Your Front Page For Information Governance News
Analysis and Commentary about Data Protection, GDPR, FOI, Cyber Security and Surveillance laws
From 1st September 2013 public authorities will face new obligations when it comes to the release and re use of datasets. Recent publications provide more details about the new provisions and how public authorities should prepare for their implementation. The Protection of Freedoms Act 2012 amends the Freedom of Information Act 2000 (FOI). The key … Continue reading “1st September 2013: D Day for (FOI) Datasets”
The Protection of Freedoms Act will amend the Freedom of Information Act 2000 so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. The key points of Section 102 of the Act (which amend section 11 of FOI) are: There will be a new duty … Continue reading “FOI and Datasets: Draft Code of Practice”
The Protection of Freedoms Bill, currently at the Report stage in the House of Lords, will amend the Freedom of Information Act 2000 so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. However this may also bring an opportunity to raise some much needed … Continue reading “FOI and Datasets”
A Data Protection Impact Assessment (DPIA) helps Data Controllers identify the most effective way to comply with their GDPR obligations and reduce the risks of harm to individuals through the misuse of their personal data. A well-managed DPIA will identify problems and allow them to be fixed at an early stage, reducing the associated costs and damage to reputation, … Continue reading “The Importance of a DPIA”
The first three blog posts in this series have raised many issues about the proposed NHS COVID19 Contact Tracing App (COVID App) including the incomplete DPIA and lack of human rights compliance. In this final post we discuss concerns about how long the data collected by the app will be held and what it will … Continue reading “The NHS COVID 19 Contact Tracing App: Part 4 Questions about Data Retention and Function Creep”
GDPR has taken the limelight from other information governance legislation especially Freedom of Information. In July 2018, the Cabinet Office published a new code of practice under section 45 of the Freedom of Information Act 2000(FOI) replacing the previous version. In July 2015 the Independent Commission on Freedom of Information was established by the Cabinet … Continue reading “Revised S.45 Code of Practice under FOI”
Article 35 of GDPR introduces a new obligation on Data Controllers to conduct a Data Protection Impact Assessment (DPIA) before carrying out personal data processing likely to result in a high risk to the rights and freedoms of individuals. If the DPIA identifies a high risk that cannot be mitigated, the Information Commissioner’s Office (ICO) … Continue reading “GDPR and Data Protection Impact Assessments: When and How?”
Amongst all the hype about GDPR it is easy to miss developments in other areas of information law. In November 2017, the Cabinet Office published the revised code of practice (under section 45 of the Freedom of Information Act 2000) for consultation. In July 2015 the Independent Commission on Freedom of Information was established by … Continue reading “Freedom of Information: New Draft S.45 Code of Practice”
By Steve Morris On 1st September 2017 Lord Justice Fulford commenced his new role as the Investigatory Powers Commissioner. Assisted by the Investigatory Powers Commissioner’s Office (IPCO), he will undertake the oversight functions of three previous Commissioners under the Regulation of Investigatory Powers Act 2000 namely the Chief Surveillance Commissioner, Interception of Communications Commissioner and … Continue reading “RIPA Surveillance Oversight and Inspection Regime Changes”
The General Data Protection Regulation (GDPR) will come into force in about 10 months. There is plenty to learn and do before then including: Raising awareness about GDPR at all levels Reviewing how you address records management and information risk in your organisation. Reviewing compliance with the existing law as well as the six new … Continue reading “Data Protection Impact Assessments under GDPR”