Internet cafes have defended their means of protecting users’ private data following an investigation published in The Sunday Times of Malta.

This newspaper uncovered a wealth of personal data left behind by customers during browsing sessions at four different internet cafes.

Among the sensitive items found in recycling bins, documents and downloads folders were a credit card statement, a pathology report of a colon cancer patient and photos of a woman’s breasts.

A spokesman for one of Malta’s biggest internet cafes, where an employment contract, hotel and holiday invoices, a Maltese ID card scan and numerous CVs and boarding passes were uncovered, said it runs software to safeguard users’ data. The software automatically closes open programmes and scans regularly for unwanted programmes, the spokesman said.

It evidently is not used on every computer as a browsing session by this newspaper at the cafe opened with the previous user still logged into his Gmail account.

Additionally, the spokesman said the cafe’s technicians regularly use Ccleaner, a Windows utility that cleans temporary files and obsolete registry keys.

“However, we still feel that clients are expected to only use websites that have strong encryption where personal data is involved,” the spokesman said. “Saving personal data on the computers is not encouraged as they are publicly accessible.”

The processing and retention of personal data by internet cafes falls under the parameters of the Data Protection Act.

“Information which identifies individuals should not be retained after a session is closed,” the Office of the Data Protection Commissioner said.

The Data Protection Act provides that “personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed.”

The internet cafe where the most sensitive documents were found was sent copies of the various items uncovered from one of its computers.

It replied that “normally” users shut down all their applications and log out of their accounts before their session expires.

“However, when a client forgets to do this we give the computer a restart and all applications are shut down,” the spokesman said.

The cafe in question failed to address the fact that sensitive documents were being retained on its computer for long periods.

What the law says

Article 26 of the Data Protection Act provides that: “The controller [in this case, the internet cafe] shall implement appropriate technical and organisational measures to protect the personal data that is processed against accidental destruction or loss or unlawful forms of processing thereby providing an adequate level of security that gives regard to the:

(a) technical possibilities available;
(b) cost of implementing the security measures;
(c) special risks that exist in the processing of personal data;
(d) sensitivity of the personal data being processed.”

Tips for protecting your data

• Clear the browser history and cache when you are finished using the computer.

• Delete everything of yours from the Documents, Downloads and Pictures folders and anything you saved to the desktop before logging out. Be sure to empty the Recycling Bin also.

• Make sure you log out of every website you’ve logged in to.

• Many browsers will offer to store your user name and password when you log in, do not to agree to it.

• Consider downloading a portable browser onto a USB memory stick. You simply insert the USB drive into the public computer, then start the browser by clicking on the executable file.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.