Dealing with a subject access request (SAR), whether or not the person making the request is an employee, can be very time consuming. The Information Commissioner’s Office (ICO) issued a Code of Practice in August 2013 on...more
A judgment recently handed down from the High Court clarifies the obligations of liquidators under the Data Protection Act 1998, providing them with greater personal protection from fines or other sanctions.
Last month, the UK Information Commissioner’s Office (UK ICO) published guidance on the application of the Data Protection Act 1998 (UK DPA) to social networking sites and online forums....more
On January 24, 2013, the UK Data Protection Watchdog — the UK Information Commissioner's Office (ICO) — fined Sony Computer Entertainment Europe Limited £250,000 (about $400,000) for its alleged failure to implement...more
On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security...more
The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during which hackers gained access to personal data (including credit card information) of over 77 million...more
The much-anticipated Leveson Inquiry on the Culture, Practices and Ethics of the Press (“Leveson Report” or “Report”) was released on November 29, 2012. The inquiry leading to the Report was initiated as a response to ongoing...more
The UK Data Protection Act 1998 (“DPA”) imposes various restrictions on “data controllers”, such as employers, when “processing” personal data relating to individuals. In particular, employers must comply with eight data...more
New guidance defines when electronically held personal data is "beyond use" once deleted.
As part of its mission to assist companies to understand and fulfil their obligations under the UK's Data Protection Act 1998...more
On 16 August 2012, the ICO published guidance on deleting personal data under the Data Protection Act 1998 (DPA). The guidance describes how organisations can ensure compliance with the DPA when they delete or archive...more