Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
The Information Commissioner's Office (ICO) has issued a statement confirming that data protection will not stop the need for businesses to share information quickly, or adapt the way they work to face the unprecedented...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
A few days ago the UK’s Department for Digital, Culture, Media & Sport introduced the Data Protection Bill 2017 (“the Bill”). Once adopted by the legislature, the Bill will replace the Data Protection Act 1998, which is...more
Back in 2015, DeepMind, a Google company, signed a deal with the Royal Free NHS Foundation Trust. The deal allowed DeepMind access to 1.6 million patients health information as well as the ability to develop an app called...more
This month the ICO updated its Subject Access Code of Practice, which gives guidance to data controllers on how to respond to subject access requests from data subjects. The Code itself is not legally binding, but provides...more
Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure....more
On January 24, 2013, the UK Data Protection Watchdog — the UK Information Commissioner's Office (ICO) — fined Sony Computer Entertainment Europe Limited £250,000 (about $400,000) for its alleged failure to implement...more
Introduction - On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security...more
The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during which hackers gained access to personal data (including credit card information) of over 77 million...more
The much-anticipated Leveson Inquiry on the Culture, Practices and Ethics of the Press (“Leveson Report” or “Report”) was released on November 29, 2012. The inquiry leading to the Report was initiated as a response to ongoing...more
New guidance defines when electronically held personal data is "beyond use" once deleted. As part of its mission to assist companies to understand and fulfil their obligations under the UK's Data Protection Act 1998...more
On 16 August 2012, the ICO published guidance on deleting personal data under the Data Protection Act 1998 (DPA). The guidance describes how organisations can ensure compliance with the DPA when they delete or archive...more