UK

Subscribe to UK RSS Feed

A Timely Reminder: Maintain Data Security in the Face of the Pandemic

The ongoing Coronavirus pandemic and related Government guidance, requiring social distancing and individuals to work from home where possible, has resulted in many organisations rapidly having to adapt the way in which they operate. Despite the unprecedented challenges that will need to be faced over the coming weeks, including in many cases significantly reduced resources … Continue Reading

The UK Government Sets Out How it Will Use Data During the Pandemic

Recently, the ICO published a statement about the use of mobile phone tracking during the COVID-19 crisis. The statement provided that generalised location data, where properly anonymised and aggregated, does not fall under the remit of data protection laws. In addition to this statement, the government has now set out further information on how it … Continue Reading

Morrisons Data Breach – Revisiting the “Rogue Employee” Question

As reported last week in our sister blog, Employment Law Worldview, the UK Supreme Court in a landmark decision has reversed the earlier decision of the Court of Appeal, finding that Morrisons is not vicariously liable for the actions of a disgruntled employee who unlawfully disclosed personal data belonging to nearly 100,000 colleagues.… Continue Reading

Further Update from ICO on COVID-19 and Individuals

The ICO has updated its own blog with more helpful information, this time for individuals who may be worried about the increased processing of their own personal data and sensitive information, in light of the ongoing COVID-19 crisis. Of interest to businesses and employers, is the recognition that whilst employees might think requests for information … Continue Reading

Update – ICO Issues Guidance on Data Protection and Coronavirus (COVID-19)

Further to our earlier blog on the data protection aspects of responding to COVID-19, we note that the ICO have now issued guidance on the matter, answering some of the key questions for organisations, businesses and employers. This is helpful guidance, issued under a statement aimed at public bodies and health practitioners, (so could easily … Continue Reading

Data Protection Issues Raised by Guidance and Efforts to Prevent the Spread of COVID-19

As government agencies and businesses attempt to deal with the ramifications of Covid-19, the potential impact on privacy rights should not be overlooked.  Certain measures that are under consideration to help combat the threat of the Covid-19 virus raise a number of questions about the practical impact of current guidance and efforts to prevent the … Continue Reading

PCI Data Security Standard Compliance Falling: What Could it Cost You?

Is compliance with payment card data security standards being ignored? In a world where data breach scrutiny and sanctions have increased dramatically, compliance with payment card security standards have fallen. Sam Tibbetts has drafted a post on our sister blog, Global IP & Technology Law, detailing the Payment Card Industry Data Security Standard, why businesses … Continue Reading

ICO Consults on the Processing of Criminal Convictions Personal Data

The ICO has recently launched a call for views on criminal convictions and offences data, or related security measures, under Article 10 of the GDPR. It is specifically consulting on market practice and understanding in this area. The Legal Framework The legal framework surrounding the collection and use of criminal convictions data is complex and … Continue Reading

ICO Wants to Hear Your Views on the Design of its New Accountability Toolkit

In an October 28, 2019 blog post, Director for Regulatory Assurance, Ian Hulme, announced that the UK Information Commissioner’s Office (“ICO”) is developing a new ‘accountability toolkit’ which it plans to launch next year. The aim of the toolkit will be to support organisations in demonstrating their compliance with the ‘accountability principle’ under the GDPR[1]. … Continue Reading

UK Ministry of Justice Announces Changes Regarding Privacy and Data Protection Claims

This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that … Continue Reading

Cookie Guidance from the UK ICO

Many websites rely on implied consent to set cookies notwithstanding the fact that website cookies require the same opt-in consent as marketing emails.  The UK Information Commissioner’s Office (ICO) has made it clear in its new guidance that “opt-in”’ consent must be obtained to set non-essential cookies, such as analytics cookies. Our team has published … Continue Reading

Are DPOs the Best Solution?

On 30 April, Squire Patton Boggs and the Digital Policy Alliance held an event entitled “Data Governance Under the GDPR: Are DPOs the Best Solution?” The aim of the session was to explore different approaches to the management of tasks involved in data governance, data protection and compliance, and the advantages and disadvantages of having … Continue Reading

Have You Paid Your Data Protection Fee?

The ICO has issued a penalty notice to over 100 organisations for failing to pay their data protection fee. Failing to pay this fee due to an innocent mistake may not be accepted as a viable excuse, as demonstrated by the recent judgement in Farrow & Ball Limited v The Information Commissioner (Dismissed) [2019] UKFTT … Continue Reading

How Might a No-Deal Brexit Impact Your Organisation’s Data Protection Obligations?

The UK Parliament has today, 15th January 2019, rejected the Government’s Brexit withdrawal agreement with the EU. This turn of events, which was widely anticipated, increases the prospect of a no deal Brexit, i.e. a break-up without a divorce settlement. According to law, the UK will leave the EU on 29th March 2019 with no … Continue Reading

The ICO’s New Year’s Resolutions

The ICO has published a draft Regulatory Action Policy (“Policy”) on 28 June 2018 available here, supplementing its Information Rights Strategic Plan for 2017-2021 (here) and International Strategy for 2017-2021 (here). This Policy provides an overview of how and to what extent the ICO will use its newly expanded regulatory enforcement powers provided by the … Continue Reading

The Impact of Data Protection on Children

Many readers may be reading this blog when a notification from their fitness tracker pops up instructing them to stand up. Children are now beginning to wear trackable devices too. These devices are connected to the internet and may process a child’s personal data. Many children have and use social media accounts and there is … Continue Reading

Have You Paid Your Data Protection Fee?

The Data Protection (Charges and Information) Regulations 2018 came into force in May 2018. Generally, these Regulations mean that Controllers must pay the ICO an annual data protection fee unless they are exempt. The exemptions are relatively limited. The requirement to pay an annual fee replaces the previous requirement to register with the ICO. The … Continue Reading

ICO’s Consultation on Direct Marketing Code of Practice

Direct marketing has been a focus of the UK data protection regulator, the Information Commissioner’s Office (ICO), for the last several years. Direct marketing for these purposes includes promotional messages that are sent directly to an individual recipient electronically (email or text), by post or communicated by phone. Such messages are considered to be unsolicited … Continue Reading

Why the ICO Fined Equifax £500,000

On 19th September 2018, the Information Commission Officer (“ICO”) fined credit reference agency Equifax Limited £500,000 for breaching the Data Protection Act 1998 (“DPA”). Finding that Equifax Limited failed to protect the personal data of up to 15 million UK individuals, the ICO awarded the maximum penalty for a breach under the DPA. The ICO … Continue Reading

Post GDPR Rise in Data-Related Complaints and Data Breach Notifications

Regulators across Europe, have recorded a sharp increase in the number of data-related complaints and data breach notifications since the General Data Protection Regulation (GDPR) came into force on 25 May 2018. The GDPR has radically reshaped how businesses can collect, use and store personal information. As a result of the new and expanded rights … Continue Reading

The Data Protection Fee – ICO fees under the GDPR

The obligation on controllers to pay a fee will remain in place following the implementation of the General Data Protection Regulation, the GDPR, on 25 May 2018. The fees act as the main source of funding for the UK’s data protection supervisory authority, the Information Commissioner’s Office (the ‘ICO’). The Government, which has a statutory … Continue Reading
LexBlog