Where do we want the Data Retention Act to go?

Originally posted by Victor
How do we break down the rights of (1) the state / state organisations (2) non-state organisations (3) individuals (4) parties and information outside Ireland.[/B]

Originally posted by dahamsta
I dunno. Could you kick us off Victor? [/B]

OK as I see it, the major threats to privacy come from (1) business, (2) inappropriate use by individuals or groups in control of information (including state officials) and finally (3) (other) criminal elements from the 1337 script kiddie to the credit card scammer.

While the Data Protection Act and Freedom of Information Acts gives a good start and have to date been good at empowering individuals, they have a basic weakness in that (1) technology evolves (2) large amounts of information is inadvertently retained and (3) not everyone respects them.

(1) The State / State Organisations

State organisations generally have the highest level of legitimacy in seeking and keeping information. From the Garda to the Revenue to Social Welfare to Health Boards, information is vital in delivering services to the public. However there are some instances (ASTI union subscriptions & Dept of Education) where information is misused and I suspect many such instances do not come to light. I fully agree that the Garda or other investigating authority should be able to obtain a wide amount of information related to an investigation of a suspected crime.

However, such is the ability of modern computers / networks that much more information than is necessary for purpose can be obtained and retained. Potentially a rogue (never!) Garda could obtain information on someone's personal life, political and religious views (thinks boards.ie and blogs here) that are irrelevant to a criminal investigation. On the other side of this, individuals are entitled to know what information the sate has on them and how the state does it's business.

Once general suspicion has been raised, perhaps it may be legitimate to passively monitor (stored but not accessed) an individual. This monitoring should be kept under review and if these suspicions are justified within a stipulated period then a warrant could be sought to access the passive information. This may be of use in for example the investigation of organised crime and paramilitaries.

(2) Non-State Organisations

These perhaps have the greatest "need", desire and ability to collect information. Companies from banks to internet spammers retain large amounts of information even if much of it is in a disorganised fashion. Other companies, "data miners" compile vast amounts of information about individuals, both with and without consent. Every form and survey you fill in, every time you mask an electronic transaction, every time you log onto the internet or make a phone call, who you phone, how often you phone your mother, how long you talk to her. Examples of problems would include for example an employer cooperating with a data miner, with information such as someone's personal life or previous salary and this affecting a prospective employment.

(3) Individuals

Individuals generally have the least ability to obtain and use information and the most to lose from others having information. However disgruntled individuals could obtain private information on others and misuse it.

(4) Parties and information outside Ireland

Once outside Ireland, most information is outside the control of the authorites in Ireland and certainly outside the control of the individual. It would consequently be outside the control of the act. The means to stop abuse here is to limit transfer of information outside the state, even for processing / storage purposes. Examples of misuse here are data mining without any consent and misuse of for example credit card details.