Feeds

Santa putting children's information at risk, warn experts

Kriss Kringle failing to comply with data protection laws

Next gen security for virtualised datacentres

Santa Claus could be breaking privacy laws in his collection and use of data about British children, experts have warned. Yuletide cheer-bringer Claus could be putting the personal data of millions of children at risk.

Data protection laws lay down strict conditions for the use of personal data and there is no evidence that Claus has an adequate compliance programme in place.

Children across Britain who write letters to Claus with a list of gift requests are not told for how long that data is kept, or if it will be used for other purposes such as marketing by third parties.

The Data Protection Act stipulates that data should not be kept for longer than necessary, which would mean 25 December, though Claus may argue that he needs to keep the letters for six years to use in any gift-related lawsuits.

"There is a stream of questions Santa has yet to answer," said William Malcolm, a data protection specialist at Pinsent Masons, the law firm behind OUT-LAW.COM. "Is this information used for anything other than present giving? Information passes out of the EU, so does Santa check the letters for unambiguous, specific and informed consent to this overseas transfer?"

OUT-LAW's attempts to put the questions to Claus were hindered by the lack of an office chimney. Eventually, the questions were put up a domestic chimney but no response was received by time of publication.

The Data Protection Act says that you must inform someone when you are collecting data about them, and tell them what the purpose of collection is.

"What about the naughty/nice database?" said Malcolm. "Are children given notice that behavioural data is being collected about them throughout the year? And does it qualify as covert monitoring, which would breach Article 8 of the European Convention on Human Rights?"

People can make a subject access request of databases holding their personal information, but the database operator has 40 days in which to respond. Children are now too late, therefore, to find out before Christmas if they are on the naughty or nice section of the system.

Tomorrow: OUT-LAW exposes Claus's cavalier approach to consumer protection.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.