Information Commissioner's Office

News & Analysis as of

Businesses can refuse Subject Access Requests made for the dominant purpose of litigation

The High Court has ruled that a business that receives a Subject Access Request ("SAR") can refuse to disclose the requested information in some cases, if the dominant purpose of the SAR is litigation. This appears to mark a...more

UK ICO Issues New Guidance on Privacy Notices

The UK’s Information Commissioner’s Office (ICO), the independent authority responsible for the enforcement of the Data Protection Act 1998 (DPA), has issued a revised code of practice (the Code) on communicating privacy...more

Company Bosses Can No Longer Dodge Nuisance Call Fines

In an ongoing effort to tackle nuisance calls, the UK government has signalled its intention to make company directors directly liable for breaches of the Privacy and Electronic Communications Regulations (PERC) carried out...more

UK to implement GDPR regardless of Brexit

The UK government has confirmed that it will implement the EU General Data Protection Regulation, notwithstanding the UK's decision to leave the EU. This announcement confirms that UK businesses will need to become GDPR...more

The Subject Access Request That Led to a Security Breach, or Why Having a System to Respond to Access Requests Is Essential

In August, the UK’s data protection regulator, the ICO, fined a Hertfordshire GP practice £40,000 under the Data Protection Act 1998 (“DPA”) after a subject access request (“SAR”) went badly wrong. A lack of process, training...more

Disclosing personal data – new protections for regulated sector firms?

New protections are being proposed in the UK to allow regulated sector firms to share information regarding suspicions relating to money laundering and terrorist financing, in circumstances where law enforcement has been...more

A Month in UK Employment Law - November 2016

Taxation of termination payments draft legislation published - At present, in certain circumstances the first £30,000 of a termination payment is exempt from income tax and national insurance ("NIC"). However, there have...more

United Kingdom to Implement EU General Data Protection Regulation

UK Secretary of State Karen Bradley recently confirmed that the United Kingdom will implement the European Union’s General Data Protection Regulation (GDPR), the regulation by which the European Commission intends to...more

UK ICO recommends personal liability of directors for breaches of data protection law

At a recent Parliamentary meeting to discuss the draft Digital Economy Bill, the UK Information Commissioner recommended imposing personal liability and accountability upon company directors. If such liability is imposed, it...more

UK ICO Offers Guidance on Privacy Notices Under the GDPR and the UK Data Protection Act

In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more

UK ICO issues largest ever fine for a data breach

The UK Information Commissioner's Office (the "ICO") has issued a record fine of £400,000 to a UK telecoms company, in connection with a data breach that took place in October 2015. The fine, and the related adverse...more

TalkTalk handed record fine in data protection breach in the UK

TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority). Significantly the fine was imposed after a...more

TalkTalk Loses Appeal Against £1,000 fine at the Information Tribunal

Telecoms service provider TalkTalk has lost an appeal against it for a £1,000 fixed penalty after the Information Commissioner’s office (ICO) ruled it had failed to report a personal data breach within the required 24 hours’...more

ICO Reminds Organisations of EU-U.S. Personal Data Transfer Obligations

The Interim Deputy Commissioner at the Information Commissioner’s Office (“ICO”), Steve Wood, has published a blog reminding organisations of their obligations when transferring personal data to the United States, pursuant to...more

Employment Law Briefing

Brexit — Keep Calm and Carry On - The Brexit referendum elicited strong feelings amongst “Leavers” and “Remainers”, and will likely continue to do so. In the UK it is generally not as common for co-workers to discuss...more

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications...more

Cybersecurity in life sciences: what is your duty of care?

Cybersecurity continues to be headline-grabbing news, particularly following recent reports of high-profile cyber attacks on a number of major well-known corporations. Conscious of their fiduciary duties, boardrooms of global...more

IT, Commercial and Outsourcing Contracts: Brexit Top 10

According to Theresa May, the UK’s recently installed prime minister, Brexit means Brexit. But what this actually means in practice is still unknown. There is still a huge amount of debate over what Brexit will look like,...more

Brexit: Preparing for the Unknown — Practical steps

The UK’s new Prime Minister Theresa May has said: “The country voted to leave the European Union, and as prime minister I will make sure that we leave the European Union.” That seems like a clear statement, but the...more

Brexit: Baroness Neville-Rolfe on Data Implications

At the beginning of July, Baroness Neville-Rolfe gave a speech at the annual Privacy Laws & Business conference, outlining the government’s stance on the implications of Brexit for a range of data issues including the GDPR,...more

Brexit: What You Need To Know - Data Protection

Despite the potential Brexit, the long awaited General Data Protection Regulation (GDPR) which is due to come into force on May 25, 2018 remains relevant to the UK, as the UK is highly likely to still be a member state of the...more

Privacy & Cybersecurity Newsletter: July 2016

General Data Protection Regulation Update - As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more

BREXIT: What Does It Mean for Data Protection and What Should You Be Doing Now?

While we wait to see what the BREXIT result will mean for the UK’s data protection regime, it is important to recognize that the result will not change anything immediately. The exact nature of the post-BREXIT UK-EU...more

What Brexit Means for Data Protection

For global pharmaceutical and medical device companies handling personal data in the European Union (EU) or engaged in transatlantic data transfers, some of the many questions created by the Brexit vote include what its...more

The Potential Impact of a BREXIT on the UK’s Data Protection Regime

In immediate response to the outcome of the recent referendum in the United Kingdom (UK) to leave the European Union (EU), the UK’s data protection regulator, the Information Commissioner’s Office (ICO) released the following...more

79 Results
|
View per page
Page: of 4
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×