A bridge too far

June is a significant time for Data Protection in the UK. At the end the month, we have the EU vote (where a vote to leave will throw at least the timetable for implementation of the new General Data Protection Regulation into disarray) and Christopher Graham steps down as Information Commissioner, to be replaced by Elizabeth Denham. There are several reasons […]

Read More »

The Gamekeeper’s Fear of the Penalty

Amongst the hype over the end of negotiations over the new EU Data Protection Regulation, one theme kept emerging again and again: Big Penalties. It’s understandable that people might want to focus on it. The UK goes from a maximum possible penalty of £500,000 to one of just under £15,000,000 (at today’s Euro conversion rate) or even 4% […]

Read More »

Whoops!

Yesterday, after at least a year of pondering it, the Information Commissioner asked the Universities and Colleges Admissions Service (UCAS) to sign an undertaking, agreeing to change the way in which they obtain consent to use students’ data. The data is obtained as part of the application process and subsequently used for marketing a variety of products […]

Read More »

TSUNAMI

Last month, the Information Commissioner, Christopher Graham, made an appearance on the Today programme. As always, Graham made big, broad, compelling points, claiming that his office needed more resources to deal with the ‘tsunami’ of complaints about the Google Right to Be Forgotten* case and stronger powers to do mandatory audits of both public (and because of some […]

Read More »

What’s the damage?

BTO Solicitors recently marked the publication of the Information Commissioner’s annual report with a blog by two of their advocate solicitors about the Commissioner’s recent enforcement activity. BTO enjoyed a notable coup in 2013 by overturning the ICO’s £250,000 civil monetary penalty against Scottish Borders Council. I agree with the blog’s authors, Laura Irvine and Paul Motion, […]

Read More »

TELLING THE DIFFERENCE BETWEEN AN INCIDENT AND A BREACH

A handy guide for data protection regulators. 1) You are being asked about an eye-catching incident that is making the headlines, but which you have not investigated in any way. Is this: a) AN INCIDENT b) A BREACH 2) You have investigated an incident, and identified a specific principle that has not been properly complied […]

Read More »

A poor lookout

I doubt I will ever wholly approve of anyone in the role of Information Commissioner until the Ministry of Justice comes to its senses and gives the job to me. However, I have always much preferred the verve and acerbity of Christopher Graham to the overcautious lawyerly approach of his predecessor, Richard Thomas. I don’t […]

Read More »