Damien Mulley

No I am not a secret shill for PowerCity or Harvey Norman’s.

I previously wrote about defrosting fridges and about how being a fan of objects would connect people together. Knowing someone through their fridge is how I put it. But that was about human social networking. Will my fridge be on a social network too, connecting with other like-minded fridges exchanging recipes? I think yes.

Photo owned by cogdogblog (cc)

The idea of a social object is to create something that will make humans more sociable and get them to connect with each other. Need it just be for humans though? Could we not make these objects take on some human characteristics allowing them to communicate with each other too and have personalities in a way? In the near future our fridges will either have barcode scanners built in or rfid readers when all barcodes are replaced by RFIDs. The fridge will know what it contains and would have a good guess as to what food types you like and what recipes you might use. In turn just like LastFM matches people with the same musical tastes, FridgeBook might just link fridges together and have them exchange recipes which will pop up on the front of the fridge. In addition the fridges will also share bargain hunting tips with each other. It’s better not to have the fridge stuff on your Facebook anyway as the fridge has a different personality to you since it’s used by a few people, unless you live alone. And cry yourself to sleep at night over it…

Then let’s not forget VRM – Vendor Relationship Management, where retailers will come to you or your fridge and offer what you normally buy each week but at a cheaper price. With all the fridges talking to each other they can also root out the scam artists and messers and low-quality food retailers so you get the best quality for the best price.

Of course for that we’d need some kind of “social layer” built into the communications stack of all these tech devices. Imagine sharing templates via a toaster network? Someone designs a nice toasting template for their toaster and they share it with a toaster network? All these social networks that we have are people based and they are hardly embedded but the BBC Olinda radio might change that and we might see more white goods with a social networking chip or firmware. That’s when the real fun happens.

Looking for this?

drill down 11 10.09% mulley.net
drill down 6 5.50% damien mulley
drill down 4 3.67% data protection commissioner report
drill down 3 2.75% mulley
drill down 2 1.83% data protection commissioner 2008
drill down 2 1.83% www.mulley.net
drill down 2 1.83% mullally .net data protection
drill down 2 1.83% data protection annual report 2007 leaked
drill down 2 1.83% mulley.com
drill down 1 0.92% data protection commissioner annual report
drill down 1 0.92% data protection report
drill down 1 0.92% data protection commissioner annual report 2008
drill down 1 0.92% data protection annual report
drill down 1 0.92% damian mulley consultant

NO court cases. Another slap on the wrist. We won’t do it again. Again. Again. eircom keep having these database errors that mean they accidently ring ex-customers when they shouldn’t. They kept promising ComReg it would not happen again. Yet it does. See my views of the DPC from last year.

Case Study 9: Marketing Calls by Eircom – remedial action – amicable resolution.

During the first half of 2007 I received a large number of complaints from members of the public who had received marketing telephone calls from a telecommunications company, Eircom. Many of the complaints came from people who were ex-customers of Eircom and the marketing calls from the company were made in an effort to win back their business. Some of these complainants informed Eircom that they did not wish to receive further marketing calls but the company continued to call them. Others had their phone numbers listed on the National Directory Database (NDD) opt-out register but continued to receive marketing calls from Eircom.

Regulation 13 (4) of Statutory Instrument 535 of 2003 prohibits the making of an unsolicited telephone call for marketing purposes to the line of a subscriber where the subscriber has notified the person or company making the marketing call that he/she does not consent to the receipt of such a call on his/her telephone line or where the subscriber has had his/ her telephone number recorded in the NDD opt-out register. It is an offence to make a marketing call which breaches this Regulation.
My Office investigated the complaints and engaged at length with Eircom on the matter. This involved meetings with the company as well as several exchanges of correspondence which eventually led to the following favourable and positive outcome from my perspective:

• • • Eircom assured me that it is fully committed to ensuring compliance with data protection legislation within the organisation. It expressed concern about the complaints received by my Office and it assured me that it takes all such complaints very seriously. Eircom introduced a number of measures to Eircom conveyed its sincere apologies to the • complainants to my Office for any inconvenience caused to them and it entered the complainants’ contact details on its suppression list to prohibit further marketing calls from the company to those individuals. In order to demonstrate its commitment to•

• • • reduce the risk of any reoccurrence of such complaints. These measures involved the completion of a full internal review of the processes which are followed by all customer-facing channels when recording requests to opt-out of direct marketing by Eircom and its related companies. Where any points of weakness within these processes were identified, the process was revised to ensure that it was both robust and compliant with data protection legislation. Eircom briefed all relevant staff on the issues which gave rise to complaints and on the new processes which were put in place. The new processes also became an integral part of the training material for new staff. Eircom established a centralised and dedicated ‘suppression’ unit with responsibility for processing “do not call” requests received by post, email or fax. A statement was placed on Eircom’s Intranet homepage emphasising the importance of ensuring compliance with data protection rules. The statement also explains the process which must be followed to implement a suppression request (i.e. an individual’s stated preference not to be called by the company for marketing purposes) and it provides details of the new centralised ‘suppression’ unit. the protection of individuals’ data protection rights and its regret for the issues which gave rise to complaints to my Office, Eircom made a donation of €35,000 to a reputable Irish charity. Finally, following agreement with my Office •

on the content, Eircom published a statement on its website regarding the protection of customer information. In the statement, among other things, Eircom acknowledged that it had communicated with individuals whose preference to decline marketing contact was not recorded due to a problem with its systems and processes and it expressed regret that these people were contacted when they did not want to be. It also stated that it had identified areas for improvement and had implemented those improvements. Overall, I am very pleased with the investigation of these complaints and the steps taken by Eircom in response to my Office’s intervention. The complainants concerned had good reason to complain to my Office about unsolicited marketing telephone calls which have become, in recent years, an all-too-frequent intrusion into the personal lives of individuals in their homes. Eircom identified the failings in its marketing processes and it did what a responsible data controller should do in similar circumstances -it took effective remedial action. In addition, it responded positively to my Office’s efforts to amicably resolve the complaints

-the Data Protection Acts make provision for the amicable resolution of complaints in the first instance between the parties concerned – by apologising to the complainants and by making a substantial donation to charity. Furthermore, I am happy to report that since Eircom took the remedial steps outlined above I have received no further complaints of substance regarding its marketing activities.

FAIL

Photo owned by smurfster1 (cc)

Photo owned by Simon Davison (cc)

Below is the press release going out at 11am tomorrow from the DPC but I found it by accident on their site and the full report is here. It’s kind of pathetic that you can actually access the full report from their site because of a badly configured publishing system.

UPDATE: Report is now here.

Once again the report is a crock with investigations that don’t go anywhere with eircom and Newtel reoffending. Newtel got mentioned in 2005, 2006 and 2007. Four in a row next year?

The Data Protection Commissioner launched his report for 2007 today. He has emphasised the responsibility of public and private sector organisations to respect the privacy of those who entrust them with their personal information. Equally the Commissioner has also drawn attention to the need for an appropriate balance to be struck between the ever increasing desire to seek the personal data of all of us as part of the security agenda and the individual’s right to privacy. In this respect he raises the question, “Have we not succumbed to terror and submitted to extremism when we loose the liberty to live our lives without constant intrusion by the State in the name of security?”

Enquiries and Complaints
During 2007 the Office of the Data Protection Commissioner opened 1,037 new complaint investigations, up substantially from 658 in 2006. This very large increase in the number of complaints relates in part to an increase in complaints in relation to unsolicited text (SMS) messages. The Report updates on the actions which the Commissioner has taken to address this issue. He currently has more than 350 prosecutions before the Courts in this area. These prosecutions follow strong action taken by the Commissioner who sent teams of investigators into the premises of those involved to collect evidence. The Commissioner has increasingly made use of his powers to send his officers into premises which contain personal data without notice to ensure that data protection requirements are being met.

The Report updates on the Commissioner’s actions in relation to the issue of unauthorised access to personal data in the public sector, a large number of complaints received in relation to the marketing practices of Sky and also includes case studies of a number of specific investigations into the use of personal data including:

• The use made by Baxter Healthcare of two medical reports relating to a former employee;
• The inappropriate use of CCTV footage by the West Wood Club in Sandymount and covert CCTV by the Gresham Hotel in Dublin;
• Suspension of the operations of a cold-call marketing operation by Newtel communications;
• Inappropriate disclosure of employee information by Aer Lingus;
• A very serious case of inappropriate access to personal information held by the Revenue Commissioners;
• The failure to supply a reasonable means for opting-out from email direct marketing by Ryanair.
• Extensive engagement with Eircom following the receipt of a large number of complaints in relation to unwanted marketing telephone calls. This resulted in a €35,000 donation by Eircom to charity to resolve the complaints
• Excessive information of local residents retained by Croke Park
• Unsolicited email marketing by Tesco arising from technical difficulties

In addition to actual formal complaints received and progressed, the Office dealt with approximately 20,000 telephone enquiries together with over 4,000 email enquiries and a smaller number of enquiries by post.

Other Activities
In a wide ranging report on his Office’s activities for 2007 that reflects the variety of issues the Office is called upon to address, the Commissioner also focuses on:
• The benefits that flow from an increasing awareness of privacy and data protection issues on the part of members of the public, the media and institutions holding our data;
• The occasions when he was obliged to resort to the use of his legal powers to protect and promote the interests of data subjects;
• The responsibility of private sector organisations to protect the personal data of their customers and clients;
• Breach notifications as an example of good practice;
• Developing codes of practice within particular sectors and public bodies to allow a better understanding of data protection requirements among those entrusted with personal data;
• The continuing challenges posed by new technology and the use made of the internet.

The Commissioner has taken the opportunity to highlight his engagement with Government on a variety of issues including the proposed DNA database, the intention to introduce what is known as an “eBorders” system to track all of our movements as we enter and leave the country and a very satisfactory outcome in terms of ensuring that the planning system respects privacy while maintaining transparency.

The Report also includes for the first time an unscientific list of the top ten threats to privacy as identified by the staff of the Office of the Data Protection Commissioner. This list, which is by no means authoritative, is intended to provoke discussion of privacy issues.

See the tender.

Photo owned by Britt Selvitelle (cc)

Email sent to TDs and Senators:

In the event of the loss or theft of any such device containing personal data, Members are advised to contact the Gardaí (to report the incident) and the Office of the Data Protection Commissioner (for advice on the most appropriate steps to be taken in relation to the lost / stolen data).

In order to maximise the security of data which may be on laptops and desktop computers, the Office has recently invited tenders for the provision of a data encryption system. As soon as a contract has been awarded, we will contact Members again to offer the installation of this software on all existing laptop devices. The software will automatically be installed on all laptops issued to Members after the contract has been awarded.

Members are reminded that although they are no longer required to register with the Data Protection Commissioner merely by virtue of their membership of the Oireachtas, they are still responsible for ensuring the safety of personal data which is stored on their computer systems.

The Office will replace stolen laptops only following receipt of a formal Garda report confirming that the loss or theft has been reported to the Gardaí.

There’s more to security than encryption, right? Anyone got a better solution?

Apple iPhone = a single button menu system and one of the best mobiles ever. Yet mobile phones are out 20 years. But it’s actually a portable computer with phone properties. Not that the general consumer knows or cares. Nokia marketed their N95 phone to people as a computer in your pocket. And how many of the world did that discourage from buying it with that phrase alone? How many don’t use all the poweful features of it because it treats the menu system like a computer menu system with half a dozen clicks to do something?

Oddly it seems the iPhone takes away choice from people by just doing what it wants. With an N95 it’s menu menu rotate to turn the image sideways, the iPhone does it automatically whether you like it or not. Despite all the other phone companies having mobiles that did mobile Internet it was the iPhone that exploded use of the mobile web in the past year. On a slower connection and less powerful phone…

Look at the Wii. You turn it on. Move the Wiimote and you know exactly what happens. Point at screen, move it about and you know the rest. Yet you’re there playing a computer game with a totally new interface.

Admittedly of course like Apple, Nintendo’s ads are very much like instructional videos too so pre-training new customers is good.

Photo owned by lorelei (cc)

There seems to be an issue with tech that if you upset the small enough comfort zones of the general public then they won’t buy your product. It does seem to be true. Something very upsetting to the engineers and early adopters who understand the power of these new innovations yet can’t understand why the general public can’t see how great this new thing is. I mean all you have to do is press this, twist that, press this three times and we’re off. Now press this fast to stop it. There. Over time I think this is why we’re seeing so many godforsaken shit web services and pieces of techwank come out which are all clones or tiny iterations of products that we already have. Nothing new is introduced or combined. Perish the thought. So much of these new things launched are just features. That makes the consumer comfortable. And the investors. And pisses off those that remain in the company that enjoy their ingenuity. And early adopters that scream for something new.

Pat Phelan asked are we (I guess he means humanity or the tech world) over-innovating. I don’t think we are. I think we’re scarificing innovation for over-iterating and becoming far too comfortable about making consumers feel comfortable about things remaining the same when we should be innovating on new tech and innovating on ways of introducing this new tech while the customer is almost oblivious. Design a product with underlying innovation so the consumer knows all about how to use it within 5 seconds of picking it up. This is what the iPhone does, it’s what the Wii does, it is not what the N95 does or Microsoft Powerpoint. An engineer won’t like how limited an iPhone is but a consumer doesn’t want to think they will have to change the way they work for the N95. An innovation is not product design. I think too many take that to mean that we should iterate.

Here’s a very long video that eventually sees Steve Jobs introduce the iMac, 10 years ago this week: