Aangezien het handboekbegin, rond privacy uitgeeft omvat toezicht op de activiteiten van personeel, consumenten en burgers, toezicht en het registreren op de elektronische communicatie van het individu en hun elektronische toegang tot informatie, en de aanwinst van biometrie, lichaamsvloeistoffen en lichaamsweefsel. Vandaar, aangezien het handboek draagt, de wet: het Akte van de Bescherming van Gegevens (DPA). Maar ICO maakt het geval voor een PIA als manier om risico - met inbegrip van concurrerende manoeuvres `door andere bedrijven, natuurrampen, milieuverontreiniging, cyber-aanvallen, en het risico van verlegenheid' te voorzien. Zeker is de Overheid geverward door verlies van gegevens. Commentaar gevend in recent December op het verlies van de gegevens van 6.500 mensen door HM gingen de Opbrengst en de Douane in Cardiff na een gegevenspatroon van een pensioenfirma ontbrekend, de Belangrijkste Secretaresse van de Schaduw aan de Schatkist, Philip bovengenoemd Hammond: „Een andere dag, een andere gegevensramp. Eerst hadden wij verloren CDs van het kindvoordeel, dan gaan drie miljoen leerlingsbestuurders' details ontbrekend in Amerika, en nu dit.“

Wat in mening tijdens zulk een beoordeling te houden, door de definitie van ICO, veegt, met inbegrip van kabeltelevisie, het Akte van Rechten van de mens, en de Verordening van het OnderzoeksAkte 2000 van Bevoegdheden, en de Britse Norm voor informatiebeveiligingsbeheer, BS 7799, naast DPA. The ICO does have a history of gunning for the likes of private investigators for seeking personal data, in a couple of reports titled What Price Privacy in the last couple of years, although as investigators point out, their clients are for example chasing debtors or checking dubious insurance claims. The handbook claims that such assessment are mainstream in Canada, the USA and Australia. In any case it is questionable what good more assessing will do for the 11 banks and the Immigration Advisory Service that, as the ICO reported last year after a media outcry, discarded personal information in waste bins outside their premises.

The handbook decribes privacy of personal behaviour as the observation of what individuals do, and includes such issues and optical surveillance and ‘media privacy’. Much data may be sensitive, such as sexual preferences and habits, political activities and religious practices. But, the handbook goes on, the notion of ‘private space’ is vital to all aspects of behaviour, is relevant in ‘private places’ such as the home and toilet cubicle, and is also relevant in ‘public places’, where casual observation by the few people in the vicinity is very different from systematic observation, the recording or transmission of images and sounds.

Threats to privacy of personal communications include mail ‘covers’, the use of directional microphones and ‘bugs’ with or without recording apparatus and telephonic interception and recording. In recent years, concerns have arisen about third-party access to email-messages. Individuals generally desire the freedom to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations.

And not least there is privacy of the person, which according to the handbook relates to personal safety - implying the scenario of an employer letting a worker’s former partner have personal info which makes possible an attack.

The document points the finger at CCTV and other security measures as privacy-invasive technologies (PITs): “Many technology applications gather data, collate data, apply data, or otherwise assist in the surveillance of people and their behaviour (the “PITs”). Among the host of examples are surveillance technologies (such as CCTV), data-trail generation (such as keystroke monitoring) and identification through the denial of anonymity (e.g., telephone caller ID, loyalty cards and intelligent transport systems), data warehousing and data mining, and the use of biometric information. In an internet context, there is considerable concern about the various types of malware, including viruses, worms, trojans, keystroke-loggers, ’spyware’ and ‘phishing’.” Here the handbook suggests privacy-enhancing technologies (PETs) such as computer firewalls, and advice against malware.

What would a PIA look like? According to the handbook, the ‘benefits to an organisation of conducting a PIA arise more from the process than the product’. Or, putting it more wordily: “The important thing about PIAs is the process of undertaking the assessment where the organisation considers the impact on privacy and whether there are more privacy friendly alternatives.”

The ICO does say it’s not the law to do a PIA, but adds that it’s ‘eager to encourage use’.

The ICO quotes also a report last year from civil liberties body Liberty. Briefly, the report called for an overhaul of privacy protection. Liberty?s Policy Director and principal author of the report, Gareth Crossman, said: “In times of heightened insecurity we quite rightly compromise some of our privacy for public protection, but if we don?t pause for thought right now, our children will grow up without any sense of the value of privacy.” Among other things the report was critical of CCTV describing it as ‘not a proven crime deterrent’ and ‘poorly regulated’. The report claimed that ‘the DPA fails to provide an effective enforcement tool’ and called for new regulation. Liberty quotes a YouGov poll that found a majority of people agreed that the UK has become a surveillance society. In the detail of the report, however, the authors were not able to point to any public distrust of public space CCTV, falling back on the claim that the public are not informed.

You can download a copy of the PIA at the ICO website; and you can download a copy of the 137-page Liberty report at www.liberty-human-rights.org.uk: