Operation: Data Protection Shield

This is a repost of the original planning thread here:
Euro-folks: Data Protection Laws and Lulz

Updates
19/04/08 - DPA request letter confirmed delivery
10/05/08 - Initial reply containing 2 further breaches of DPA (see next post)
13/05/08 - Confirmed delivery - Scientologys LAWYERS have recieved my reply.
17/05/08 - Another reply recieved
11/06/08 - Both Theta_Omega and myself have filed complaints with the information commissioner for breaches of the data protection act.

What's the idea?
We intend to use the Data Protection Act to do one of two things - either to provide 100% complete and utter protection from fair gaming in the UK (and most likely in all EU countries), or we will catch them with their pants down their ankles, arseholes lubed up with spread cheeks as they break the data protection act and incur a full investigation into all procedures and practices by the Information Commissioner.

What's the drawback?
To do this you WILL be made known to them. If you're being fair gamed already then it's not going to make any difference. If you're not being fair gamed then you're handing all the details they need to fair game you on a silver platter with a "please rape me" sign on. However. If they do rape you, there will be a full investigation including incredibly hefty fines as well as the complete and utter loss of the right to hold personal data by the cult. Oh, and you'll be entitled to a very very nice sum of compensation which will be a slam dunk court case.

So what's the theory?
The Data Protection act provides you with a certain amount of rights with regards to personal information held about you anywhere in the UK as well as placing harsh restrictions on companies on how they hold and use that information.

You can read the full act here:
Data Protection Act 1998 (c. 29)

You can read the information commissioners explanation of the act as well as their summary of your rights here:
The Data Protection Act - Information Commissioner's Office - ICO

Quote:

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

* Fairly and lawfully processed
* Processed for limited purposes
* Adequate, relevant and not excessive
* Accurate and up to date
* Not kept for longer than is necessary
* Processed in line with your rights
* Secure
* Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

Should an individual or organisation feel they're being denied access to personal information they're entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner's Office for help. Complaints are usually dealt with informally, but if this isn't possible, enforcement action can be taken.

What this means is that the private data that Scientology uses to track and harrass critics must be correct and must be processed in line with your basic rights. They CANNOT give out your personal information without your consent and they can only use the information ever given to them for the purpose that it was given to them. If you gave them any personal information say, to request something that you're entitled to under, it would be very very illegal for them to use that information to fair game you.

So, the particular parts that we're looking at.

1. You have the right to request a copy of all the information held on yourself by a company. This includes all personal information, any internal documents or memos about yourself, CCTV and photos etc. To do this is called a Data Subject Request. Companies are allowed to charge up to £10 to provide you with this information and must do so within 40 days of recieving a request.
Source: How to access information - Information Commissioner's Office (ICO)

2. You have the right to request them to stop processing your information if you have good reason to believe it will cause you unnecesary distress. This is fair game. You have the right to tell them to stop fair game, and if they do not then the information commisioner will wade in, lawyers first. This does not cost anything and simply takes the form of a letter. They have 21 days to confirm that they have stopped processing your information or provide the reason that they have not. If the reason is not good enough or you believe it is false, then you can send the information commisioner in.
Source: How to access information - Information Commissioner's Office (ICO)

I spoke to the information commissioners office on the phone (08456 30 60 60) and confirmed the following:
- The Church Of Scientology would not be allowed to post your personal information including, but not limited to, age, date of birth, photos, address, phone number, sexual preferences, past convictions, current convictions, ailments and accusations to the general public or to other companies without your consent.
- Regardless of the other illegalities of fair gaming and harrasing you and your friends, fair game is more than enough justification to tell them to stop processing your information and the Church Of Scientology must comply by law. The lass that I spoke to confirmed that she could think of no reason, unless we had signed a contract or agreement with them, that they could overule the argument of fair game.
- The cult MUST provide all documentation on yourself including personal information but also internal memos and documents and if those documents implicate them as breaking the law, you can use that as evidence against them.
- If you believe that they are withholding information about yourself, you can lodge a complaint with the information commissioners and they will barge in and find out for you.
- If they break the law again (they have been in breach before) then they will lose all rights to hold personal data in the UK and will receive HUGE fines.

So is this just in the UK?
No. There are data protection laws in all EU countries which follow similar principles.

Dub provided us with this list:

Quote:

Originally Posted by Dub

European Union Data Protection Authorities
Austria Österreichische Datenschutzkommission
Belgium CBPL-CPVP
Bulgaria ÊÇËÄ Íà÷àëî
Cyprus ΓÏ�αφείο ΕπιτÏ�όπου Î Ï�οστασίας ΔεδομÎScientologyνων Î Ï�οσωπικοÏ� ΧαÏ�ακτήÏ�α - ΑÏ�χική Σελίδα
Czech Republic ÚOOÚ - Hlavní stránka
Denmark Datatilsynet: Forside
Estonia mailto:urmas.kukk@dp.gov.ee
Finland Tietosuojavaltuutetun toimisto - Tietosuojavaltuutetun toimisto
France CNIL - Commission nationale de l'informatique et des libertés
Germany Internetauftritt des Bundesbeauftragten für den Datenschutz und die Informationsfreiheit
Greece ????
Hungary http://abiweb.obh.hu/
Ireland Home - Data Protection Commissioner - Ireland
Italy Garante per la protezione dei dati personali
Latvia Datu Valsts Inspekcija .|. Sâkums
Lithuania Valstybinė duomenų apsaugos inspekcija
Luxembourg Commission nationale pour la protection des données - Accueil
Malta Welcome to Data Protection
Netherlands College bescherming persoonsgegevens
Poland GIODO informuje
Portugal Página Principal - CNPD
Romania Pagina principală
Slovakia Úrad na ochranu osobných údajov Slovenskej republiky
Slovenia mailto:jernej.rovsek@varuhrs.si
Spain http://www.agpd.es/
Sweden Datainspektionen - Vi skyddar din integritet i IT-samhället
United Kingdom Information Commissioner's Office - ICO

So how do we do this?
Ok, you need to send two letters as Scientology is registered twice in the UK. Here are the addresses (thanks Theta-Omega):
Information Commissioners - Data Protection Register - Entry Details and Information Commissioners - Data Protection Register - Entry Details

- Make sure you use recorded delivery. Post the letters from a post office and use recorded delivery. This means that you can track the letter and have 100% proof that they have accepted it and have the letter. This is all the proof that the information commissioner requires that you have made a subject access request (source: the lass on the phone in the commssioners office).
- I'd recommend sending 3 copies of the letter to yourself, but they don't have to be recorded delivery. Now the copies of the letter are there if Scientology tries to pin bomb threats/anthrax letters on you. If it comes down to it, you will have 3 copies of the letter that will be postmarked by the post office. When you recieve these back, DO NOT OPEN THEM. Keep them and keep them safe. They are not 100% reliable in court but coupled with Scientologys history and citing Operation Freakout, I don't see any court case siding against you.
- If possible, only seal the envelope in the post office and get witnesses. Preferably police, obviously not always possible, and show the contents of the letter to the clerk before sealing it.
- Include a £10 postal order with each letter. Do not send a cheque for obvious reasons. £10 is the maximum that a company can charge for a subject access request and we know they will charge the maximum if they acknowledge your request.

Here are the points that you need to cover in your letters:
- You are making a subject access request for any and all personal information on yourself. They have 40 days to provide the information and you have included the £10 postal order to pay for this. They have your name and address at the top of the letter but I would recommend that you provide a little more information just to make sure they cant throw back "Well we just couldnt find them!". I gave a brief summary of my activities in the York protests and am including a passport photograph.
- You are telling them to stop processing information on the grounds of fair game. You must provide adequette explanation of fair game and why this might effect you. Cite the case of Bonnie Woods:
Scientologists pay for libel | UK news | The Guardian
They have 21 days to confirm they have stopped or give the reason why they have not.
- The information you give in the letter is to be used only to track down other data held by scientology and must not be stored for any longer than it takes them to make copies of your personal information.

Here is the letter that I sent. You can copy/paste this letter if you wish but obviously change the paragraphs relating to me:

Quote:

Dear Sir,

I am writing to you to make a Data Subject Access Request (DSAR) as provisioned in the Data Protection Act. I hereby request a copy of all documents and personal information relating to myself including, but not limited to, memo's, contact cards, private investigator contracts for myself, CCTV and photographic images. Please find enclosed a postal order for the value of £10 – the maximum amount that you are allowed to charge an individual for providing this information under law.

I would like to remind you that you have 40 days to provide all the information that the Church of Scientology holds on myself and not to do so will be another breach of the Data Protection Act committed by the Church.

I have reason to believe that the Church Of Scientology is holding personal information on me, on the basis that I was photographed by a Scientologist as I was speaking to a police officer while expressing free speech at a peaceful protest. This was outside the York mission of Scientology on March 15th 2008 and will be verified by other peaceful protesters as well as the officer I was speaking to. If needs be, they will be called on as witnesses in a court case if you fail to produce the information on myself. I was also photographed at the peaceful protest on February 10th by Scientologists although I wore a mask then. I have enclosed a passport photograph of myself to help you identify which photos are of me.

I am also taking this opportunity to make a formal request for the Church Of Scientology and all of its associates to cease all processing of information about myself. My reason for this is that Scientology has in the past conducted a policy called Fair Game where it endlessly and illegally harasses critics for simply expressing their right to free speech.

While the organisation has indeed retracted the term Fair Game, it is completely obvious that the policy is still in effect – most likely under a different name – due to hundreds of hours of footage and thousands of victims accounts of themselves being "fair gamed". Indeed several people who peacefully protested the organisation of the Church of Scientology on February 10th and March 15th 2008 have reported being "fair gamed". The most high profile case of this being the false arrest and imprisonment of Sean Carasov on suspicion of terrorism. These charges were subsequently dropped.

Also note that on June 8th 1991, Scientology was ordered to pay damages of £55,000 as well as £100,000 in costs to Bonnie Woods. This was due to publishing false and demeaning information about her to the general public for simply speaking out against the Church - an obvious example of the Fair Game policy still being in effect.

Because this policy, if it were to target me, would obviously cause me distress by being stalked, having my privacy invaded as well as the false reputational reprocussions, I am ordering the Church to cease any and all processing of information relating to myself. This is my right under the Data Protection Act. Failure to comply with this will result in a complaint to the Information Commissioners Office as well as legal action being taken by myself to claim compensation, again as provided under the Data Protection Act.

The information provided in this letter is to be used only for providing myself with copies of any and all private information held on the Church Of Scientologys records.

I look forward to your reply with confirmation that you have stopped all processing of information, or the reason that you have not, within 21 days. I also look forward to your reply giving me copies of all the personal information that you hold on me within 40 days.

Yours Sincerely

What happens then
By Law, Scientology responds saying they have ceased all information processing by yourself. They also provide you with a copy of all internal documents on yourself which would include any memos or notes as to what they intend to do with the information. You are 100% safe from Fair Game and they drop their attacks if they are already fair gaming your or they stop any planned attacks. You may also have evidence that they were planning illegal activities with the information.

We all know that Scientology bends, if not breaks the law constantly. So here are the other outcomes:
- Scientology ignores your request for copies of personal information or takes longer than 40 days to respond.
Action: Phone the information commissioner and complain.
Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
- Scientology sends you copies of some information but you suspect it isn't everything, e.g. there's no memos saying what they're going to do with that information or they have taunted you with that information.
Action: Phone the information commissioner and complain.
Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
- Scientology ignores your request to cease all processing or takes longer than 21 days to respond.
Action: Phone the information commissioner and complain.
Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
- Scientology doesn't give you a good enough reason why they aren't stopping their processing.
Action: Phone the information commissioner and complain.
Outcome: The Information Commissioner speaks to Scientology and sets the record straight. If Scientology does not comply then they get fined and lose the right to hold personal information in the UK. You are entitled to compensation.
- Scientology says they have stopped processing information then later they give you reason to believe they have not.
Action: Phone the information commissioner and complain.
Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.

I have a reply!

Quote:

Dear sir,

Re: Data Protection Act Requests

We act for the Church of Scientology Religious Education College Inc and the Church of Scientology Mission of Bournemouth and have been asked to write to you by our clients in connection your undated Data Protection Act requests.

Before we can begin to deal with your requests our clients need to be satisfied as to your identity. Accordingly please send us a copy of the photo page of your passport certified by a solicitor or notary piblic.

We await to hear from you.

WELL Scientology. I don't know if you've been keeping track of time, but you recieved the requests exactly 21 days ago today. By law, you had to tell me that you'd stopped processing any information on me or why not. THAT DOESNT APPEAR TO BE IN THIS LETTER.

Just checked one of my copies and WHOOPS I didnt include a date. Oh well - the timer goes from when it's recieved anyway.

I need to check with the information commissioner on Monday but I am 99.9999999999999% certain that they do NOT need a copy of my passport.

I can see 3 breaches of the Data Protection Act:
- They have not responded to my order to cease processing information
- They have passed my personal details onto a 3rd party company which does not have anything to do with this and certainly without my permission.
- They have request a copy of my passport which is more excessive personnal information.

I am thinking of the following reply until I can confirm all 3 points are breaches:

Quote:

Dear sir,

Re: Data Protection act Requests ref xxxxxxxxxxxxxxxx

Thank you for your letter dated the 9th May. As you noted, the letter I sent requesting DPA information was not dated. This is because the time allowed for a company to respond to a DPA request is started from the date of reciept which was 19/04/08.

The letter that I originally sent contained an order to cease all processing of information with which the Church of Scientology has 21 days to respond. Your letter did not contain the response neccesary and by doing so has broken the law. I will be speaking to an attourney regarding claiming compensation and requesting an investigation by the information commissioner.

In addition, you do NOT need a copy of my passport in order to process a DPA request. Considering your clients very well documented history of fraud and abuse, including the largest hostile infiltration of the US government in history, stalking it's critics, attempting to commit identity fraud and attempted murder of critic Paulette Cooper, you will forgive me if I refrain from sending you information that can, and I suspect will, be used to commit identity fraud against myself. This information is also excessive to the purpose it was intended for, and so the request for it is yet another breach under the data protection act.

As you have my name, address and a photo of myself, this is more than enough to identify myself. I expect an immediate response from yourselves containing an apology from your clients for breaching the initial order to cease the processing of information, as well as another reply no later than 29/05/08. This reply will contain information that I know the Church Of Scientology holds on me and will include the following:
- A "Suppressive person" declare for myself (I want it for my mantlepiece and am entitled to it under law)
- A copy of the photos taken of the peaceful protest attended by myself in York on 10/02/08.
- A copy of the photos taken of the peaceful protest attended by myself in York on 15/03/08.
- A copy of the photos and videos taken of the peaceful protest attended by myself in Leeds on 22/04/08.
- A copy of all memo's relating to myself.
- As Scientology is brandishing all Anonymous members as terrorists, I require the evidence that they have proving that I am a terrorist
- A copy of the Anonymous: Hate Crimes DVD
- As Scientology is claiming that all Anonymous members support Communism and Nazism, I require a copy of all the evidence they have proving that I support such parties

Thank you for your time and I look forward to your reply.

Yours Sincerely....

Thoughts?

Excellent stuff! Great idea.

Comments:

Well, obviously check with the Info Commissioner first that your interpretation of what's happened is sound and they actually have broken the law in they way it seems they have.

attourney = attorney.

Quote:

Considering your clients very well documented history of fraud and abuse, including the largest hostile infiltration of the US government in history, stalking it's critics, attempting to commit identity fraud and attempted murder of critic Paulette Cooper, you will forgive me if I refrain from sending you information that can, and I suspect will, be used to commit identity fraud against myself.

Perhaps a matter of taste, but I would not go into attacking mode just yet. If for any reason this gets up in front of a court you don't want to look all tinfoil hatty and like you have a beef with the CoS. You want to be able to say they didn't respond to a polite and reasonable request. No room for polemic here imho.

ETA: plus, you do not need to justify why you want the information- it's your right to have it.

Quote:

I expect an immediate response from yourselves containing an apology from your clients for breaching the initial order to cease the processing of information, as well as another reply no later than 29/05/08.

You've asked for an "immediate" reply with an apology- I think that might be unreasonable. I would drop the apology request and demand a reply within two weeks of receipt. Also, do say what you intend to do if you do not hear from them within the stated 2 weeks. Get information on what the next step would be from the Info Commissioner, and then tell them in the letter that you will take the next step.

Quote:

As Scientology is brandishing all Anonymous members as terrorists, I require the evidence that they have proving that I am a terrorist
- A copy of the Anonymous: Hate Crimes DVD
- As Scientology is claiming that all Anonymous members support Communism and Nazism, I require a copy of all the evidence they have proving that I support such parties

Not sure, but I think these might not be reasonable or applicable requests as these things do not relate specifically to you, it's not personal information. Also, what I said above about not being deliberately antagonising. Too easy for them to paint you as a frivolous troublemaker - troll basically. Take it deadly seriously- this is your personal info we're talking about.

Oh, and your request for photos of the protest- you need to specify photos of you. Photos of other people won't be your personal info.

HTH.

Sweet. The second I'm namefagged I'll be doing this.... :)

Thanks Anonymoose - I've decided to be very luvy dubby with my next letter.

Confirmed:
- They have broken the law by not responding within the 21 days (and this isn't a "people make little mistakes" timescale - this is the LAW. Information commissioner guy offered to file a complaint there and then)
- Asking for a passport is excessive information.
- They do have the right to pass my information onto their lawyers.

Here's my reply after running it past the ICO:

Quote:

Dear Sir,

Re: Data Protection Act Requests ref xxxxxxxxxxxxxxxx

Thank you for your letter dated the 9th May. As you noted, the letter I sent requesting DPA information was not dated. This is because the time allowed for a company to respond to a DPA request is started from the date of receipt which was 19/04/08. I have confirmed this with the Information Commissioner.

The letter that I originally sent contained an order to cease all processing of information with which the Church of Scientology has 21 days to respond. Your letter did not contain the response necessary and by doing so has broken the law, as confirmed with the Information Commissioner. I will be filing a complaint with the Information Commissioner and contacting an attorney regarding compensation if you and your clients breach the act further.

After speaking to the Information Commissioner, I have confirmed that you do not need a copy of my passport to process a DPA request. If this was required for any reason then you should have contacted me before the 21 day deadline, which passed on 10/05/08. As you have my name, address and a photo of me, this is more than enough to identify myself. Indeed I have no signed agreements or contractual agreements with your client and so a copy of my passport would mean nothing to yourselves as you have nothing to compare it against. If your client does have this information then it is obviously grossly excessive information and would be a further breach of the Data Protection Act.

I declined the Information Commissioners offer to make an official complaint straight away and I have decided to be fairly lenient. I expect a response from yourselves containing an apology from your clients for breaching the initial order to cease the processing of information by the 40 day deadline, which is 29/05/08. This reply will also contain information that I know the Church Of Scientology holds on me as requested in my initial letter. It will include the following:
- A copy of the photos taken of myself the peaceful protest attended by myself in York on 10/02/08.
- A copy of the photos taken of myself the peaceful protest attended by myself in York on 15/03/08.
- A copy of all memo's relating to myself.
- A "Suppressive person declare" for myself.

Thank you for your time and I look forward to your reply.

Yours Sincerely

I have only pedantic notes this time-

- "memos" does not have an apostrophe

- if the letter you received from the CoS was signed by a specific person, your letter should be addressed directly to them and read Dear <their name>, not Dear Sir

- if you're using Dear Sir, the correct sign-off is Yours Faithfully. Yours Sincerely is for when you're using someone's name.

Told you it was pedantic.

Right, enough of my anal banter, get ye to a post office, post haste!

Are you sure they have an SP declare? I know you want that, but it *should* be included if you say 'all documents and memos' relating to yourself.

Yeah the letter I got from the solicitors was just signed off as the solicitors.

Sent the reply with "memos", "Yours faithfully" and "all documents and memos". Thanks for the suggestions guys :)

Good letter. Any lulz in putting a DPA request in with the solicitors at some point?

Nice work. Eagerly awaiting any good done on this front.

If this is successful then it sets a precedent for the rest of the UK. They would never be able to reply to OVER 9000 requests for all data on that person to be removed, within the 21 days. We would force them to break the law!

I love Anonymous.

This is pure win.

You sir, are made of awesome and anti-aids.