Your Front Page For Information Governance News
Analysis and Commentary about Data Protection, GDPR, FOI, Cyber Security and Surveillance laws
One of the most popular search terms on our blog is “disclosure of names under FOI.”A further question that we were recently asked on a course is whether FOI practitioners should provide their names when they respond to requests. There have been some important developments since 2013 and our last two blogs on this topic. The provisions of S.40(2) of the Freedom of … Continue reading “Disclosure Staff Names in FOI Requests “
This is an FOI decision from the Information Commissioner that I have planned to blog about for some time, but have now only just got round to blogging about it. On 11 March 2013 the ICO issued decision notice FS50468600 which involved the Department for Work and Pensions (DWP). The content of the decision notice … Continue reading “Disclosure of Staff Names in FOI Refusals”
When considering request for information under the Freedom of Information Act 2000(FOI) public authorities often face a dilemma about disclosing names of staff. Names are generally considered to be personal data, being information relating to living identifiable individuals (as defined by the Data Protection Act 1998 (DPA)). (Although one Information Tribunal (as it was known … Continue reading “Disclosure of Staff Names under FOI”
Last week, the Government signalled its plans to reform the UK Data Protection regime by publishing its response to the consultation launched in September last year. In “Data: A New Direction” the Government said it intended “to create an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data.” Time will tell whether the … Continue reading “The Future of the UK Data Protection Regime”
The Information Commissioner’s Office (ICO) has fined the Cabinet Office £500,000 for disclosing postal addresses of the 2020 New Year Honours recipients online. The New Year Honours list is supposed to “recognise the achievements and service of extraordinary people across the United Kingdom.” However in 2020 the media attention was on the fact that, together with the names … Continue reading “Cabinet Office Receives £500,000 GDPR Fine”
A Scottish charity has been issued with a £10,000 monetary penalty notice following the inadvertent disclosure of personal data by email. On 18th October, HIV Scotland was found to have breached the security provisions of the UK GDPR, namely Articles 5(1)(f) and 32, when it sent an email to 105 people which included patient advocates representing people living with … Continue reading “GDPR Fine for Charity E Mail Blunder”
The Labour Relations Agency in Northern Ireland has apologised for sharing the email addresses and, in some cases the names, of more than 200 service users. https://www.bbc.co.uk/news/uk-northern-ireland-58988092 Here is Ibrahim Hasan’s interview with BBC Radio Ulster: More media interviews by Ibrahim here.
The first GDPR fine issued by the Information Commissioner’s Office (ICO) has been reduced by two thirds on appeal. In December 2019, Doorstep Dispensaree Ltd, a company which supplies medicines to customers and care homes, was the subject of a Monetary Penalty Notice of £275,000 for failing to ensure the security of Special Category Data. Following an investigation, … Continue reading “First ICO GDPR Fine Reduced on Appeal”
On 8th July 2021, the Information Commissioner’s Office (ICO) fined the transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.In particular this led to a breach of the Articles 5(l)(f) and 32(1) and (2) of the GDPR. The ICO found that Mermaids failed to implement an appropriate level of organisational and technical security to its internal email … Continue reading “First GDPR Fine Issued to a Charity”
GDPR fines are like a number 65 bus. You wait for a long time and then three arrive at once. In the space of a month the Information Commissioner’s Office (ICO) has issued three Monetary Penalty Notices. The latest requires Ticketmaster to pay £1.25m following a cyber-attack on its website which compromised millions of customers’ personal information. The ICO investigation into this breach found a vulnerability in a third-party chatbot built by Inbenta Technologies, which Ticketmaster had installed on its online … Continue reading “Ticketmaster Fined £1.25m Over Cyber Attack”
