TELLING THE DIFFERENCE BETWEEN AN INCIDENT AND A BREACH

A handy guide for data protection regulators. 1) You are being asked about an eye-catching incident that is making the headlines, but which you have not investigated in any way. Is this: a) AN INCIDENT b) A BREACH 2) You have investigated an incident, and identified a specific principle that has not been properly complied […]

Read More »

“Appalling”

The British Pregnancy Advisory Service has just received a Civil Monetary Penalty of £200,000 for breaching the seventh principle of the Data Protection Act. A hacker, intent on vandalising the BPAS website, discovered a vulnerability in its coding. The details of thousands of women who had requested a call back about BPAS’ various abortion and […]

Read More »

Mother! Eat the Cookie! Eat It!

My favourite part of the Information Commissioner’s website is the blog, where a succession of ICO notables talk about how marvellous their particular corner of the business is. The enterprise appears to be modelled on the Opinion section of The Onion, and I look forward to each new instalment with childlike enthusiasm. I’m really hoping […]

Read More »

Where did I put that thing?

There was an unusually frank admission in the Register’s recent report (http://tinyurl.com/3k3j3xv) on their home-grown email SNAFU. Roughly 3000 people received an email containing the names and email addresses of roughly 45000 people because, in the Register’s words “The two-stage send process that is the norm for all of our mailers was over-looked because someone […]

Read More »