What’s the damage?

BTO Solicitors recently marked the publication of the Information Commissioner’s annual report with a blog by two of their advocate solicitors about the Commissioner’s recent enforcement activity. BTO enjoyed a notable coup in 2013 by overturning the ICO’s £250,000 civil monetary penalty against Scottish Borders Council. I agree with the blog’s authors, Laura Irvine and Paul Motion, […]

Read More »

TELLING THE DIFFERENCE BETWEEN AN INCIDENT AND A BREACH

A handy guide for data protection regulators. 1) You are being asked about an eye-catching incident that is making the headlines, but which you have not investigated in any way. Is this: a) AN INCIDENT b) A BREACH 2) You have investigated an incident, and identified a specific principle that has not been properly complied […]

Read More »

“Appalling”

The British Pregnancy Advisory Service has just received a Civil Monetary Penalty of £200,000 for breaching the seventh principle of the Data Protection Act. A hacker, intent on vandalising the BPAS website, discovered a vulnerability in its coding. The details of thousands of women who had requested a call back about BPAS’ various abortion and […]

Read More »

A poor lookout

I doubt I will ever wholly approve of anyone in the role of Information Commissioner until the Ministry of Justice comes to its senses and gives the job to me. However, I have always much preferred the verve and acerbity of Christopher Graham to the overcautious lawyerly approach of his predecessor, Richard Thomas. I don’t […]

Read More »

Call the Cops

In June 2013, the Swansea-based company CPR Global proudly announced that their nuisance-call-busting Call Blocker had received a significant accolade – the device was now endorsed by the Association of Chief Police Officers. Having been vetted by their approved agent, the Call Blocker now carries ACPO’s ‘Secured By Design’ logo. It is police approved. Every […]

Read More »

Think of a number

On Friday, DataGuidance (“the global data protection and privacy compliance solution”) published research headlined ‘Total fines imposed on private sector outstrip public sector‘. They also claimed that the level of fines against private sector organisations has increased year on year: the private sector CMPs amounted to 50.7% of the total, compared to 20.5% in 2012 […]

Read More »

Once more unto the breach, dear friends

For some time, the Information Commissioner’s Office has advised organisations of all shapes and sizes to indulge in the masochistic activity of ‘breach notification’. Though taken to absurd levels of hair-shirtery in the NHS and some councils, the belief that any attention-grabbing data-related cock-up must automatically be reported to the ICO is widely held. I […]

Read More »

I see dead people

Before 2010, the ICO operated a brisk production line of undertakings to tackle the self-reported security breaches that came in the wake of the HMRC lost discs fiasco. Now they have the power to issue civil monetary penalties, the production line keeps humming. The obsession with security is such that even CMPs like the ones […]

Read More »

KLF Revisited*

On June 1st 2012, the Chief Executive of Brighton and Sussex University Hospital Trust, Duncan Selbie, gave a statement about the threatened ICO Civil Monetary Penalty of £325,000 for a Data Protection breach involving the insecure disposal of hard drives by a subcontractor. In the statement, Mr Selbie said the following: “In a time of […]

Read More »

We Take Public Relations Very Seriously

This week, the Information Commissioner’s Office issued its latest Data Protection civil monetary penalty, a £150,000 fine on Greater Manchester Police following the theft of an unencrypted pen-drive. The police perspective was available via the Manchester Evening News, in a comment from Assistant Chief Officer Lynne Potts: “This was very much an isolated incident. We […]

Read More »