Breach

Launch of the IRMS Third Sector Retention and Disposal Toolkit

The Information and Records Management Society (IRMS) and Protecture were delighted to formally launch the IRMS Third Sector Retention and Disposal Toolkit and Schedule at an event in Central London last week. Attendees from a number of charities, not-for-profits and companies heard Scott Sammons, Chair of the IRMS, argued passionately for the benefits of record …

Launch of the IRMS Third Sector Retention and Disposal Toolkit Read More »

Equifax – 12 lessons to learn

As the Data Protection Act 1998 (DPA98) comes to an end, we have a first! The first maximum fine under the old law was issued in September to Equifax Ltd. If you’ve heard any of the Data Protection Leads here at Protecture speak about basic security issues facing organisations, you will have heard us talk …

Equifax – 12 lessons to learn Read More »

Cookie D’oh!

With the news that the changes to ePrivacy law have now been delayed until 2020, now is a good time to evaluate whether your organisation’s practices are already in line with existing electronic privacy law. The ePrivacy Regulation is likely to strengthen the current provisions of PECR in similar ways to which GDPR strengthened previous …

Cookie D’oh! Read More »

Have You Reddit?

On the 1st of August a hugely popular website, Reddit, announced that it had been hacked. If you’ve not seen it, Reddit is a vaguely social network (explored further below) where registered members can post links, news and discuss almost anything on a series of message boards. Users need an email address and password but are seemingly anonymous …

Have You Reddit? Read More »

Better the devil you know – personal data breach reporting and GDPR

The ICO Annual Report for 2016-17 has been published. Among the findings reported is the number of self-reported data protection incidents, broken down by sector. The headline figures show a 31.5% increase in self-reported incidents – from 1,950 to 2,565 incidents. The key word here: self. Reporting of actual or suspected incidents to the ICO …

Better the devil you know – personal data breach reporting and GDPR Read More »

Updating consent – implications of the Flybe and Honda fines

On 27th March 2017, the ICO issued Monetary Penalty Notices to Honda and Flybe, having determined that their approaches to confirming customers’ contact details and marketing preferences were not compliant with PECR (The Privacy & Electronic Communications Regulations 2003). Since these fines were issued, there has been some concern about whether this means that verification …

Updating consent – implications of the Flybe and Honda fines Read More »

What the RSPCA and BHF fines mean for you

We now have the full details of the RSPCA and British Heart Foundation fines. They have promoted the Charity Commission and the Fundraising Regulator to issue a joint alert about compliance with data protection law. The actions you should take now: “Immediately cease any activity without explicit consent described and set out by the ICO …

What the RSPCA and BHF fines mean for you Read More »

First fundraising data protection fines – secrecy and sharing at the heart of poor practice

The ICO has published initial details of the fines handed to the Royal Society for the Prevention of Cruelty to Animals (RSPCA) and British Heart Foundation (BHF). The charities’ approach to wealth screening; data / tele-matching and data sharing triggered the fines. The ICO exercised considerable discretion to significantly reducing the fines – in recognition …

First fundraising data protection fines – secrecy and sharing at the heart of poor practice Read More »

To BCC or not to BCC

The recent – and well publicised – data breach by the 56 Dean Street clinic in London raised a number of interesting data protection issues. The well-rehearsed line of “it was human error” was put forward to explain the breach…but who committed the error: the person who pressed ‘send’…or the senior management who appear to …

To BCC or not to BCC Read More »

Mum’s the Word this Christmas

Christmas requires many secrets to be kept – including the ultimate secret: who is Father Christmas? A similar attempt at hiding identity caused a recent £70,000 fine for a serious breach of the Privacy and Electronic Communication Regulations… A company looked to promote after-show parties for the Parklife Weekender music festival held in Manchester this …

Mum’s the Word this Christmas Read More »

Scroll to Top