“I think she will be persuaded”

As surely nobody has forgotten, in April, the Duke of Edinburgh died. Even a committed republican such as myself would have to acknowledge that this is a significant event in UK public life. Government and government-adjacent organisations such as the Information Commissioner’s Office plainly had to weigh up how best to react to his passing. […]

Read More »

A bridge too far

June is a significant time for Data Protection in the UK. At the end the month, we have the EU vote (where a vote to leave will throw at least the timetable for implementation of the new General Data Protection Regulation into disarray) and Christopher Graham steps down as Information Commissioner, to be replaced by Elizabeth Denham. There are several reasons […]

Read More »

The Gamekeeper’s Fear of the Penalty

Amongst the hype over the end of negotiations over the new EU Data Protection Regulation, one theme kept emerging again and again: Big Penalties. It’s understandable that people might want to focus on it. The UK goes from a maximum possible penalty of £500,000 to one of just under £15,000,000 (at today’s Euro conversion rate) or even 4% […]

Read More »

Whoops!

Yesterday, after at least a year of pondering it, the Information Commissioner asked the Universities and Colleges Admissions Service (UCAS) to sign an undertaking, agreeing to change the way in which they obtain consent to use students’ data. The data is obtained as part of the application process and subsequently used for marketing a variety of products […]

Read More »

TSUNAMI

Last month, the Information Commissioner, Christopher Graham, made an appearance on the Today programme. As always, Graham made big, broad, compelling points, claiming that his office needed more resources to deal with the ‘tsunami’ of complaints about the Google Right to Be Forgotten* case and stronger powers to do mandatory audits of both public (and because of some […]

Read More »

What’s the damage?

BTO Solicitors recently marked the publication of the Information Commissioner’s annual report with a blog by two of their advocate solicitors about the Commissioner’s recent enforcement activity. BTO enjoyed a notable coup in 2013 by overturning the ICO’s £250,000 civil monetary penalty against Scottish Borders Council. I agree with the blog’s authors, Laura Irvine and Paul Motion, […]

Read More »

TELLING THE DIFFERENCE BETWEEN AN INCIDENT AND A BREACH

A handy guide for data protection regulators. 1) You are being asked about an eye-catching incident that is making the headlines, but which you have not investigated in any way. Is this: a) AN INCIDENT b) A BREACH 2) You have investigated an incident, and identified a specific principle that has not been properly complied […]

Read More »