Robin Wilton's esoterica

I was at the Enterprise Privacy Group's (EPG) "Postcards from the Future" workshop yesterday, and as you might imagine, a lot of our discussion was driven by the highly topical matter of the HMRC data breach. This time last week, I blogged about some of the foreseeable long-term liability issues which might arise if the missing disks are either discovered to have fallen into malicious hands, or simply never turn up again. I also mentioned the readiness with which the Chancellor assured us that the banks would pick up the tab for any resulting identity fraud.

Yesterday, in the course of an extremely constructive workshop, one of the participants made the following very interesting observation: Section 13 of the Data Protection Act 1998 runs as follows (the italics are mine):

13 Compensation for failure to comply with certain requirements

(1) An individual who suffers damage by reason of any contravention by a data controller of any of the requirements of this Act is entitled to compensation from the data controller for that damage.

(2) An individual who suffers distress by reason of any contravention by a data controller of any of the requirements of this Act is entitled to compensation from the data controller for that distress if -
(a) the individual also suffers damage by reason of the contravention, or
(b) the contravention relates to the processing of personal data for the special purposes.

(3) In proceedings brought against a person by virtue of this section it is a defence to prove that he had taken such care as in all the circumstances was reasonably required to comply with the requirement concerned."

Of course, in the absence of some kind of forensic meta-data this still appears to leave the onus on the data subject (in however many years' time) to establish the connection between this data breach and any damage suffered, but the prospect of that potential liability cannot be a comforting one for the data controllers in question.

Do you remember 9/11? Not the 9/11, that is, but 9th November 2005. That was the day Tony Blair first lost a vote in the House of Commons - and it was on his proposals for 90-day detention without charge of terrorist suspects. For those who like the numbers, the vote was 322 against, 291 for, 49 Labour rebels.

Here are some other numbers: 1, 2, 2, 2, 2, 3, 3, 4, 5, 5, 6, 7, 7.5, 12, 42.

42?? How did that get in there? I know 42 is a number of enormous significance, but it does rather stick out in that company. And yet, that's the profile of the UK's proposed limit on detention without charge, compared to 14 other countries' current limits. (The 12 is Australia, the 7.5 is Turkey... at the other end of the scale, the 1 is Canada and the 2s are the South Africa, Germany, New Zealand and the US). The numbers come from a study published in November by the National Council for Civil Liberties. You can find the report and other information here.

And here are yet more numbers: 28, 42, 58, 72.

These are the numbers you get depending on how you interpret the government's various statements on how long it needs. It got 28 days originally, but under the government's own Civil Contingencies legislation, another 30 days could be added to that (giving 58). That could only happen under extreme circumstances (i.e. if a state of emergency is declared...) but then, that's exactly the kind of exceptional circumstances ministers say they are trying to cater for by pushing for an extension of the current limit.

42 is the limit announced yesterday in the Home Secretary's proposals. This time, the extra 30 days which bring us up to 72 would come from her plan to propose that any 42-day detention "must be approved by Parliament within 30 days". Shadow Home Secretary David Davis made the point yesterday that this raises the extraordinary prospect of Parliament holding a debate to discuss the details of a case involving terrorist suspects who have been detained by the police but not yet charged; what on earth the effect of this would be on any subsequent legal proceedings was something the Home Secretary didn't explain yesterday.

Confused? I'm not surprised. It's possible you'll find enlightenment in Nick Robinson's post on the subject... but then again, he's only a journalist, not a miracle-worker. He does make the interesting point that there may be no objective rationale for settling on "42", beyond the notion that it's the highest Jacqui Smith could get away with without provoking a fatal rebellion of Labour MPs. That could make for some interesting human rights test-cases to explore the proportionality of the detention period.