30 December 2011

Privacy Case Notes

The Office of the Australian Information Commissioner (OAIC), the national agency that incorporates the Commonwealth Privacy Commissioner, has released 13 case notes regarding the Privacy Act 1988 (Cth).

Those notes ("intended to offer a synopsis only and not to be a comprehensive account") are -
S and Telecommunication Company [2011] AICmrCN 13
R and Credit Reporting Agency [2011] AICmrCN 12
Q and Financial Institution [2011] AICmrCN 11
P and Retail Company [2011] AICmrCN 10
O and Professional Association [2011] AICmrCN 9
N and Law Firm [2011] AICmrCN 8
M and Law Firm [2011] AICmrCN 7
L and Insurer [2011] AICmrCN 6
K and Finance Company [2011] AICmrCN 5
J and Commonwealth Agency [2011] AICmrCN 4
I and Insurance Company [2011] AICmrCN 3
H and Registered Club [2011] AICmrCN 2
G and Parking Services Organisation [2011] AICmrCN 1
Highlights are as follows.

In S and Telecommunication Company (re NPP 6.1 and 6.7) the complainant had attempted to access personal information held by a telco, which the person believed included correspondence to a law enforcement agency. The telco relied on its internal privacy policy in its explanation of its decision to deny access, going on to quote exceptions under NPP 6 (ie denial of access to an individual when access would prejudice activities being carried out by, or on behalf of, a law enforcement body) when the complainant pursued the matter.

In R and Credit Reporting Agency (re s 18G(a) of the Act 1988) the complainant became aware the agency had linked the person's consumer credit information file with the credit files of other individuals. The complainant advised the agency that there was no connection to the other individuals. The credit reporting agency refused to remove the links. The Commissioner considered that by linking the complainant's personal information to other individuals the agency had failed to take reasonable steps to ensure the accuracy of information in its records and that the agency had thus not met the requirements of s 18G(a). A conciliation took place.

In Q and Financial Institution (re s 6 and NPP 2.1) the complainant contracted with a buyer to sell his car, which was under finance to a financial institution. The financial institution advised a prospective buyer that the vehicle had been under finance but the account had recently been paid in full. The prospective buyer later obtained a letter from the financial institution confirming receipt of funds to finalise the account; subject to clearance of these funds it would release its security interest in the vehicle in ten working days. In providing this information to the prospective buyer the institution denied disclosing the complainant's personal information, arguing that the letter to the prospective buyer only contained details about the complainant's vehicle and did not mention the complainant's name or account number. The prospective buyer was aware that the complainant owned the car and that the car had been under finance. The fact that the prospective buyer had previous knowledge of these details did not lessen the institution's obligation under NPP 2.1 to only disclose an individual's personal information for the primary purpose of its collection, or for a secondary purpose where it can rely on one of the exceptions at NPP 2.1(a) to NPP 2.1(h). The Commissioner considered that the prospective buyer could have reasonably ascertained that details in the letter related to the complainant's account with the institution; on that basis the letter contained personal information about the complainant, contrary to NPP 2. Conciliation was reflected in the institution's agreement to change its practice, offer an apology and offered a goodwill payment.

In P and Retail Company (re NPP 1.1 and 1.2) the complainant alleged that a retail company recorded outbound calls it made without providing notification of that recording the calls. The complainant objected on the basis that there had been no notification or request for consent. The retailer advised the complainant that there had been notification through its interactive voice response system when the complainant made the first inbound call to the company, claimed as providing awareness and consent. The Commissioner referred to the Telecommunications (Interception and Access) Act 1979 (Cth) - all parties must have actual knowledge that the telephone conversation will be monitored, with notification occurring prior to the activity taking place for both inbound and outbound calls - before indicating that the subsequent calls received by the complainant were a continuation of the original incoming call where notification had been provided. The Commissioner appears to have been unimpressed by the retailer's claim of implied consent. The collection of personal information during such calls was unfair and unlawful, with the retailer failing to comply with NPP 1.2.

In O and Professional Association (re NPP 6.1 and 6.2) the complainant sought access to that person's completed and marked exam paper from a professional association, along with access to the associated documents used to mark and rate performance along with all relevant documentation used in assessment of an application for special consideration. The association (NSW Bar Council?) refused to provide access to most documents, including working papers for marking. The Commissioner considered the exception under NPP 6.2, concluding that access would reveal evaluative information generated in connection with the association's commercially sensitive decision making process and that the association had provided an explanation through its personal analysis letter. The Commissioner declined to investigate the complaint under s 41(1)(a) on the grounds that the association had not interfered with the complainant's privacy.

In N and Law Firm (re NPP 1.2 and 10) the complainant alleged that a law firm improperly collected personal information, including their health information, using covert film surveillance. The law firm was acting for an insurer, with the information being subsequently disclosed during court proceedings. The Commiossioner noted that NPP 10.1(e) allows collection of sensitive information for the establishment, exercise or defence of a legal or equitable claim. In this instance the collection was necessary for the defence of a legal claim; the Commissioner accordingly declined to investigate under s41(1)(a) of the Act.

In M and Law Firm [2011] (re NPP 2) another law firm, acting on behalf of the complainant's former utility provider, commenced debt recovery with the complainant. The complainant subsequently settled the debt and was advised by the utility provider that debt recovery would cease. Oops, prior to receiving advice of the settlement the lawyers sent correspondence to the complainant's neighbour seeking information about the complainant's whereabouts. The branding of the law firm, including on the letter to the neighbour, identified that its legal expertise included debt collection. The complainant complained that the law firm had contacted the neighbour and revealed an outstanding debt. The Commissioner concluded that the correspondence amounted to a disclosure of the complainant's personal information. The complainant would reasonably expect that an organisation would disclose its name, and the complainant's name, to contact a third party in the circumstances, which included the law firm not being able to contact the complainant. Disclosure by the law firm was consistent with NPP 2.1(a); the law firm had not interfered with the complainant's privacy. The Commissioner referred the complainant to the Australian Competition & Consumer Commission to consider whether the debt collection practices were consistent with ACCC debt collection guidelines.

In L and Insurer the Commissioner noted the xemption in s 7B(5) for action under a State contract. The complainant, who had lodged workers compensation claims with two current employers, alleged the insurer disclosed details about a third unrelated compo claim to solicitors handling the claims for the two current employers. The Commissioner considered that, as the appointed claims manager of a state government body, the insurer was a contracted service provider to a state body. Additionally, the insurer had handled the complainant's personal information in relation to the two current workers compensation claims, for the purpose of directly or indirectly meeting its obligations as claims management agent for the state government corporation. The insurer's actions were thus exempt under the Privacy Act.

In contrast, I and Insurance Company (re NPP 3) concerned an insurance company collecting the complainant's personal information from a third party insurance industry database. The complainant was a loss assessor and the insurer was investigating alleged fraud. The complainant's file on the industry database featured multiple enquiry listings about the complainant and inaccurately listed the purpose for those enquiries. The insurer attributed the multiple enquiries to inexperienced staff andagreed that several of the descriptors were inaccurate. The Commissioner found that the insurer had recorded incorrect descriptors against the complainant's personal information and by not using a reference number was unable to verify why it had made the enquiries, or to find the various entries when it needed to correct the information. The insurer had thus not taken reasonable steps to ensure the personal information it disclosed was accurate and complete. In conciliation the insurer's procedures were changed, the complainant's personal information on the industry database was amended and the complainant received an unconditional apology.

In K and Finance Company (re ss 18E and 6 of the Act and para 65 of the explanatory notes to the Credit Reporting Code of Conduct) the complainant claimed to have signed as guarantor for a loan for a family member. The finance company providing the loan to that relative subsequently listed a serious credit infringement on the complainant's consumer credit information file held by a credit reporting agency. A copy of the loan contract obtained by the Commissioner showing the complainant was a joint borrower with the family member rather than a guarantor for the loan and that the complainant was made aware at the time of signing the loan contract that personal information might be disclosed to a credit reporting agency. The financier had sent demand letters to the complainant's last known address, with the mail had been returned marked 'not known at this address'. A collection agent visited the complainant's last known address and reported the complainant was no longer at the address, the complainant's home telephone number had been disconnected, and messages left by the finance company on the complainant's mobile telephone went unanswered. The Commissioner concluded that at the time of the listing the account was overdue, with the finance company having made reasonable efforts without success to contact the complainant. The complainant had stopped making payments under the credit contract and that the actions of the complainant would indicate to a ‘reasonable person' an intention to no longer comply with obligations in relation to the debt. The financier had not interfered with the complainant's privacy.

In J and Commonwealth Agency (re IPP 1, 10 and 11) the complainant claimed that during lodgement of an application with Administrative Appeals Tribunal (AAT) regarding a decision made by an Australian Government agency that agency obtained the complainant's fingerprints and provided them to a law enforcement body for the purpose of analysing certain documents. The agency advised that it had submitted the fingerprints for the sole purpose of having them forensically tested, as part of its duty to check the veracity of documents for an external tribunal. The law enforcement agency confirmed that, in line with its standard procedure, it would destroy the information when advised to do so by the referring agency. The Commissioner concluded that use of the fingerprints was consistent with the purpose for collecting the fingerprints – to check the veracity of documents – and was therefore authorised under IPP 10.

In H and Registered Club (re NPP 1.1, 1.3 and 4.2) the complainant alleged that a registered club interfered with their privacy by scanning their driver licence and, in doing so, recording unnecessary information. The complainant conceded that the club was required to collect their name, address and signature but argued the collection of the other information on the licence (inc date of birth, driver's licence number, driver's licence type and photograph) to be unnecessary. The club relied on statutory obligations to retain certain personal information for five years, stating it had a procedure in place to delete the information after that time. It would not agree to cease or alter its identity scanning practices, instead continuing to offer patrons the option of manually completing and signing its entry register. The club advised that a privacy statement is displayed at its entrance regarding collection and handling of their personal information; the statement is also displayed on the terminal when identification is scanned. The Commissioner decided that the offer of deletion coupled with the alternative option of manual sign-in adequately dealt with the collection issues in the complaint.

In G and Parking Services Organisation (re NPP 1.1, 1.2 and 4.2) the complainant alleged that a parking services organisation had no reason to collect the person's personal information and sought destruction of the information. The parking body had a short business relationship with the complainant and believed it was owed money from that relationship, going on to obtain a subpoena for records held by a state government department. These records contained the complainant's personal information, relating to the complainant. Sounds like the WA problem noted recently. The complainant alleged there was a mistake - there was no debt and it was thus unnecessary for the organisation to collect/hold the personal information. The complainant had not received a response after raising the issue with the parking body. That body indicated to the Commissioner that at the time it collected the complainant's personal information it believed the complainant owed money. It noted that the information was not obtained by deception but through a court subpoena. It went on to note that it later identified that there had been an administrative error: the complaint did not owe a debt. No matter, it seems: when the information was collected from the state government department the organisation believed in good faith that the information was necessary to pursue the non-payment for its services. That received a pat on the head from the Commissioner, which noted that the parking body did not need the complainant's consent before it collected the information, which was necessary for its activities and "was collected by lawful and fair means and not unreasonably intrusively". The Commissioner was similarly persuaded by the body's claim that it was required to keep the complainant's personal information to meet obligations with other laws, including taxation and corporations law. The body had written to the complainant, outlining why it needed to continue to hold the personal information in its records and the timeframe for destruction (ie for at least five years). The case note states that the Commissioner is "satisfied that the organisation had a legitimate reason for retaining the complainant's personal information". The implication seems to be that if you act in good faith in seeking recover a non-exiostent debt you get to keep the data for seven years, rather than apologising for your ineptitude and deleting the info forthwith.

Fou

It is axiomatic that application charges and processing charges have the potential to fundamentally inhibit community use of freedom of information law and thereby reduce both the transparency and accountability espoused by the Commonwealth Government in announcing changes to the Freedom of Information Act 1982 (Cth) last year.

In a conference paper and law journal article earlier this year I highlighted concerns regarding the legislation, arguing that the commitment of many Australian government agencies - and of senior officials - to the 'open government' philosophy was at best uncertain. Enthusiasm, as in the fatuous Gruen Government 2.0 report, for fashionable tools such as Twitter does not offset resistance on the part of Ministers, agency heads and midlevel bureaucrats to letting sunlight into the bowels of public administration. Vampires, watercolours and mushrooms may need to be kept in the dark; the public are made of stronger stuff and should not be.

The absence of FOI application charges and low processing charges is an acceptable cost for the operation of a contemporary liberal democratic state.

Along with closure of National Archives offices it is thus disturbing to see responses by national government agencies to the discussion paper [PDF] released by the Office of the Australian Information Commissioner in October this year. The Commissioner states that -
Fees and charges have always played a central and at times contentious role in the operation of the Freedom of Information Act 1982 (FOI Act).

The policy of the FOI Act is that agencies can impose charges to recoup some of the costs incurred in processing FOI requests. This ability to impose a charge also plays a practical part in the discussions that are held between agencies and applicants about defining and managing the scope of requests.

On the other hand, the FOI Act recognises that charges can impede the exercise by the community of the right to seek access to government documents. A stated object of the Act is that it should be administered 'as far as possible, to facilitate and promote public access to information, promptly and at the lowest reasonable cost'. Agencies also have a discretion under the Act not to impose a charge or to waive or reduce a charge.

FOI charges have figured prominently in much of the debate about the operation of FOI laws in Australia. Some complain that charges are assessed or imposed by agencies so as to frustrate access to government information. Others counter that only minimal charges are collected and that the true cost of FOI to Australian government and the community is understated.

Important legislative changes were introduced in 2010 to the FOI fees and charges regime. Those changes abolished application fees and reduced the charges that agencies can impose.

In introducing those changes, the Australian Government recognised the importance and sensitivity of this step and foreshadowed that the Australian Information Commissioner would be asked to commence a review of the charges regime within a year of these changes commencing.
In its response the Department of Foreign Affairs & Trade (DFAT) - not widely known for its frugality or efficiency - has called for the reinstatement of application fees. That call is echoed by the Department of Resources, Energy & Trade (DRET), which suggests $50 per application for non-personal requests [PDF]. The Department of Finance & Deregulation [RTF] suggests $40. IP Australia proposes a waivable application fee for all requests, personal or otherwise [PDF]. The response by the Department of Prime Minister & Cabinet (fear not, Sir Humphrey Appleby lives!) is a work of silky equivocation rather than leadership.

The agencies acknowledge that historically the cost of collecting the charges has outweighed the revenue; the Defence Department accordingly advises against reinstatement [PDF]. The calls for reinstatement appear to reflect -
• a desire to inhibit unstructured requests
• the failure of agencies to point potential applicants to information in other formats (eg in Hansard, Annual Reports and agency websites
What about processing fees? Not much joy for civil society advocates, journalists and academics from DFAT and DRET. The latter proposes $44.87 per hour for search and retrieval (an increase from the current $15), $59.83 per hour for decision-making (up from $20), $13.16 per page for transcripts (up from $4.40), and $0.30 per page for photocopying.

DFAT has proposed that foreign citizens be charged at a higher rate, citing an applicant from an overseas university who sought documents for an essay, taking up the time of a senior official for two weeks, and paid nothing for the documents after successfully applying for a waiver on financial hardship grounds.

29 December 2011

Offspring

More on frozen gametes, with 'A Chip Off the Old Iceblock: How Cryopreservation Has Changed Estate Law, Why Attempts to Address the Issue Have Fallen Short, and How to Fix It' by Benjamin Carpenter in 21 Cornell Journal of Law & Public Policy (2012) 1-80 arguing that
For thousands of years, the process for determining one’s heirs remained unchanged. For a woman, her heirs were fixed at her death; for a man, his heirs were fixed no later than nine months after his death. Then came cryopreservation and, with it, the ability for individuals to conceive children years after their death. This development has created many — largely unanswered — questions. While posthumous conception implicates numerous moral, ethical, and legal issues, this Article focuses on the legal status of posthumously conceived children in the estate law context.

Despite pleas from both courts and commentators, few legislatures have been willing to tackle this sensitive topic. Most judges and scholars who have addressed it agree the three primary goals of any response should be to ensure the efficient administration of estates, carry out the decedent’s intent, and protect the children’s best interests. However, no consensus has emerged regarding which of these goals should receive priority. These goals need not be mutually exclusive, though, but can each be achieved with appropriate legislation. In this Article, I take a critical look at the statutory and judicial approaches proposed to date, break down the strengths and weaknesses of each, and introduce two new concepts that bridge the gaps in the prior approaches. Specifically, statutes should (1) separate the question of whether a posthumously conceived child is an heir from whether the child will in fact inherit assets, and (2) provide fiduciaries discretion to distribute or retain assets when cryopreserved genetic material exists, based on certain conditions. These improvements will provide flexibility not found in prior approaches and, as a result, advance each of the three key goals. This Article provides legislatures, judges, and commentators who tackle this issue with both a comprehensive historical perspective on the issue and a blueprint to follow going forward.
Carpenter concludes -
Almost ten years ago, Chief Justice Margaret Marshall of the Massachusetts Supreme Judicial Court recognized:
As these [artificial reproduction] technologies advance, the number of children they produce will continue to multiply. So, too, will the complex moral, legal, social, and ethical questions that surround their birth. The questions present in this case cry out for lengthy, careful examination outside the adversary process, which can only address the specific circumstances of each controversy that presents itself. They demand a comprehensive response reflecting the considered will of the people.
To date, Massachusetts‘s legislature has ignored this appeal — as have the majority of legislatures around the country. Instead, they have passed the cost and burden of sorting out these issues to their citizens and courts.

The use of both assisted reproduction and cryopreservation will only continue to increase, however, and the issues they create require the attention of legislatures. Specifically, legislatures should recognize posthumously conceived children as a child of the deceased parent for probate purposes and for class-gift purposes if the decedent consented to the posthumous use of his or her genetic material for reproduction. Denying status in these contexts would neither regulate their parent‘s behavior nor, in most cases, create more efficient estate administrations. Recognizing these children, however, would carry out the decedent‘s intent, a hallmark of probate law, and protect the best interests of the innocent children by allowing them to qualify, at a minimum, for benefits unrelated to the decedent‘s estate (such as Social Security survivor benefits and inheritance through the deceased parent). However, courts should allow fiduciaries or custodians to distribute assets, without liability to themselves or the recipients, if the surviving spouse or partner does not notify them within four months after the decedent‘s death of his or her intent to use the decedent‘s genetic material. Further, the fiduciary or custodian should be free (but not required) to distribute the assets to the presumptive beneficiaries if the child is not born within a certain period of time after the deceased parent‘s death, such as three years. Importantly, though, the failure of the survivor to provide notice or to have the child within this period of time should not affect the child‘s status as an heir. Rather, it should just protect the fiduciary, custodian, and existing beneficiaries. A later-born child would still be eligible to receive other benefits as an "heir" (such as Social Security survivor benefits), to inherit through the decedent, to be a member of a class that remains open after the decedent‘s death, and to share in any assets that remain undistributed when the child is born.

28 December 2011

Broadcast guidelines

As a Christmas present to industry ACMA has released new non-enforceable Privacy Guidelines for Broadcasters [PDF], resulting from the first review of the co-regulatory guidelines introduced in 2005.

ACMA states that -
The new guidelines are principles-based and include case studies based on ACMA investigations into privacy complaints. Further guidance has been developed on invasions of privacy where a person’s seclusion has been intruded upon—whether or not in a public place.

Provisions on consent, children and vulnerable people, public figures, material in the public domain and public interest have also been revised.
The review featured 14 submissions - which identified weaknesses in the wording and basis of the Guidelines - and drew on two thin research reports: Community research into broadcasting and media privacy [PDF] and Australians’ views on privacy in broadcast news and current affairs [PDF] noted earlier this year.

ACMA indicates that -
A breach of these code privacy provisions will be investigated by the ACMA when:
• a code privacy complaint has been made to a broadcaster in accordance with the applicable code
• the broadcaster has not responded within 60 days or the complainant considers the broadcaster’s response inadequate
• a complaint is then made to the ACMA.

These guidelines are intended to
• increase general awareness of the privacy obligations under the various broadcasting codes
• assist broadcasters to better understand their privacy obligations under these codes.

The guidelines deal only with the codes. They do not deal generally with unlawful, unethical or distasteful journalistic practices.

Nor do they deal with privacy and privacy-related laws generally.

Some codes offer express privacy protections only in the context of news and current affairs broadcasts. Other codes offer privacy protections in respect of all broadcast content. Moreover, the privacy protections offered differ.

The precise privacy obligations to which each broadcaster is subject will depend on the terms of the applicable code.

The outcome of any investigation will depend on the facts of the case.
Release of the new Guidelines comes shortly after ACMA's unduly permissive stance regarding a Seven Local News report broadcast that featured photographs of a woman and her family and friends accessed from a Facebook RIP tribute page and a post entered by a 14 year old boy that included his name and Facebook profile photograph. Not a problem, said ACMA.

Open wide?

Data breach déjà vu, yet again, with a breathless report in the Canberra Times that "A website containing credit card details of hundreds of thousands of Canberra motorists has been left exposed to attack by cyber criminals because of lax procedures in the territory's public service".

The article appears to relate to the ACT Auditor-General's annual financial report [PDF].

The CT states that -
An investigation by the ACT Auditor-General's office found delays in the installation of critical security upgrades to the Rego ACT site were not undertaken in a timely manner, creating the risk of ''unauthorised access'', although the Government has not disclosed any security breaches.

The system, used by many of the city's 200,000 motorists to pay their registration fees by credit card, was left vulnerable many times over several years, the auditor's report found. The delays in installing security ''patches'', provided by the system's manufacturer, was part of a litany of weaknesses and gaps in government computer security systems, uncovered during the Auditor-General's annual financial audit process. The report found that password controls on government systems were weak and that security patches not being installed on time was a problem across the ACT Public Service

... the auditors were critical of the performance of both departments in managing the vital system after finding that the problem with the patches had existed for years.

''As in previous years, this system was not being promptly updated for security 'patches' that are regularly provided by the supplier of the system,'' the auditors wrote.

''This presents a higher risk that unauthorised users may exploit any known weaknesses in the system.''

The auditor's office identified security weaknesses across the Government's systems with password management emerging as a problem. ''These control weaknesses result in a higher risk of undetected unauthorised and possibly fraudulent access to the ACT Government network, firewalls, applications and data,'' the report says.

''The ACT Government's password complexity requirements were not fully enforced, some passwords were not 'forced' to be regularly changed, user access levels were not regularly monitored, and some critical 'patches' were not applied.

''This increases the risk of unauthorised, inappropriate and undetected access to the ACT Government network, firewalls, applications and data.''
After the usual flannel a spokesperson for the ACT government is reported as conceding that there was a need to improve confidence in the system and that 'documentation "has now been improved".
The ACT Government's password complexity requirements were not fully enforced, some passwords were not 'forced' to be regularly changed, user access levels were not regularly monitored, and some critical 'patches' were not applied.

This increases the risk of unauthorised, inappropriate and undetected access to the ACT Government network, firewalls, applications and data.

Murderabilia

'Celebrity Contagion and the Value of Objects' [PDF] by George Newman, Gil Diesendruck & Paul Bloom in 38 Journal of Consumer Research (2011) asks "why do people purchase objects that were once owned by celebrities, such as film stars or politicians, and also by despised individuals, such as serial killers and notorious dictators?". The authors examine three potential explanations - mere associations, market demands, and contagion (the belief that these objects contain some remnants of their previous owners) before concluding that although market demands play a role, contagion appears to be the critical factor affecting the valuation of celebrity possessions.
Manipulating the degree of physical contact that a celebrity has with an object dramatically influences consumers’ willingness to purchase it, and individual differences in sensitivity to contagion moderate this effect. Additionally, the valuation of celebrity possessions is principally explained by measures of contagion, and subliminally activating the concept of contagion changes consumers’ willingness to purchase celebrity objects.
They note that -
In 1996, Sotheby’s auctioned roughly 1,300 items from the estate of the late Jacqueline Kennedy Onassis. Before the auction began, Sotheby’s optimistically estimated the value of the entire lot at around $4.6 million. The total yield after 4 days was a staggering $34.5 million (USA Today, April 24, 1996). Some notable items included iconic pieces such as President Kennedy’s rocking chair, which sold for $453,500; his set of golf clubs ($772,500); and the desk on which the president signed the 1963 Nuclear Test Ban Treaty ($1.43 million). Many of the items, however, had little his- torical relevance, yet they still fetched remarkable sums of money, such as a tape measure ($48,875) and a set of books on Cape Cod ($21,850). Clearly, these items generated large prices because of where they had been and whom they had come into contact with, not their tangible properties or func- tional utility. For example, if the buyer of the tape measure discovered that it was actually not from the Kennedy household, he would presumably be outraged and want his $48,875 back, though nothing perceptible or tangible about the object would have changed.

The valuation of celebrity items, however, is not restricted to positively regarded figures, such as JFK. Curiously, there is also a market for items once belonging to hated and despised individuals. For example, items such as Charles Manson’s hair, paintings by John Wayne Gacy, and the personal effects of Saddam Hussein have been sold at specialty auctions, sometimes fetching tens of thousands of dollars per item (Stone 2007). And, recently, the U.S. government auctioned several items that belonged to the notorious fraudulent investor Bernard Madoff, including a footstool, originally listed at $360, which sold for $3,300, and a nondescript bar set, originally listed at $680, which sold for $2,200 (New York Times, November 15, 2010). Why are these objects valued? Do people value objects that belonged to despised individuals for the same reasons they value objects that belonged to well-regarded individuals?

One explanation is that celebrity possessions are valued because of their associations. Objects that were once owned or touched by specific people remind us of those people. This captures the fact that objects associated with admired individuals are positively valued. However, it also predicts that objects belonging to individuals who are explicitly disliked should carry no value at all. A second explanation has to do with intuitions about how these objects are valued by others (their market value). For instance, we might value objects that belonged to celebrities because we believe that there are other people who would later purchase them from us at higher prices or because others would be impressed that we own such things. A third account is rooted in the concept of contagion (Belk 1988; Rozin, Millman, and Nemeroff 1986). This is the belief that a person’s immaterial qualities or “essence” can be transferred to an object through physical contact.

The present studies demonstrate that the mere association of an object with a well-liked individual does not appear to be a significant driver of value. Moreover, while market forces do play a role, contagion appears to be the critical factor affecting the valuation of celebrity possessions. Specifically, we find that manipulating the degree of physical contact that a celebrity has with an object dramatically influences consumers’ willingness to purchase it, and individual differences in sensitivity to contagion moderate this effect. Additionally, the valuation of celebrity possessions is principally explained by measures of contagion, and subliminally activating the concept of contagion changes people’s willingness to purchase celebrity objects. In the remainder of this article we review the previous work on contagion and celebrity possessions and report the results of three experiments that use converging methodologies to test the role of contagion in the valuation of celebrity possessions.

27 December 2011

Memory

'Forgetting Footprints, Shunning Shadows. A Critical Analysis Of The “Right To Be Forgotten” In Big Data Practice' by Bert-Jaap Koops in (2011) 8(3) SCRIPTed 229-256 [PDF] argues that -
The so-called “right to be forgotten” has been put firmly on the agenda, both of academia and of policy. Although the idea is intuitive and appealing, the legal form and practical implications of a right to be forgotten have hardly been analysed so far. This contribution aims to critically assess what a right to be forgotten could or should entail in practice. It outlines the current socio-technical context as one of Big Data, in which massive data collections are created and mined for many purposes. Big Data involves not only individuals’ digital footprints (data they themselves leave behind) but, perhaps more importantly, also individuals’ data shadows (information about them generated by others). And contrary to physical footprints and shadows, their digital counterparts are not ephemeral but persistent. This presents particular challenges for the right to be forgotten, which are discussed in the form of three key questions. Against whom can the right be invoked? When and why can the right be invoked? And how can the right be effected? Advocates of a right to be forgotten must clarify which conceptualisation of such a right they favour – a comprehensive, user-control-based right to have data deleted in due time, or a narrower, context-specific right to a “clean slate” – and how they think the considerable obstacles presented in this paper can be overcome, if people are really to be enabled to have their digital footprints forgotten and to shun their data shadows
Koops comments that -
Looking at the world of Big Data we live in, I tend to believe that the data-deluge genie is out of the bottle. No matter how important the ideal of informational self-determination may be, users will not be able to put it back again. I doubt whether there is sufficient policy urgency in Europe to substantially change data-protection law to give data subjects a full-blown right to have data deleted, and to simultaneously mandate the forgetfulness-by-design that is required to make a right to be forgotten in any way meaningful. However, scholars and policy-makers with a different outlook may feel differently, and aim for devising legal and technical solutions that can address the challenges I outlined for a user-controlled right to be forgotten.

In any case, it is clear that a generic right to be forgotten does not currently exist. There are flavours of such a right in current data protection and sectoral “clean-slate” laws, but the first are limited in strength, the second are limited in scope. Given the different possible conceptualisations and their different foci, anyone who advocates the establishment of a full-blown right to be forgotten must clarify what this right means and how it can be effected. As argued in this paper, considerable obstacles need to be overcome if people are really to be able to have their digital footprints forgotten and to shun their data shadows.
The same issue of SCRIPTed features 'India’s New Data Protection Legislation: Do The Government’s Clarifications Suffice?' [PDF] by Raghunath Ananthapur, who criticises the Data Privacy Rules of 24 August 2011 issued by the Department of Information Technology. The Rules apply to 'sensitive data' of any individual collected, processed, or stored in India via a "computer resource" by a body corporate located in India.

Ananthapur comments that the Department has "sent positive signals by reacting quickly to the Indian outsourcing industry’s concerns by publishing clarifications to the Data Privacy Rules". The clarifications, "while they will certainly benefit the Indian outsourcing industry" are :half baked, and appear to have had, as the objective, exempting third party Indian outsource providers from the compliance with the most controversial provision – 'consent conditions'". Quite so.

In the UK the background briefing for the Protection of Freedoms Bill, which among other matters deals with restraints on biometrics, notes the 'opt in' to disregard convictions for consensual same sex activity (i.e. what has been decriminalised over the past 30 years, albeit might still be addressed under 'public order' and 'offensive behaviour' statutes in the UK and Australia).

The briefing states that -
Chapter 4 of Part 5 contains provisions that will allow individuals with a conviction or caution for an offence under section 12 (buggery) or 13 (gross indecency between men) of the Sexual Offenders Act 1956 (or the corresponding earlier offences or military service offices), involving consensual gay sex with another person aged 16 or over, to apply to the Home Office to have details of that conviction or caution disregarded. 
Consensual sex between men over the age of consent was decriminalised in 1967. Then the age of consent was 21 years, but it was lowered to 18 years in 1994 and to 16 years in 2000. However, details of any historic convictions for consensual gay sex with over 16s continue to be recorded on police records and appear on a CRB criminal record certificates. 
If an application to have a conviction or caution disregarded is granted, the details of that conviction or caution will be removed from the Police National Computer, and any local police or other records, and will no longer be revealed on a CRB certificate. In addition, a person with a disregarded conviction or caution will not have to disclose that conviction or caution to anyone under any circumstances, for example, on a job application or in court proceedings. 
There are estimated to be some 50,000 convictions and cautions recorded on the Police National Computer for section 12 and 13 offences; some 16,000 of these are estimated to relate to behaviour that is now decriminalised.