category: Breach£183m for BA – under the GDPR. £0.5m for Facebook – under the old DPA 1998. The difference between the previous maximum fine and the headlines on BA’s GDPR fine are startling. The first point: BA has only been issued …
Category Archives: Breach
Facebook CA – Controversy Alert!
Categories: Breach, Consent, GDPR, GuidanceBack in April 2018 we published an insight piece on the lawful basis for using Facebook’s Custom Audiences tool, in which we concluded that relying on legitimate interests as a lawful basis for the use of this feature was unlikely …
5 common mistakes made with DPIAs
Categories: Breach, Consent, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedWith the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The purpose of a DPIA is to identify potential risks …
5 Tips for Incident Management
Categories: Accuracy, Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, DFE, Fines, Fundraising, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedThis article is not a guide about how to handle a notifiable breach. By now, you’re all familiar with the ICO Guidance on that. This piece is about the day to day handling of incidents based on over a decade …
We all know about PECR, right?
Categories: Accuracy, Breach, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Events, Fines, Fundraising, GDPR, ICO, Security, TransparencyAt the Protecture seminar on e-Privacy at the end of November, Rowenna Fielding reminded us that PECR is about more than just consent for electronic direct marketing. I don’t think that Rowenna meant to alarm anyone, just a gentle poke …
Launch of the IRMS Third Sector Retention and Disposal Toolkit
Categories: Accuracy, Breach, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Events, Fundraising, GDPR, Guidance, ICO, Security, TransparencyThe Information and Records Management Society (IRMS) and Protecture were delighted to formally launch the IRMS Third Sector Retention and Disposal Toolkit and Schedule at an event in Central London last week. Attendees from a number of charities, not-for-profits and …
Equifax – 12 lessons to learn
Categories: Accuracy, Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, DFE, Fines, Fundraising, GDPR, Guidance, ICO, Public Information, Security, TransparencyAs the Data Protection Act 1998 (DPA98) comes to an end, we have a first! The first maximum fine under the old law was issued in September to Equifax Ltd. If you’ve heard any of the Data Protection Leads here …
Cookie D’oh!
Categories: Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Fines, Fundraising, GDPR, ICO, Public Information, Security, TransparencyWith the news that the changes to ePrivacy law have now been delayed until 2020, now is a good time to evaluate whether your organisation’s practices are already in line with existing electronic privacy law. The ePrivacy Regulation is likely …
Have You Reddit?
Categories: Breach, SecurityOn the 1st of August a hugely popular website, Reddit, announced that it had been hacked. If you’ve not seen it, Reddit is a vaguely social network (explored further below) where registered members can post links, news and discuss almost anything on a …
Better the devil you know – personal data breach reporting and GDPR
Categories: Breach, Charities, Consent, GDPR, ICOThe ICO Annual Report for 2016-17 has been published. Among the findings reported is the number of self-reported data protection incidents, broken down by sector. The headline figures show a 31.5% increase in self-reported incidents – from 1,950 to 2,565 …