Irish Computer Society Mid West Network Half Day Data Protection Event

The recent headlines in relation to phone hacking serve as a timely reminder that while a lot of privacy obligations rest with the organisations which process our data, we are individually responsible for upholding our privacy rights.

One interesting thing about this story is the fact that we, the general public, knew it was happening as far back as 2005, when newspaper employees were imprisoned for the role they played in accessing the mobile phone messages of staff working for the British royal family. A number of further stories followed based on information gleaned from the messaging services of actors, actresses and ‘B-List’ celebrities. In fact, we did not stamp our collective foot in indignation until the news broke that these same ‘investigators’ had accessed the phone messages of a young kidnap victim, giving her distraught parents the (ultimately mistaken) hope that she was still alive.

Very often, we read these stories, shake our heads, and turn the page. Privacy breaches are what happen to other people, mostly those whose lives are lived in the full glare of the media – the stars, the millionaires, the ‘red carpet’ set. This probably explains why so few of us have taken the very simple steps to prevent a similar breach of our own privacy.

Many people are still unaware that their mobile phones are delivered with a built-in feature which was initially designed by the mobile service providers to allow users to access their mobile phone voice messages from a different phone. Simply placing a “5” before the mobile number, e.g. for the voice-mail of 087 1234567, dial 087 5123 4567, and follow the usual prompts to listen to your messages. For ease of access, almost all mobile phones are configured with a factory default setting of “0000”. The vast majority of mobile phone users have never changed these default settings.

Setting aside the exposure of journalistic deviousness, at the core of the phone hacking story is a lesson in human inertia – the physical inability to convert good intentions into simple, straightforward actions. In this case, to change the basic security setting on your mobile phone from the factory setting (“0000”) to a more secure pin number of your choice.

By failing to do this, anyone with your mobile number can, in principle, access your voice-mail. Not that we are encouraging people to do so, of course. That would be a breach of your privacy. As the owner of the mobile phone, all you need to do is access the phone’s voice-mail (usually by dialling “171”), go to the main menu and follow the prompts to change the default pin number to a code that only you will know.

Consider a list of the many, many people who have your mobile number, just as you have the numbers of many others. Friends, work colleagues, business contacts, competitors, service providers. Now make a list of the last 10 messages which people left on your phone – words of kindness, affection, criticism and complaint; appointments, cancellations, sales orders, meeting times and places. Job offers, perhaps, or juicy gossip! Now combine the two lists – how many of the people on List #1 would you like to have unfettered access to the messages on List #2.

Lastly, consider this – human nature tells us that, as they read this note, most people are wondering about two things:

1. Whether they have changed the default pin number on their voice-mail, and
2. Whether you have changed yours.

By my reckoning, you have approximately 3 minutes from the time you read this sentence to change your default settings, before curiosity gets the better of them! So off you go and make those changes – you can thank me later!

By Hugh Jones (Data Protection Specialist, Irish Computer Society)

ICS Mid West Network Half Day Data Protection Event

This compact half-day course will offer a powerful introduction to the Data Protection Acts. It will be facilitated by Hugh Jones, Data Protection Specialist with the Irish Computer Society, and will include a presentation on Data Retention Guidelines from Dorothy Quinn, Kefron Consulting, who is a member of the Limerick Ladies’ Network.

The event will include a high-level look at the key concepts within the legislation – the Data Protection Rules and Obligations, the Data Subject’s Rights, and the enforcement mechanisms available to the DP Commissioner.

Discussion Topics will include:
• Obligations in relation to data acquisition and retention
• The legal obligations which extend to third-party service providers
• Rules regarding sharing and disclosure of client data to other organisations
• Obligations regarding mandatory notification of data breaches
• Recent changes to legislation in relation to Direct Marketing and electronic communications
Please note that time constraints will only allow a certain level of discussion and debate on the various topics. However, a networking opportunity will follow the presentation, during which attendees can raise questions in a more relaxed, plenary forum.

Date: 08/09/2011

Venue: Carlton Castletroy Park Hotel, Castletroy, Limerick.

Cost: ICS MWN Members – Free    Non-Members – €50

Refreshments: Light lunch and Afternoon Tea included

Pre-Event Networking from 12:30

Contact: events@ics.ie,  017753007

Comments are closed.