View profile

Spillage | The Cat Herder, Volume 4, Issue 8

March 7 · Issue #121 · View online
The Cat Herder
Sorry abut the unscheduled absence last week. This week you get two weeks of pratfalls for the price of one.

Find yourself someone who loves you as much as Irish politicians love talking about legislating to allow local authorities to put up CCTV in the unshakeable belief that it will put an end to illegal littering.
Laois Nationalist — Illegal dumpers to be targeted with new CCTV legislation says local TD | Laois Nationalist
This won’t do much for the reputation of the reputation risk management company now, will it?
UK Reputation Risk Intelligence Company Left 30TB Server Exposed
This is a data breach. There is no such thing as a data spillage, no matter what those responsible for the data breach claim.
Clubhouse confirms data spillage of its audio streams - BBC News
One would have to wonder why the HSE (or the software vendors who sold the HSE this system) feels it needs to collect 52 data points in order to administer a vaccine.
The details included each patient’s PPS number, address, names, age, mother’s maiden name, date of birth, phone number, email address and where they were vaccinated were all accessible.
In total there are 52 data points for each individual who receives the vaccine.
A concerned whistleblower, who was wrongly granted access to the database following a human error, contacted the Irish Daily Mail with worries over the data security.
Thousands Of People Have Highly Personal Details Exposed In COVID-19 Vaccine Data Breach
To make matters worse, when coronavirus data from venues was used, public health officials encouraged pubs and restaurants to contact customers directly - a breach of data protection law which could leave businesses facing legal action.
The report says that lack of guidance from Test and Trace for local public health teams on how to use the data left businesses “being asked to, or volunteering, to contact customers and visitors”.
It adds: “This is a breach of the General Data Protection Regulation (GDPR), and leaves businesses and venues open to potential legal challenge.”
COVID-19: Test and Trace barely used check-in data from pubs and restaurants - with thousands not warned of infection risk | Science & Tech News | Sky News
Or could they?
Or could they?
The thermal cameras and “temperature tablet” kiosks have been heralded as a critical first line of defense against new pandemic outbreaks. But in a new study of the scanners by the surveillance research organization IPVM, researchers warn that the tools are dangerously ineffective, raising the risk that infected people could be waved through medical screening checkpoints and go on to spread the virus unchecked.
Infrared fever scanners popular in the covid fight can be wildly inaccurate, researchers say - The Washington Post
The DPC published its annual report and since I haven’t had a chance to read it properly yet you’ll have to wait until next week (hopefully) for any analysis from this newsletter.
In the meantime, here’s some analysis from other people.
  • “Adoption of the decision would lead to serious risks that the UK will become a data protection-evasion haven for personal data from the EU/EEA to countries that are not held to provide adequate protection by the EU; that the UK will allow for undue direct access to data (including data on EU persons) by US authorities under the UK-US Agreement; and that it will allow UK companies to meekly comply with judgments and orders from non-EU Member States, also in respect of EU data, contrary to Article 48 GDPR.” From ‘The inadequacy of the EU Commission’s Draft GDPR Adequacy Decision on the UK’ by Douwe Korff and Ian Brown.
  • “The largest section of Experian’s report was called ‘propensities’, containing a whopping 373 different characteristics for each of our volunteers, across 14 pages. They vary widely: from your level of education to the type of car you drive; from how much you donate to charity to how likely you are to go to the opera in your spare time. Every attribute has a specific score against it, which is essentially an estimate of how likely it is to apply to each person. Experian will use different combinations of facts that it knows about you, to make these estimates as accurate as possible and produce these scores.” Matt Patchett attempted to find out ‘From property to pets, what data does Experian collect about you?’ for Which?
  • “In a simulation involving a movie recommendation algorithm, for example, the researchers found that if 30% of users went on strike, it could cut the system’s accuracy by 50%. But every machine-learning system is different, and companies constantly update them. The researchers hope that more people in the machine-learning community can run similar simulations of different companies’ systems and identify their vulnerabilities.” From ‘How to poison the data that Big Tech uses to surveil you’ by Karen Hao for MIT Technology Review.

Endnotes & Credits
Find us on the web at and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland