Otherwise responsible

Last week, the Information Commissioner issued a civil monetary penalty on Direct Assist Limited, a TPS-busting personal injury firm. As Direct Assist has been wound up by HMRC, all this means is that the ICO has added itself to Direct Assist’s list of creditors and the CMP will never be paid. It turns out the […]

Read More »

Concerns

At the end of July, the Information Commissioner issued a Civil Monetary Penalty on Think W3, an online travel company. Think W3 had flawed security and audit processes, and when a hacker gained access to Think W3’s customer data via a subsidiary company, the ICO (I think reasonably) concluded that the flawed framework was to blame. Think […]

Read More »

Freedom Fighters

At least according to TweetDeck, Ian Dunt’s opinion piece about FOI on Politics.co.uk has struck a chord. For days, I have seen the headline being retweeted uncritically, usually by journalists: “How Whitehall neutered the FOI Act’. The article itself is stirring stuff. Take this: “Since the Act was passed it has become increasingly useless. Now, […]

Read More »

Angry birds

With two blogs already published on the question of Tweeted FOIs, there is every reason not to add to the noise. Alistair (@alistair_sloan) Sloan, from a legal perspective, has argued persuasively that a Tweeted FOI request has enough of the characteristics of a FOI request to often be valid. Bilal (@FOIkid) Ghafoor, from a more […]

Read More »

Out of control

Heralded by an annoying quiz that seemed to bamboozle everyone who tried it (and which has mysteriously vanished from the website *UPDATE* it can be found here), the ICO has issued new guidance on data processors. It is called, with admirable brevity, ‘Data controllers and data processors: what the difference is and what the governance implications […]

Read More »

It’s only words

The word ‘fine’ is easier and quicker to say than the phrase ‘civil monetary penalty’. Even if you truncate it to ‘CMP’, problems still arise when you get to verbs. ‘Fined’ is OK, but ‘CMPeed’ sounds silly. Occasionally, I am guilty of using ‘CMP’ and ‘fine’ interchangeably. The average attendee on a training course needs to […]

Read More »

TELLING THE DIFFERENCE BETWEEN AN INCIDENT AND A BREACH

A handy guide for data protection regulators. 1) You are being asked about an eye-catching incident that is making the headlines, but which you have not investigated in any way. Is this: a) AN INCIDENT b) A BREACH 2) You have investigated an incident, and identified a specific principle that has not been properly complied […]

Read More »

Dangerous Liaisons

“We found this meeting to be productive and are pleased with the level of cooperation between our respective organisations” Letter from David Evans, Strategic Liaison, Information Commissioner’s Office, to Christine Outram, Director of Strategic Intelligence, NHS England, 26 September 2013   As the care.data leaflet arrived in people’s homes in January, the ICO published a blog […]

Read More »

“Appalling”

The British Pregnancy Advisory Service has just received a Civil Monetary Penalty of £200,000 for breaching the seventh principle of the Data Protection Act. A hacker, intent on vandalising the BPAS website, discovered a vulnerability in its coding. The details of thousands of women who had requested a call back about BPAS’ various abortion and […]

Read More »