The ICO Annual Report for 2016-17 has been published. Among the findings reported is the number of self-reported data protection incidents, broken down by sector. The headline figures show a 31.5% increase in self-reported incidents – from 1,950 to 2,565 incidents. The key word here: self. Reporting of actual or suspected incidents to the ICO …
Better the devil you know – personal data breach reporting and GDPRRead More »
On 27th March 2017, the ICO issued Monetary Penalty Notices to Honda and Flybe, having determined that their approaches to confirming customers’ contact details and marketing preferences were not compliant with PECR (The Privacy & Electronic Communications Regulations 2003). Since these fines were issued, there has been some concern about whether this means that verification …
Updating consent – implications of the Flybe and Honda finesRead More »
We now have the full details of the RSPCA and British Heart Foundation fines. They have promoted the Charity Commission and the Fundraising Regulator to issue a joint alert about compliance with data protection law. The actions you should take now: “Immediately cease any activity without explicit consent described and set out by the ICO …
The ICO has published initial details of the fines handed to the Royal Society for the Prevention of Cruelty to Animals (RSPCA) and British Heart Foundation (BHF). The charities’ approach to wealth screening; data / tele-matching and data sharing triggered the fines. The ICO exercised considerable discretion to significantly reducing the fines – in recognition …
The recent – and well publicised – data breach by the 56 Dean Street clinic in London raised a number of interesting data protection issues. The well-rehearsed line of “it was human error” was put forward to explain the breach…but who committed the error: the person who pressed ‘send’…or the senior management who appear to …
Christmas requires many secrets to be kept – including the ultimate secret: who is Father Christmas? A similar attempt at hiding identity caused a recent £70,000 fine for a serious breach of the Privacy and Electronic Communication Regulations… A company looked to promote after-show parties for the Parklife Weekender music festival held in Manchester this …
Imagine you work for a bank. A colleague walks by with a new iPhone 6. And you wonder – how can they afford that? What bonuses are they on? You might think “I know, I’ll use my access to the system to have a quick look at their account. Nobody will know…it will cause no …
Person fined for reading colleagues’ details – lessons to learnRead More »
This interesting article appeared recently (Sunday 10th August 2014). Sir Peter Fahy, the Greater Manchester chief constable, talks about the Police needing new and expanded rights to access medical records and other confidential data without an individual’s consent. At present, the police (like any other agency or body) can request access to someone’s personal information …
Police want right to see medical records without consentRead More »
Lincolnshire County Council has apologised after 4,000 names and email addresses were sent out to the public by mistake. Officials said an email to 250 people about changes to the council’s jobs website included details of those registered with the site Your first reaction might be: so what? Yes, the volume of records is high, …
Lincolnshire County Council apologies for email blunderRead More »
The recent data protection breaches made by temporary staff at Great Ormond Street Hospital highlighted the risks posed by not providing adequate data protection training to temporary staff. Responsibility for providing the training If the temporary staff are employed by you – i.e. they are on a short-term contract – then the Data Protection Act …
Temporary Staff – is Data Protection Training on the Agenda?Read More »