On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
The Information Commissioner's Office (ICO) has issued a statement confirming that data protection will not stop the need for businesses to share information quickly, or adapt the way they work to face the unprecedented...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
The U.K. Information Commissioner’s Office, the U.K.’s independent body for the upholding of information rights in the public interest, has issued a consultation paper on proposals that it be granted investigative and other...more
A data subject (defined in the GDPR as an identified or identifiable natural person) has a right under the General Data Protection Regulation (GDPR) to make a data subject access request (DSAR) to find out what personal data...more
Brexit raises critical issues regarding the future transfer of personal data outside of the EU, not least as to the role of the UK Data Protection Authority, the Information Commissioner’s Office (“ICO”), and as to its...more
A few days ago the UK’s Department for Digital, Culture, Media & Sport introduced the Data Protection Bill 2017 (“the Bill”). Once adopted by the legislature, the Bill will replace the Data Protection Act 1998, which is...more
The UK's Information Commissioner, Elizabeth Denham, has launched a series of blogs designed to “bust some of the myths” which she believes have developed around the EU General Data Protection Regulation (GDPR). Her first...more
Back in 2015, DeepMind, a Google company, signed a deal with the Royal Free NHS Foundation Trust. The deal allowed DeepMind access to 1.6 million patients health information as well as the ability to develop an app called...more
This month the ICO updated its Subject Access Code of Practice, which gives guidance to data controllers on how to respond to subject access requests from data subjects. The Code itself is not legally binding, but provides...more
Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure....more
Brexit — Keep Calm and Carry On - The Brexit referendum elicited strong feelings amongst “Leavers” and “Remainers”, and will likely continue to do so. In the UK it is generally not as common for co-workers to discuss...more
General Data Protection Regulation Update - As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more
Under section 56 of the Data Protection Act 1998 (DPA), it is now a criminal offence for any person or organisation to require an individual to submit a ‘subject access request’ (i.e. the right for an individual to access any...more
On January 24, 2013, the UK Data Protection Watchdog — the UK Information Commissioner's Office (ICO) — fined Sony Computer Entertainment Europe Limited £250,000 (about $400,000) for its alleged failure to implement...more
Introduction - On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security...more
The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during which hackers gained access to personal data (including credit card information) of over 77 million...more
The much-anticipated Leveson Inquiry on the Culture, Practices and Ethics of the Press (“Leveson Report” or “Report”) was released on November 29, 2012. The inquiry leading to the Report was initiated as a response to ongoing...more
New guidance defines when electronically held personal data is "beyond use" once deleted. As part of its mission to assist companies to understand and fulfil their obligations under the UK's Data Protection Act 1998...more
On 16 August 2012, the ICO published guidance on deleting personal data under the Data Protection Act 1998 (DPA). The guidance describes how organisations can ensure compliance with the DPA when they delete or archive...more