Posts Tagged ‘privacy’

It’s been only 48 hours since I wrote my blogpost on how to track a “troll” online. The blogpost itself was inspired by Leo Traynors story how online trolling and harrasment crossed over into real life and how he managed to find his tormentor. Since then I’ve had several thousand hits on that particular blog-post and have received phonecalls and emails from different media-outlets with questions on this topic. It’s obviously a hot issue…

My blogpost was not meant to serve as a manual on how to track someone online but was more as an insight that, yes indeed, you can legally track someone online and find out their identity and/or location. It was however also meant to serve as a warning of sorts on how much private information people put online using various social networks. This second issue needs elaborating on in my opinion as it’s an often ignored issue or at least one that elicits a lot of ignorant commenting.

First rule of online privacy: DON’T PUT ANYTHING ONLINE THAT YOU WOULDN’T SAY TO A COMPLETE STRANGER!

The above is the simplest but most effective rule; don’t make any comments about someone online that you wouldn’t say to their face and don’t put any images online which you want to keep private.  Adhering to that rule will save you a lot of trouble. Also remember that anything online, once it is indexed by Google, will stay accessible online forever. That’s right, Google caches every website that it indexes. That means that there will be a publicly accessible copy of that content on a Google server. Google will in certain instances remove content from its servers but rarely because the content is offensive or untrue and this is even less likely if you are not the owner of the website. So getting content which you put on LinkedIn, Twitter or Facebook and have since removed to be also removed from Googles cache is as good as impossible. The point is to *not* put said content online in the first place.

Second rule of online privacy: USE YOUR PRIVACY SETTINGS!

Most social networks have privacy settings. USE THEM. Even Twitter let’s you protect your tweets by setting your account as private or just straightforward block people. Note: Not a lot of people realize that if they block someone on Twitter that the blocked person can still read their tweets when they run a search for them. The only way to really prevent someone from seeing your tweets is to protect them.

On Facebook you have a lot more flexibility in regards to your privacy settings. You can have one setting for who can see your details, another for who can see the images you upload and so on. It gives you multiple levels of control. USE THEM!  There is no reason why something that you put on Facebook should be seen by someone who you do not want to see it.

Third rule of online privacy: WHAT HAPPENS ON THE INTERNET STAYS ON THE INTERNET!

Yes that’s right; anything that is put up on the internet (websites, blogs, social media and *everything else*) stays on the Internet. Forever. The reason for this is Google. In order to be able to serve you with these fantastic search results Google uses software (so-called spiders) to index everything on the internet. Once they have indexed the content of a page Google stores a copy on their own servers. This process is called caching. So if you have put something online, once it’s indexed by Google (and this is done very quickly) it is there for all eternity. You can remove the content, delete the page and even format the server that it was one but it will still show up in Googles search results and these search results will link to a copy of the content in Googles “cache”.  Of course you can attempt to get Google to remove the content from its cache but this will eventually result in the need for legal action with a limit success rate. Not a lot of people have the energy or more likely the funds to go down this route.

So, should you put nothing at all online? While this is obviously the most foolproof route to protect yourself from embarrassment it is not necessary. You can still be a prolific social media user without exposing everything about yourself. Take my own case, I blog, have 200,000 tweets to my name, check in on Foursquare regularly and much, much more. However not *everything* I do finds its way online. If I go somewhere, or do something that is private I just refrain from tweeting about it and certainly don’t check-in while doing so.  By being such a prolific social media whore while leaving private matters out it also creates a case where one can’t see the forest for the trees.

Enhanced by Zemanta

The “story” about Temple Streets Hospital blood sample/DNA database that started at the end of December 2009 just keeps on getting bigger. I blogged about this in December and January and had contact with Mark Tighe, Temple Street Hospital & the Data Protection commissioner. The facts were clear and simple:

  • The fact that Temple Street Hospital retained blood-samples together with private details was illegal.
  • Temple Street Hospital never sought or received the explicit consent of the person whose samples and information they were storing, their parents or legal guardians.
  • The existence of this database was widely know within the HSE, other government departments & research institutes.

I requested at the time that Temple Street Hospital would notify me if my children’s details were part of this database AND that if they were that they would be destroyed. I received an email reply letting me know that my request would be dealt with and that they would be in contact. That was early January. We are now nearly two months later without any contact from Temple Street. I have since also set-up a website where people can submit similar request automatically.

Anyway, the story has just taken another leap. One of the cases often referred to when discussing the legalities of DNA databases is the case of the class action suit taken against the Texas Department of State Health Services. This very similar case led to the destruction of a large amount of illegally held DNA samples. Last week the Texas Tribune revealed some substantial new information regarding to this case. Their review of nine years’ worth of e-mails and internal documents on the Department of State Health Services’ newborn blood screening program reveals the transfer of hundreds of infant blood spots to an Armed Forces lab to build a national and, someday, international mitochondrial DNA.  The records, released after the state agreed in December to destroy more than 5 million infant blood spots, also show an effort to limit the public’s knowledge of aspects of the newborn blood program, and to manage the debate around it. But the plaintiffs who filed the lawsuit never saw them, because the state settled the case so quickly that it never reached the discovery phase.

Now while information like this is disturbing enough what really worries me is the striking resemblances given by the Texas Department of State Health Services why they initially compiled a database like this: “The core mission is to screen all babies for life-threatening disorders”. Without being overly sceptical this “it’s all for the little children’s benefit” excuse does not wash with me. Temple Street has admitted that on 4 separate occasions researchers were given access to the database and when asked if law enforcement officers were given access all they said is that they had received “requests from 2 agencies” but fail to state of in those case access was granted or refused.

So what we have now is information that proves the existence of several illegal (state held) DNA databases, compiled without the explicit consent or knowledge of the “legal owners” of the samples and information, and shared with other government department. Compare that with the public lies, misleading statements and lack of cooperation and it would make a damn fine episode of the X-files.

The truth is out there…..

I recently wrote about the discovery that (since 1984) Temple Street hospital had retained all newborn bloodsamples submitted to it for the purpose of the PKU/heelprick tests. That means that they have a database of people born in Ireland since 1984! This is an estimated 1.54 million people. This was all following an article in the Sunday Times on December 27th 2009.

The Sunday Times ran a follow up story on January 6th. Their research discovered that “external researchers” had been given access to the database on at least 4 occasions. It has also become clear that at least one request from an “agency” for access to the database was received.

This raises two immediate questions:

  1. If the database was illegal and/or secret how come external organisations were aware of its existence.
  2. If access was granted to “external researchers” did money change hands over this?

I am pursuing this matter further and am in the process of submitting a number of FOI requests and will post results in this blog when I receive them.

However I have also decided to put up a website similar to the one run by the CountMeOut campaign. This website will allow people to send a standard email to Temple Street & the HSE requesting to be notified if their or their children’s data is contained in this database and if this is the case to request that the data is destroyed.

However as I am not a web developer & have not got the time to learn this I am looking for a web designer who will assist me with this on a pro-bono basis. The site is going to be fairly simple and mostly text based but it needs to have a backend that can submit the completed form (via email) to 3 different email adresses simultaneously.

So if you’re a web developer willing to help with this please send me an email!

I came across this article in last weekends Sunday Times newspaper. The article outlines how Dublin’s Temple Street Hospital has:

“built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws”.

What has happened is that the hospital:

“amassed 1,548,300 blood samples from “heel prick tests” on newborns which are sent to it for screening, creating, in effect, a secret national DNA database”

The hospital is now under investigation by the Data Protection Commissioner who will possibly order that all these record will have to be destroyed if it is not satisfied that the hospital is taken all necessary actions.

“Clearly it is a matter of significant concern to us that holding data of this nature containing sensitive health details of such a significant portion of the population appears to have operated without taking account of data protection requirements,” said Billy Hawkes, the DPC commissioner. The issue of the justification for the holding of the blood samples for any period beyond that which is necessary to perform the initial blood test will have to be considered as part of this office’s investigation of this matter. At present the position would appear to be that there is no consent from parents for the information to be held at all.”

A hospital spokeswoman said the blood samples were being stored to help develop the screening programme and was in accordance with practices in other countries.

I have several serious issues with this DNA database and have voiced my concerns in a number of online forums. I have also contacted the DPC for advice. I was advised to contact the CEO of Temple Street hospital by email to determine if my children’s records were held in this database and if so to request that they be destroyed. I have done so but have not received a reply so far.

Now while I can understand the retention of the samples for the development of a screening programme, I do not see why the private details of each baby had to be retained. Surely statistical data (DOB, ethnic background, geographical location etc.) should be sufficient? I also have questions in how secure this data is stored and who has (and has had) access to it. As the database is defacto illegal I do not see it complying in either of these areas.

A “funny” thing happened though when I made a comment about this on Twitter. My tweets are posted to my profile on IGO. Within hours my comment was being criticised by someone who seemed to have an insider knowledge of hospital procedures. This person failed to grasp the essence of my objections and insinuated that by my objections I was showing a disregard to the welfare of sick children who could be helped by a database like this. What was interesting though was that this person set up an IGO & Twitter account only shortly after I posted my comments and only used these accounts to criticise my statements. Both accounts also gave no real indication as to who the person was. When I asked them to disclose who they are they preferred to go silent. I have my suspicion but will leave it to you the reader to draw your own conclusions.

Something else emerged from the discussions with this and other person though; apparently the retention of blood (and DNA) samples past the necessary period is allegedly commonplace in other hospitals and labs across the country. Also the procedure apparently calls for the HSE to order the hospital to destroy said samples before they are allowed to do so. Even though these rules are no excuse and do not supercede the applicable legislation it does indicate that at some level within the HSE there must be an awareness of the existence of these databases.

This issue is far from over for me and I will be posting regular updates to my blog. Keep reading!