IBLS Speaker's Corner : consumer protection

How Are You Handling Personal Information?

Maricelle Ruiz — Sun, 15 Jul 2007 15:43:00 GMT

Banks, retailers, recruiters and other organizations must adopt adequate measures to protect employee and client data immediately or else risk prosecution. In fact, the United Kingdom’s Information Commissioner recently announced it had found 12 firms, including Barclays and NatWest, in breach of the Data Protection Act and had ordered them to sign formal undertakings. Leading telecom company Orange has also been found in breach of this regulation, according to Commissioner Richard Thomas.

“How can laptops holding details of customer accounts be used away from the office without strong encryption?” Commissioner Thomas asked during the recent launch of his agency’s latest annual report. “How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?”

The Information Commissioner’s Office (ICO) enforces the UK’s Data Protection Act 1998, the Freedom of Information Act 2000, the Privacy and Electronic Communications Regulations 2003, and the Environmental Information Regulations 2004. The Data Protection Act requires organizations to manage personal information responsibly, while the Privacy and Electronic Communications Regulations support the aforementioned Act by regulating the use of electronic communications for unsolicited marketing to individuals and organizations. The Freedom of Information Act, meanwhile, gives people the right to access information held by public authorities; and the Environmental Information Regulations provide access to environmental information held by public and private bodies.

“The collection of biometrics and other personal information as a weapon in the fight against terrorism and serious crime, the increased sharing of our personal information to improve public services, and ever more inventive forms of electronic marketing, are all examples of ways in which this private space is under challenge,” the ICO reports states. “Legitimate aims are, for the most part, being pursued but protecting the privacy of our personal information in a measured and responsible way has never been of more importance. The existence of a law is not, on its own, enough to achieve this. The law must be applied in practice.”

ICO emphasizes the need to follow the principles established in the Data Protection Act. Personal information must be: fairly and lawfully processed for limited purposes; adequate, relevant and not excessive; accurate and up to date; kept no longer than necessary; processed in line with individual rights; secured; and transferred to other countries with adequate protection. Actually, ICO has been involved in the investigation of the Society for Worldwide Interbank Telecommunication (SWIFT) issue.

According to the ICO report, in June 2006, the agency along with several data protection authorities in the EU and worldwide received a complaint about “alleged covert disclosure” of information on EU nationals, specifically UK citizens, to the United States by the international financial messaging service. After determining at the EU level that the information had been transferred “in a manner contrary to fundamental data protection principles,” ICO has asked UK financial institutions to consider measures needed to comply with data protection standards. ICO also advises companies on privacy enhancing technologies; radio frequency identification tags; and marketers in particular about the Privacy and Electronic Communications (EC Directive) Regulations 2003, among other technical and legal advice.

A spokesman for the UK’s John Lewis told the BBC the department stores don’t collect data in ways in which specific customers are readily identified. “It’s more about trends and protecting their interests – if there was a fraudulent transaction, picking it up because we have an insight into their sort of habits,” the spokesman explained. The BBC also provided government advice on how individuals may protect themselves from identity theft, reportedly costing the UK government £1.7 billion a year and each victim 300 hours to solve. Among the tips are the following:

• Rip or shred all documents containing personal information.
• Keep personal documents in a safe, in the bank or at your lawyer’s office.
• Do not provide financial information via email or telephone.
• Equip your computer with anti-virus, anti-spyware and anti-spam programs.
• Don’t write down or save passwords; and stay away from obvious passwords.
• Check financial statements and credit records regularly to detect irregularities.
• Redirect mail to new addresses.

Victims should contact the police and their banks right away and keep track of all documents and hours spent solving this crime. Meanwhile, when signing an undertaking, a person generally doesn’t have to admit the acts accused of. However, if the promise not to engage in these acts in the future is broken, the signatory will be in contempt of court and may be imprisoned.

ASK THE EXPERT: Does My Company Have The Right To Read My Email?

IBLS Editor — Tue, 26 Jun 2007 14:18:00 GMT

Wendy Garcia from The Philippines (Quezon City) asks:

I work for a large corporation in the finance department. In connection with the investigation of suspected embezzlement, my employer looked at my saved e-mail at work. Then, from some forwarded messages, discovered my home e-mail address, and convinced the Internet service provider to allow the company access to that e-mail as well. Does the company have the right to read e-mail at work? What about my private e-mail at home? pls answer my question asap thanks

ASK THE EXPERT: What Can I Do When An Online Retailer Refuses To Take Responsibility For Damaged Goods?

IBLS Editor — Mon, 25 Jun 2007 15:03:00 GMT

Kathy Cartmill from the United States (Yakima) asks:

Online, I purchased futon frame, mattress, and cover. The railings and parts w/it were lost. The 2 boxes had incomplete work, damaged slats. The mattress was 4"; I ordered 6-8". The cover was huge, for a bigger mattress. I reported and sent pics. For 2 weeks I was told nothing, and then I told them I will return for full refund. Then 4 Xs they said they would do one thing or another and never did anything. They told me I had the right mattress and cover. Then when I persisted in asking them to replace damage and missing parts, they said to ship it back. I have all the emails and THEY WANT ME TO PAY OVER $100 IN THEIR SHIPPING COSTS TO SEND IT TO ME. SHIPPING WAS INCLUDED.

European Parliament Adopts New International Roaming Regulation

IBLS Editor — Tue, 29 May 2007 16:04:00 GMT

IBLS Contributor: Bart Goddyn, Goddyn Belgium, bart.goddyn@goddyn.eu, writes:

On 23 May 2007, the plenary session of the European Parliament voted, with a strong majority, for the adoption of a Regulation to reduce international roaming tariffs for mobile communication within the European Union. This Regulation is said to bring a new era in mobile communications with important benefits to consumers.

Rationales for a Regulation

In May 2005, the European Regulators’ Group (ERG) noted that international mobile roaming charges are too high without clear justification. Average retail prices for calls made whilst roaming are four times higher than the equivalent prices for domestic mobile calls. This difference does not reflect the cost incurred by the operators.

Roaming charges for consumers are neither transparent nor comprehensible. Initiatives to address this problem, such as the creation of websites showing roaming prices by regulatory authorities appear to be insufficient.

Roaming services are supplied in at least two Member States. This results in different national approaches to address the consumer prices. These differences bar the development of a single EU market for mobile telecommunication services.

Main Elements for the Regulation

The main elements for the Regulation relate to the cap of charges both among mobile operators and for consumers and to the transparency of these charges. The Regulation should also encourage competition below the price caps (also called “Eurotariff”).

The cap of wholesale charges relates to the charges that mobile phone operators charge each other for their roaming services. This cap takes as its starting point the tariffs for connecting mobile phone calls from other domestic networks. The cap of retail charges sets the maximum price limit at 130% of the average wholesale charge.

This would apply to calls made and received while roaming. Beneath these caps, operators would remain free to compete by offering cheaper roaming services, or packages differentiated according to customer demand.

The proposal also enhances transparency of roaming charges for consumers. Operators will therefore be required to provide and update consumers with readily comprehensible information (either by SMS or by means of a voice call) on applicable roaming charges.

Towards the Regulation

The Council of EU Telecom Ministers is expected to endorse the Regulation on 7 June 2007. The Regulation will then become directly applicable law in all 27 Member States following its publication in the Official Journal, expected by mid-June. The capped retail charges must be made available to customers one month later and will apply by default after a further two months. The wholesale cap will take affect two months after entry into force of the Regulation.

Europe adopts legislation to expedite e-payments

Maricelle Ruiz — Fri, 27 Apr 2007 17:39:00 GMT

The European Union is in the process of integrating national payment systems to create a Single Euro Payments Area or SEPA. The initiative intends to facilitate electronic payments and services, such as direct debit and e-invoicing, throughout the EU and to protect consumers using this system. It also intends to bring into the system additional payment-service providers not only to foster competition and improve services to consumers, but also to comply with anti-money laundering and anti-terrorist financing standards.

The legal foundation for this initiative is the Payment Services Directive. The European Parliament, which recently approved the text for this Directive, has forwarded the document to the EU Council for final adoption. Member States must transpose said Directive into national law by November 1st 2009. The launching of the Single Euro Payments Area is scheduled for January 1st 2008 and expected to have reached a critical mass of users by the end of 2010.

Stop! Private Information Ahead

IBLS Editor — Tue, 17 Apr 2007 16:46:00 GMT

IBLS Contributor: Odia Kagan, Partner, Shavit Bar-On Gal-On Tzin Nov Yagur Law Offices – Tel Aviv, Israel, okagan@sbilaw.com

California initiates a far-reaching change in the protection of online privacy. It is expected that this law will have far-reaching implications as it applies to the owners of certain commercial websites or to providers of online services worldwide.

FTC Takes Aim at Oregon Operation That Targeted Small Businesses

IBLS Editor — Mon, 16 Apr 2007 17:28:00 GMT

The Federal District Court in Oregon has frozen the assets of Beaverton-based Merchant Processing, Inc. (MPI), its owner, and affiliated companies. The court ordered a temporary halt to claims the Federal Trade Commission alleges are deceptive, and appointed a receiver to temporarily take control of the business. The FTC alleges that the defendants used deceptive tactics to sell credit and debit card processing services to thousands of small businesses across the county. The Washington State Attorney General's Office also has sued the defendants.

In its complaint, the FTC alleges the operation falsely promised that it would save the small businesses money and that it would buy out the merchants" existing equipment leases, often worth thousands of dollars. The FTC also charged the defendants with failing to disclose fees and concealing pages of fine print from the merchants until after they had already signed contracts. The FTC charged MPI, its owner, Aaron Lee Rian, and affiliated companies Vequity Financial Group and Direct Merchant Processing with violating the FTC Act.