusNet Privacy Policy, Data Protection Act, legal action etc.

@FrogsLegs
Welcome to the forum. Thank you for asking the question.
Normally on here when people are making a post on legal matter they usually begin with" IANAL but" ( I am not a lawyer but).
You, however, started differently and subsequently the plusnet response may be somewhat tardy as a result.
The thread will have been read by plusnet staff who will now be organising a liaison meeting with their BT Oberherren for guidance on the required level of ambiguity required to respond to your question.