CG66 scheme closing down?

[Lucky Duck]

That would assume compulsory registration of boats which is not case right now.

Similarly the SIM card embedded in my car doesn't need to be registered with anyone

 

[[70521]]

Its a mess because we have to enter the same info repeatedly. Surely the lack of joined up agencies or lack of shared information between agencies represents a sector in mild chaos. Thanks to CG66 shutting down I have had to contact Offcom, then deal separately with EPRB, then contact CG then Safetrx, not to mention SSR. By comparison, for my wife's car it was just the DVLA for vehicle and DVLA for herself.

Logically boat should be registered (Combined CG/SSR say, then Ofcom for new radio should simply link to already registered boat in CG/SSR, and MMNSI should autolink back to CG/SSR. I'm not saying its easy but off loading responsibility onto Safetrx is a sloping shoulders approach to governance

Why?

CG66 is a database that holds your details should you press the red button if you had shared them with the CG. You can voluntary move your details onto the RYA system. Falmouth as the UK office for EPIRBs has your details and won't change them. Nothing on your ships licence has changed.

The CG will coordinate a rescue if you push the red button if you are on the database or not. It just gives them some details about what they need to get everybody looking for.

You only need a SSR registration if you take your vessel, but what you are suggesting would be compulsory registration of pleasure vessels and that would go down like a well designed anchor.

This government has a policy of moving things from state systems to private systems this happens to be one of many changes, one that is quite logical, but the communications from both the CG and the RYA to the leisure boaters have been appalling.

 

[jwilson]

snipped - ..... the communications from both the CG and the RYA to the leisure boaters have been appalling.

Absolutely - I work with yachts, I own one, I read most issues of YM (occasionally glance at contents and don't buy) and until I saw this thread I assumed my boat was still registered on the CG66 scheme with accurate up to date details and photos.

This morning having some spare time I went to check and the CG66 website bounced me to details of the RYA system. I certainly have had no email from the CG/MCA.

Only a month ago I told someone buying a boat through our business ( https://www.yachtsnet.co.uk/ ) that they ought to register it on the CG66 scheme! I have been an RYA member for a very long time, and when they announced Safetrx a few years ago I played with it briefly and thought it was not very useful to me.

This morning I attempted to find the RYA app on an Ipad via App Store - not there. Did access it on PC and re-typed all the data that was on CG66, and uploaded a photo. Worked well. I have no particular interest in using the tracking functions, but I appreciate CG and presumably RNLI having the boat and equipment aboard data available is a good idea.

 

[dunedin]

The SafeTRX is better than the CG66 system (which did a good job) because:
1) it integrates passage recording, although if this is not for you don't use this function
2) there is no reason to criticize it as the developers are easy to contact, they listen and are willing to change the system based on user experience (they fixed a problem i raised within a week)

Www.solocoastalsailing.co.uk

OK, but if using SafeTRX instead of the CoastGuard CG66 to record boat and CONFIDENTIAL contact data, exactly who will be accountable for the data integrity, security and confidentiality of the data.
Previously it was the Coast Guard responsibility. Now is it
- CoastGuard
- RYA?
- App developer?
- their data hosting site, wherever that happens to be?
Neither Coats Guard or RYA seem to be interested in clarifying this with any of their communications.

Who else will have access to this data (as clearly the Coast Guard, as at least one other third party, is being given access by the App developer. Who else has access to this? How secure is the access? Are the App owners selling data to other third parties, as happens routinely with such apps?

 

[[70521]]

OK, but if using SafeTRX instead of the CoastGuard CG66 to record boat and CONFIDENTIAL contact data, exactly who will be accountable for the data integrity, security and confidentiality of the data.
Previously it was the Coast Guard responsibility. Now is it
- CoastGuard
- RYA?
- App developer?
- their data hosting site, wherever that happens to be?
Neither Coats Guard or RYA seem to be interested in clarifying this with any of their communications.

Who else will have access to this data (as clearly the Coast Guard, as at least one other third party, is being given access by the App developer. Who else has access to this? How secure is the access? Are the App owners selling data to other third parties, as happens routinely with such apps?

Put a Freedom of information request in to the Coastguard. At the same time contact the Information Commissioners Office for an opinion.

The new data protection regulations should cover it, but always good to test the system.

 

[ShinyShoe]

OK, but if using SafeTRX instead of the CoastGuard CG66 to record boat and CONFIDENTIAL contact data, exactly who will be accountable for the data integrity, security and confidentiality of the data.
Previously it was the Coast Guard responsibility. Now is it
- CoastGuard
- RYA?
- App developer?
- their data hosting site, wherever that happens to be?

I presume you can't read their privacy policy for some reason?

The data controller is the RYA. The RYA are legally responsible for ensuring the protection of the data.

I'm not aware when i submitted a CG66 I was told who the data controller was or who they had data sharing agreements with.

Neither Coats Guard or RYA seem to be interested in clarifying this with any of their communications.

Because its in the privacy policy on the home page

Who else will have access to this data (as clearly the Coast Guard, as at least one other third party, is being given access by the App developer. Who else has access to this? How secure is the access? Are the App owners selling data to other third parties, as happens routinely with such apps?

The App Developer isn't giving access to anyone. The RYA are as the data controller.
Using the site gives the RYA a contractual right to share your data "for the purpose of preserving life and property at sea." (You can't object to this... afterall its the purpose of the registration). That doesn't mean they don't have an obligation to handle it appropriately and only share as far as reasonably necessary.

They may also use it to:

to notify you of any changes or proposed changes in any laws, regulations or best practice in relation to boating, yachting and other related activities which they feel may be of interest to you;
to ask questions for the purposes of market research, where it is deemed appropriate;
to provide you with information about other goods and services which may be of interest to you.

You can object to those by contacting the RYA.

They have identified that they will share data with:

HM Coastguard
the European Maritime Safety Agency ("EMSA");
emergency services including national coast guards, police and ambulance services;
the providers of search and rescue services (including voluntary services);
third party technical service providers (including telecommunications companies); and
any other parties or authorities which may be able to assist in the preservation of life and property at sea.

You also acknowledge that in some circumstance it may be necessary to transfer personal data to organisations located outside of the EEA, if this is required for the provision of the Services, for instance if an alert is sent while you are outside of the EEA.

The other data sharing is principally standard other stuff that covers website abuse, legal etc.

 

[[70521]]

Shinyshoe you made that far to easy for him.

 

[laika]

The data controller is the RYA.

AKA the people with good intentions who write the privacy policy. The data processor is the entity who has to implement the policy, implement security measures to protect the data, and are the ones who ultimately lose your data.

132 people on linkedin are listed as working for 8 west consulting. Not one of them appears to have "security" in their job title.

 

[chanelyacht]

132 people on linkedin are listed as working for 8 west consulting. Not one of them appears to have "security" in their job title.

Perhaps the security people don't have public profiles for security reasons?

 

[ShinyShoe]

AKA the people with good intentions who write the privacy policy. The data processor is the entity who has to implement the policy, implement security measures to protect the data, and are the ones who ultimately lose your data.

132 people on linkedin are listed as working for 8 west consulting. Not one of them appears to have "security" in their job title.

RYA would be the one in court. Fine is pretty huge these days.

However, what bit of data are you SO worried about putting on their website? People are a bit obsessed with data security these days.

Your name and address... Your postman knows them, your marina knows them and I'll be the Marina doesn't have a person with "security" in their job title on linked in, unless they employ someone to intimidate the local scroates away
Your mobile phone number... If you are worried there are ways round it. But it is a fairly fundamental concept that someone can call you if you appear to be in distress
Your email address... Use a different address if you are REALLY worried...
Your boat details... I can read them off your boat

No bank details, no cards, no mothers maiden name, place of birth etc.
Don't remember any medical questions or sexual orientation questions.

The company has ISO 27001 certification. Does the coastguard?

 

[laika]

However, what bit of data are you SO worried about putting on their website?

This is a personal choice thing: You don't care who has your phone number. People don't call me up about the trip or accident I recently had or ppi.

The company has ISO 27001 certification. Does the coastguard?

Looking to see how you'd know this if you weren't part of their marketing department, I see they have an entire web page dedicated to their shiny new acquired-last-month certification. It's almost as though they'd just got a bunch of expensive consultants in to write them some procedures and get them through certification as a pre-requisite to a big new contract. Guessing no such pre-req existed for the coastguard setting up cg66 so they didn't need to hire the consultants. I don't want to dismiss iso 27001 as the desire to have existing procedures externally verified is a good thing and doubtless a pre-req for some types of business where your clients don't have their own security folks to do due diligence. Without inside information though I suggest we have no way of knowing how this translates into practical information security.

The government has our data. Not much we can do about that. Other stuff? Well we have a choice. And I don't have google/amazon/apple confidence in random small developer-led application software company. YMMV.

 

[ShinyShoe]

This is a personal choice thing: You don't care who has your phone number. People don't call me up about the trip or accident I recently had or ppi.

I have two mobile numbers (work and personal). I get FAR FAR more automated PPI / accident calls on my work one. I've never entered it on a website.

Looking to see how you'd know this if you weren't part of their marketing department, I see they have an entire web page dedicated to their shiny new acquired-last-month certification.

Well you told me who they were... I went to their website. It was on the home page. I didn't dig any deeper.

Guessing no such pre-req existed for the coastguard setting up cg66 so they didn't need to hire the consultants.

Does that mean we can trust the CG with our data though? They don't need to share it with the CG but they may still have other agencies to share it with. I'll bet if channelyacht wanted to he could probably have download the entire CG66 database as a spreadsheet and emailed it to himself at home.

Without inside information though I suggest we have no way of knowing how this translates into practical information security.

The government has our data. Not much we can do about that. Other stuff? Well we have a choice. And I don't have google/amazon/apple confidence in random small developer-led application software company. YMMV.

I have less confidence in google, amazon (I don't have apple) to protect my card details... ...and as a hacker - getting card details would be much more valuable than my mobile number.

I'm more interested in the RYA marketing use. I'm quite happy that they might once in a blue moon send me a message to say "Did you know all pleasure craft form Date XX/YY will need to have a liferaft" or something... ...which seems daft that the CG probably couldn't. But I don't want a "Join the RYA save 10%" email or a "Buy a Honda Outboard. Brought to you via the RYA".... ...which the EULA allows to happen unless I actively object.

 

[Blue Sunray]

CG66 is not closing down. The Safetrx app as I understand it is simply to record your passages. The CG do nothing with the info if you radio in unless actually in some kind of trouble, as have better things to do than to track many thousands of boats trundling round between ports to make sure they all arrive. I wont bother with the app. However if my vessel is reported missing the CG66 form enable a proper search etc and has just registered my new boat

Hmm

we will stop taking new registrations to CG66 on 18 June.

RYA SafeTrx now supersedes the HM Coastguard CG66 scheme

Yes the MCA have said they will continue to hold legacy data (for now), but that hardly constitutes the scheme continuing.

 

[chanelyacht]

Does that mean we can trust the CG with our data though? They don't need to share it with the CG but they may still have other agencies to share it with. I'll bet if channelyacht wanted to he could probably have download the entire CG66 database as a spreadsheet and emailed it to himself at home.

Haha, you underestimate just how shit the CG66 database is to interrogate.

I had a hard enough job finding the actual vessel I was looking for ( to the point that I very rarely used it) let alone downloaded the entire thing.

The few times I used CG66 data in anger, we invariably found the boat had been sold / owners died / owners moved / phone numbers changed.

CG66 *could* have been / be really good, and the amount of work staff put (voluntarily) into it was immense - but, as ever, it had no budget, no business plan, and was considered a pain in the backside by management.

 

[bitbaltic]

Haha, you underestimate just how shit the CG66 database is to interrogate.

I had a hard enough job finding the actual vessel I was looking for ( to the point that I very rarely used it) let alone downloaded the entire thing.

The few times I used CG66 data in anger, we invariably found the boat had been sold / owners died / owners moved / phone numbers changed.

CG66 *could* have been / be really good, and the amount of work staff put (voluntarily) into it was immense - but, as ever, it had no budget, no business plan, and was considered a pain in the backside by management.

That pretty much confirms everything I suspected about CG66.

 

[Lucky Duck]

Solent CG seemed to unaware of this change judging by this morning's VHF comms.

About three years back I logged into the CG66 system when I changed boats and was rather alarmed at just how much of the information stored was out of date (moved house, different phone number, etc)

 

[Juan Twothree]

This happened today:

The relief Shannon class lifeboat currently stationed at Swanage was requested to launch this evening when the UK Coastguard received a distress alert via the RYA ‘SafeTrx’ app. The mobile phone app allows users to register their voyage with the Coastguard and has a facility to send a distress message (we’d always recommend using VHF radio or a PLB though). The Coastguard were unable to make contact with the boat or its skipper so asked the lifeboat to go to the boat’s last known position and look for anyone in difficulties. They also tasked the volunteers from St Albans Coastguard to investigate from the cliff top. The lifeboat launched and headed towards the yacht’s last known position. In the meantime the UK Coastguard were still trying to get hold of the boat’s skipper. Finally they got through and the skipper confirmed that he was fine, on a motorboat heading to the Solent not on his own boat and that he hadn’t sent a distress alert. With the situation resolved the lifeboat was released to return to Swanage, a false alarm with good intent.

 

[oldmanofthehills]

So safetrx is just as useless as CG66 then. If it gives false alarms it may not be acted upon if there is an emergency. I take the earlier point that lack of mandatory updating of CG66 rendered it less useful, and accept that I was wrong in thinking CG66 was continuing in some form.

I think I will continue in the belief that I am responsible for my safety and out at sea cant rely on help.

 

[Blue Sunray]

This happened today:

The relief Shannon class lifeboat currently stationed at Swanage was requested to launch this evening when the UK Coastguard received a distress alert via the RYA ‘SafeTrx’ app. The mobile phone app allows users to register their voyage with the Coastguard and has a facility to send a distress message (we’d always recommend using VHF radio or a PLB though). The Coastguard were unable to make contact with the boat or its skipper so asked the lifeboat to go to the boat’s last known position and look for anyone in difficulties. They also tasked the volunteers from St Albans Coastguard to investigate from the cliff top. The lifeboat launched and headed towards the yacht’s last known position. In the meantime the UK Coastguard were still trying to get hold of the boat’s skipper. Finally they got through and the skipper confirmed that he was fine, on a motorboat heading to the Solent not on his own boat and that he hadn’t sent a distress alert. With the situation resolved the lifeboat was released to return to Swanage, a false alarm with good intent.

I suspect there will be a small but significant number of recurrences of this.

 

[XDC]

Not sure if this has already been posted (sorry) but I have just downloaded the app and part of the registration process is to input my vehicle make model colour and registration number

Hmm.