The UK Home Office who famously, this year, lost the personal details and bank account information for every child-benefit claimant in the country have now admitted that they have lost the personal details of (count them!) three-million driving test applicants.
But it gets better.
They weren’t lost in the UK, oh no, they were lost 7 months ago in Iowa in the United States of America!
You really couldn’t make it up; it appears that a hard drive in the (former) possession of Pearson Driving Assessments Ltd, a contractor for the DVLA, has gone missing from their Iowa offices.
Pearson Driving Assessments seems to be part of the Pearson company, an international manufacturer of educational materials and examinations. Quite what they wanted with the personal information of learner drivers though is anybody’s guess.
The data lost this time includes:
- Name
- Address
- Phone number
- Fee paid
- Test centre
- Payment code
- E-mail where provided
Futher to this, the details of about 7,500 vehicles and their owners were lost.
It would be interesting to know whether this transfer, to the United States, of data relating to British Nationals contravenes the 1998 Data Protection Act which states as Principal 8:
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
It would seem exceptionally clear that an adequate level of protection has not been given to the rights of the citizens to not have their data lost in a foreign land.
Tags: data loss, data protection act, home office, learner drivers, pearson driving assessments
Entries (RSS)
The EU has established the Safe Harbour provision whereby US organisations can self certify that they will and can comply with Directive 95/46/EC. See COMMISSION DECISION of pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbor Privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce. This gets round principle 8 & allows US companies to process EU member states data.
Pearson VUE which is the trading name of Pearson Driving Assessments Limited (the people who lost the drive) is listed by the US department of Commerce on the safe Harbour list. It signed up to safe harbor 06/11/2002 18:00:50 and its next certification is due on 06/11/2008. Pearson Driving Assessments Limited is a subsidary of Pearson plc . As such under its alter ego Pearson VUE, it is the electronic testing business of Pearson, servicing the Health & Medicine, Information Technology, Academic/Admissions, Driving Licence, Employment & Human Resources and Financial Services industries. Pearson VUE has operational centres in the United States, Australia, Japan, the United Kingdom, India and China.
There two points
Is this multi-national dealing with our medical records and if so where?
The other is that safe harbor is not working and what’s the EU Commission doing about it?