ICO DPIAs (part one, published on 24/12/2021)

Framework for auditing AI systems Introduction of an IT helpdesk ticketing SaaS Cyber Essentials Fee recovery process for non-payment of DP fees Equality, Diversity and Inclusion Audit of the ICO by third party Process for ICO marketing emails ICO use of Google Analytics Cross-office intelligence database Automated email process for change of address on DP […]

Read More »

Pingdemic

On Boxing Day at 12.47pm, millions of people received a badly-written text message. “GET BOOSTED NOW Every adult needs a COVID-19 booster vaccine to protect against Omicron. Get your COVID-19 vaccine or booster. See NHS website for details” The Government confirmed via a press release – complete with quotes from The Saj himself – that […]

Read More »

An unreasonable opinion

In September, I wrote about the ICO’s generous use of the notorious S36 exemption in a request I made. Immediately after Chris Stokel Walker revealed that the ICO had spent £6000+ on chocolate, a group of What Do They Know regulars made some premature requests about the case. As it was still being investigated, ICO […]

Read More »

Problem gambler

We’ve all been there. You’ve got some knockoff ‘Orwell was right’ hokum to please the gambling industry, and a dusty tabloid owned by a media group that makes a lot of money out of bingo and betting have space in amongst the adverts to publish it. Do you really have to check the facts? Do […]

Read More »

Bitter Chocolate

Just before Christmas 2021, as a thank you gift to 254 staff for their hard work after a challenging year (not my words, but those of the Information Commissioner’s Office), someone in the ICO used their corporate credit card to buy them all a box of chocolates from Hotel Chocolat. I cannot tell you who […]

Read More »

Spamalot

This week, the Information Commissioner’s Office significantly changed its policy on direct marketing as it relates to the public sector. ICO now says most messages sent by public sector organisations – even those sent for explicitly promotional purposes – are not direct marketing. The definition has always included both commercial messages but also the promotion […]

Read More »

“I think she will be persuaded”

As surely nobody has forgotten, in April, the Duke of Edinburgh died. Even a committed republican such as myself would have to acknowledge that this is a significant event in UK public life. Government and government-adjacent organisations such as the Information Commissioner’s Office plainly had to weigh up how best to react to his passing. […]

Read More »

The China Syndrome

I don’t have an exciting Data Protection origin story. I’ve heard people talk about coming into DP or FOI to fight for inalienable rights, to battle the evils of surveillance and encroaching government or corporate power. Some people seem to have started work on information rights in order to save the world. But I wasn’t […]

Read More »

Seersucker

Although it appears to have fallen silent, the Institute of Data Protection had an impressive sales pitch. It was “one of the most forward thinking and advanced learning programmes available for data protection professionals. We represent and support our members, promoting the highest professional standards around data protection and privacy issues”. UPDATE: since this blog was […]

Read More »