A New GDPR Fine and a New ICO Enforcement Approach

Since May 25th 2018, the Information Commissioner’s Office (ICO) has issued ten GDPR fines. The latest was issued on 30th June 2022 to Tavistock and Portman NHS Foundation Trust for £78,400. The Trust had accidentally revealing 1,781 adult gender identity patients’ email addresses when sending out an email. This is the second ICO fine issued to a Data Controller in these circumstances. In … Continue reading “A New GDPR Fine and a New ICO Enforcement Approach”

ICO Fines “World’s Largest Facial Network”

The Information Commissioner’s Office has issued a Monetary Penalty Notice of £7,552,800 to Clearview AI Inc for breaches of the UK GDPR.  Clearview is a US based company which describes itself as the “World’s Largest Facial Network”. It allows customers, including the police, to upload an image of a person to its app, which is then … Continue reading “ICO Fines “World’s Largest Facial Network””

Law Firm Fined For GDPR Breach: What Went Wrong? 

On 10th March the Information Commissioner’s Office (ICO) announced that it had fined Tuckers Solicitors LLP £98,000 for a breach of GDPR. The fine follows a ransomware attack on the firm’s IT systems in August 2020. The attacker had encrypted 972,191 files, of which 24,712 related to court bundles.  60 of those were exfiltrated by the attacker and … Continue readingLaw Firm Fined For GDPR Breach: What Went Wrong? 

Cabinet Office Receives £500,000 GDPR Fine

The Information Commissioner’s Office (ICO) has fined the Cabinet Office £500,000 for disclosing postal addresses of the 2020 New Year Honours recipients online. The New Year Honours list is supposed to “recognise the achievements and service of extraordinary people across the United Kingdom.” However in 2020 the media attention was on the fact that, together with the names … Continue reading “Cabinet Office Receives £500,000 GDPR Fine”

GDPR Fine for Charity E Mail Blunder

A Scottish charity has been issued with a £10,000 monetary penalty notice following the inadvertent disclosure of personal data by email.  On 18th October, HIV Scotland was found to have breached the security provisions of the UK GDPR, namely Articles 5(1)(f) and 32, when it sent an email to 105 people which included patient advocates representing people living with … Continue reading “GDPR Fine for Charity E Mail Blunder”

The WhatsApp GDPR Fine 

On 2nd September, the instant messaging service WhatsApp was fined €225 million by the Irish Data Protection Commission (DPC) under GDPR. It is the largest fine issued by the DPC and the second highest in the EU (In July Luxembourg’s National Commission for Data Protection fined Amazon €746 million after finding that the way the e-commerce giant handles people’s personal data, … Continue reading “The WhatsApp GDPR Fine “

First ICO GDPR Fine Reduced on Appeal

The first GDPR fine issued by the Information Commissioner’s Office (ICO) has been reduced by two thirds on appeal. In December 2019, Doorstep Dispensaree Ltd, a company which supplies medicines to customers and care homes, was the subject of a Monetary Penalty Notice of £275,000 for failing to ensure the security of Special Category Data. Following an investigation, … Continue reading “First ICO GDPR Fine Reduced on Appeal”

First GDPR Fine Issued to a Charity

On 8th July 2021, the Information Commissioner’s Office (ICO) fined the transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.In particular this led to a breach of the Articles 5(l)(f) and 32(1) and (2) of the GDPR.  The ICO found that Mermaids failed to implement an appropriate level of organisational and technical security to its internal email … Continue reading “First GDPR Fine Issued to a Charity”

Ticketmaster Fined £1.25m Over Cyber Attack

GDPR fines are like a number 65 bus. You wait for a long time and then three arrive at once. In the space of a month the Information Commissioner’s Office (ICO) has issued three Monetary Penalty Notices. The latest requires Ticketmaster to pay £1.25m following a cyber-attack on its website which compromised millions of customers’ personal information.   The ICO investigation into this breach found a vulnerability in a third-party chatbot built by Inbenta Technologies, which Ticketmaster had installed on its online … Continue reading “Ticketmaster Fined £1.25m Over Cyber Attack”

The Marriott Data Breach Fine

The Information Commissioner’s Office (ICO) has issued a fine to Marriott International Inc for a cyber security breach which saw the personal details of millions of hotel guests being accessed by hackers. The fine does not come as a surprise as it follows a Notice of Intent, issued in July 2018. The amount of £18.4 million though is much lower than the £99 million set out in the notice.   The Data  Marriott estimates … Continue reading “The Marriott Data Breach Fine”

%d bloggers like this: