Edited text of a letter sent to the Information Commissioner concerning data protection issues of library computer systems. ref: intern17 15 Sept 02
The letter has been edited to retain only the key parts relating to data protection and privacy.
I have two primary concerns about computer provision and use in DCC libraries. It may be helpful for you to know that the current situation in Devon is that whilst some users have complained about the lack of privacy using PN computers few (so far) are aware of the potential for misuse of their personal data stored on DCC systems.
My first concern is the almost total lack of privacy afforded to users of PN machines. I recognise that these matters may not fall within your remit. Nevertheless, I would appreciate any comments that you may care to give related to the right to privacy including for processing bank and other data when using computers provided by a public body for use by members of the public. There is concern over the whole UK about this.
My second concern should be directly relevant to you. It is my contention that the computer systems operated by DCC in most/all of its libraries are in breach of the DP Act. I wrote to their DP Officer of DCC on 22 August (ref intern5) and again on 31 August (ref intern10). I have received only 'dismissive' replies and indeed the Head of Library Services has (in effect) refused to answer any points in my long letter to her of 22 August (ref intern2).
The cavalier attitude to DP within DCC is perhaps illustrated by an 'internal' document I obtained and that is referred to in my letter intern10. A copy of page 4 is enclosed. In this document DCC library staff make light of the fact that there are "names on a sheet of paper for all to see!" The comment from the DCC DP Officer in the first para of her inadequate letter of 3 Sept to the effect that the paper based procedure is being phased out is irrelevant. DCC have operated this system for two years or more and with clearly a brazen disregard for personal data protection. The rest of her letter is pathetic. It would take me about a day to redesign the software and produce a Code of Practice for operation of library desk machines that would overcome most if not all of the 'snooping' that is now so easy. Her response that "little can be done" is unprofessional and demonstrates culpability.
In an age when there is widespread concern about privacy, and in the wake of the changes to the Electoral Roll system that have been precipitated by a test case in the High Court, I consider the whole attitude of DCC to be appalling. I am therefore seeking that you prosecute DCC in the public interest and as an example to other Authorities. I intend to publicise your action (or lack of it). I have, incidentally, visited libraries in several other parts of the country and in some there are similar problems of personal data being easily obtainable from library desk computer systems.
next page intern28.htm
back to top of section top_of_privacy.htm
internet help page internet_privacy_help.htm
back to home page index.htm