Another fine mess

For those working in Data Protection, there are many interesting things to note about the forthcoming General Data Protection Regulation. There is the clarification of consent, which may send tawdry marketers into a spin. There is the tightening of the rules over criminal records. There is the helpful emphasis on risk. My current favourite thing is a […]

Read More »

The Gamekeeper’s Fear of the Penalty

Amongst the hype over the end of negotiations over the new EU Data Protection Regulation, one theme kept emerging again and again: Big Penalties. It’s understandable that people might want to focus on it. The UK goes from a maximum possible penalty of £500,000 to one of just under £15,000,000 (at today’s Euro conversion rate) or even 4% […]

Read More »

Whoops!

Yesterday, after at least a year of pondering it, the Information Commissioner asked the Universities and Colleges Admissions Service (UCAS) to sign an undertaking, agreeing to change the way in which they obtain consent to use students’ data. The data is obtained as part of the application process and subsequently used for marketing a variety of products […]

Read More »

Out of control

Heralded by an annoying quiz that seemed to bamboozle everyone who tried it (and which has mysteriously vanished from the website *UPDATE* it can be found here), the ICO has issued new guidance on data processors. It is called, with admirable brevity, ‘Data controllers and data processors: what the difference is and what the governance implications […]

Read More »

“Appalling”

The British Pregnancy Advisory Service has just received a Civil Monetary Penalty of £200,000 for breaching the seventh principle of the Data Protection Act. A hacker, intent on vandalising the BPAS website, discovered a vulnerability in its coding. The details of thousands of women who had requested a call back about BPAS’ various abortion and […]

Read More »

A poor lookout

I doubt I will ever wholly approve of anyone in the role of Information Commissioner until the Ministry of Justice comes to its senses and gives the job to me. However, I have always much preferred the verve and acerbity of Christopher Graham to the overcautious lawyerly approach of his predecessor, Richard Thomas. I don’t […]

Read More »

Down these mean streets a man must go

Especially given my last blog accused the Information Commissioner’s Office of incompetence, it’s nice to be able to celebrate an aspect of their work. Yesterday, the directors of ICU Investigations (geddit?) and the company itself were convicted of blagging data from a variety of organisations, for a variety of organisations. If you’re expecting me to […]

Read More »

I see dead people

Before 2010, the ICO operated a brisk production line of undertakings to tackle the self-reported security breaches that came in the wake of the HMRC lost discs fiasco. Now they have the power to issue civil monetary penalties, the production line keeps humming. The obsession with security is such that even CMPs like the ones […]

Read More »