Information Commissioner's Office

News & Analysis as of

UK Privacy Regulator Addresses Data Protection Under The GDPR

On Monday, March 6, 2017, the UK’s Information Commissioner’s Office (“ICO”) held its annual Data Protection Practitioners’ Conference. During the conference, Information Commissioner Elizabeth Denham, who was appointed to...more

United Kingdom Privacy Office Issues Guidance on Consent Under GDPR

The EU General Data Protection Regulation (GDPR), which takes effect in May 2018, will require companies to reassess their mechanisms for obtaining, tracking, and verifying individuals' consent. Companies will need clear and...more

ICO Seeks Extra Resources for GDPR Enforcement

On March 13, 2017, Elizabeth Denham, head of the UK data protection authority (“ICO”) publicly expressed her intention to massively recruit new personnel in an effort to be ready for the European (“EU”) general data...more

UK ICO Publishes Guidance on Consent Under GDPR

The UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year,...more

Health Company Fined by UK’s Information Commissioner Office

Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure....more

UK Launches Public Consultation on GDPR Consent Guidance

The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, replacing UK’s Data Protection Act 1998 (DPA). It is yet unclear how Brexit will play out, yet in the meantime the United Kingdom is moving to...more

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to...more

UK Reaffirms Commitment to GDPR while ICO Increases its International Focus

At the beginning of February, the Minister of State responsible for digital and culture policy, Matt Hancock, reaffirmed the UK’s commitment to implementing legislation mirroring the General Data Protection Regulation (GDPR),...more

Article 29 Working Party Adopts its 2017 Action Plan

In early January, the Article 29 Working Party (WP29) adopted its 2017 Action Plan (Action Plan) on the implementation of the General Data Protection Regulation (GDPR). Amongst the actions proposed, the Action Plan...more

“Do As I Say, Not As I Do”: A Business Specialising in Blocking Unsolicited Marketing Calls is Fined for Making Unsolicited...

It is difficult to miss the irony of the ICO’s first-awarded fine for nuisance calls since taking over the Telephone Preference Service (TPS), as reported in our earlier blog in December. IT Protect Ltd., a Bognor Regis...more

Cold but exhilarating in Davos

We're just back from our second visit to the Davos 'fringe' with Innovate Finance and several FinTech momentum players. Numerous events and discussions on a wide range of topics take place alongside the main World Economic...more

ICO to Assume Telephone Preference Service Responsibility

Effective 30 December 2016, the Information Commissioner’s Office (‘ICO’) will be responsible for recording and maintaining the Telephone Preference Service (‘TPS’) register. The TPS is a free service offered to the...more

Businesses can refuse Subject Access Requests made for the dominant purpose of litigation

The High Court has ruled that a business that receives a Subject Access Request ("SAR") can refuse to disclose the requested information in some cases, if the dominant purpose of the SAR is litigation. This appears to mark a...more

UK ICO Issues New Guidance on Privacy Notices

The UK’s Information Commissioner’s Office (ICO), the independent authority responsible for the enforcement of the Data Protection Act 1998 (DPA), has issued a revised code of practice (the Code) on communicating privacy...more

Company Bosses Can No Longer Dodge Nuisance Call Fines

In an ongoing effort to tackle nuisance calls, the UK government has signalled its intention to make company directors directly liable for breaches of the Privacy and Electronic Communications Regulations (PERC) carried out...more

UK to implement GDPR regardless of Brexit

The UK government has confirmed that it will implement the EU General Data Protection Regulation, notwithstanding the UK's decision to leave the EU. This announcement confirms that UK businesses will need to become GDPR...more

The Subject Access Request That Led to a Security Breach, or Why Having a System to Respond to Access Requests Is Essential

In August, the UK’s data protection regulator, the ICO, fined a Hertfordshire GP practice £40,000 under the Data Protection Act 1998 (“DPA”) after a subject access request (“SAR”) went badly wrong. A lack of process, training...more

Disclosing personal data – new protections for regulated sector firms?

New protections are being proposed in the UK to allow regulated sector firms to share information regarding suspicions relating to money laundering and terrorist financing, in circumstances where law enforcement has been...more

A Month in UK Employment Law - November 2016

Taxation of termination payments draft legislation published - At present, in certain circumstances the first £30,000 of a termination payment is exempt from income tax and national insurance ("NIC"). However, there have...more

United Kingdom to Implement EU General Data Protection Regulation

UK Secretary of State Karen Bradley recently confirmed that the United Kingdom will implement the European Union’s General Data Protection Regulation (GDPR), the regulation by which the European Commission intends to...more

UK ICO recommends personal liability of directors for breaches of data protection law

At a recent Parliamentary meeting to discuss the draft Digital Economy Bill, the UK Information Commissioner recommended imposing personal liability and accountability upon company directors. If such liability is imposed, it...more

UK ICO Offers Guidance on Privacy Notices Under the GDPR and the UK Data Protection Act

In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more

UK ICO issues largest ever fine for a data breach

The UK Information Commissioner's Office (the "ICO") has issued a record fine of £400,000 to a UK telecoms company, in connection with a data breach that took place in October 2015. The fine, and the related adverse...more

TalkTalk handed record fine in data protection breach in the UK

TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority). Significantly the fine was imposed after a...more

TalkTalk Loses Appeal Against £1,000 fine at the Information Tribunal

Telecoms service provider TalkTalk has lost an appeal against it for a £1,000 fixed penalty after the Information Commissioner’s office (ICO) ruled it had failed to report a personal data breach within the required 24 hours’...more

90 Results
|
View per page
Page: of 4
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×