Day to day an incomprehensible amount of personal data is processed. This article looks at some of the stories that have hit the headlines in recent months and how personal and sensitive data can be at risk.
Who’s listening?
A plethora of corporations Facebook, Google, Apple, Amazon and Microsoft to name but a few, have recently admitted to employing staff and third parties, to carry out the specific task of accessing and transcribing customer recordings. This means that if you have used your device to dictate a message or if you have given consent for your microphone to be accessed, there is every chance that an employee of such a corporation has listened and typed out your message.
The corporation’s justification for listening in to customer recordings is that the information is used to improve the computer learning of their artificial intelligence transcription systems. However, due to concerns raised, these transcription departments have been suspended in most of the corporations, pending further investigation into how this type of data processing is compliant with data protection legislation.
Who’s watching?
In using the sensitive data, processors must be able to satisfy the conditions as set out in Schedule 8 of the General Data Protection Regulation (GDPR). These conditions include that the processing of sensitive data is necessary:
- for the administrative of justice;
- for judicial and statutory purposes;
- for when a court acts in its judicial capacity;
- to protect the data subjects (or another individual’s) vital interests;
- for the safeguarding of children and of individuals at risk;
- for legal claims;
- for archiving, research or statistical purposes;
- to prevent fraud; or
- where the personal data is already in the public domain.
An increasingly popular area that generates vast amounts of sensitive data is that of biometrics. The term biometric encompasses any metric that is used to identify or authenticate human characteristics, for example, fingerprint, retina scan, facial recognition etc.
Biometrics have been the focus of numerous headlines recently. A case that is currently going through the courts is a member of the public who has brought a case against the South Wales police force who were trialling facial recognition software. In order to assist the systems computer learning the facial recognition cameras had allegedly been systematically capturing photos of the general public and storing and processing the sensitive data when using facial recognition to identify persons of interests.
A recent headline that highlights the danger of holding a volume of sensitive data is that of Biostar 2 which is a security tool used by a vast number of companies. Cyber-security researchers recently announced that they were able to access sensitive data from Biostar 2 including:
- fingerprint records;
- data relating to facial recognition;
- passwords;
- names and addresses;
- personnel photographs; and
- employment records.
Nearly 30 million of the above records were exposed online causing an irreversible breach of sensitive data. The Information Commissioner’s Office is now launching their own enquiries into this breach.
Is your business a processor of personal or sensitive data?
It is of vital importance to identify the data your business processes and ensure the correct procedures and documentation is in place to limit the damage a breach of data can cause to your business.
Our specialist team of data protection advisors can help with ensuring legal compliance with data protection legislation. If you have any queries around your business’ data protection, please contact our data protection team on 01392 210700 or data.protection@stephens-scown.co.uk.