Search Results for: privacy notice

Ticketmaster Fined £1.25m Over Cyber Attack

GDPR fines are like a number 65 bus. You wait for a long time and then three arrive at once. In the space of a month the Information Commissioner’s Office (ICO) has issued three Monetary Penalty Notices. The latest requires Ticketmaster to pay £1.25m following a cyber-attack on its website which compromised millions of customers’ personal information.   The ICO investigation into this breach found a vulnerability in a third-party chatbot built by Inbenta Technologies, which Ticketmaster had installed on its online … Continue reading “Ticketmaster Fined £1.25m Over Cyber Attack”

The Marriott Data Breach Fine

The Information Commissioner’s Office (ICO) has issued a fine to Marriott International Inc for a cyber security breach which saw the personal details of millions of hotel guests being accessed by hackers. The fine does not come as a surprise as it follows a Notice of Intent, issued in July 2018. The amount of £18.4 million though is much lower than the £99 million set out in the notice.   The Data  Marriott estimates … Continue reading “The Marriott Data Breach Fine”

The Schrems II Judgement

On 16th July 2020 the Court of Justice of the European Union (CJEU) delivered the landmark judgment in Case C‑311/18 Data Protection Commissioner v Facebook Ireland Ltd., and Maximillian Schrems, also known as “Schrems II”. This case will have a seismic impact on the transfer of personal data outside the European Economic Area (EEA) under … Continue reading “The Schrems II Judgement”

The New Dubai (DIFC) Data Protection Law

1st of July 2020 is a key date in the development of global data protection law. The  California Consumer Privacy Act  (CCPA)  became fully enforceable on this date following a six month grace period.  The Act regulates the processing of California consumers’ personal data, regardless of where a company is located. It provides broader rights to consumers and stricter … Continue reading “The New Dubai (DIFC) Data Protection Law”

The BA and Marriot Data Breaches: The ICO takes its gloves off!

This week we saw the Information Commissioner’s Office (ICO) finally signal its intention to use its powers to issue to issue Monetary Penalty Notices (fines) under the General Data Protection Regulation (GDPR).  Two Notices of Intent have been issued.  Both relate to cyber security incidents but are for different reasons and amounts. Under the GDPR, … Continue reading “The BA and Marriot Data Breaches: The ICO takes its gloves off!”

GDPR: One Year on

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 came into force on 25th May 2018 with much fanfare. The biggest change to data protection law in 20 years, with GDPR carrying a maximum fine of 20 million Euros or 4% of gross annual turnover (whichever is higher), the marketing hype, emails and … Continue reading “GDPR: One Year on”

ICO Refuses to Disclose GDPR Policy Document for Special Categories Data

In the months leading up to 25th May 2018, data controllers will have been working like Trojans to become GDPR compliant. Data Protection Officers may have been pulling their hair out at the length of their ‘to do lists’.  Not least, working out what their lawful basis or processing is, drafting Privacy Notices in clear and plain English, reviewing … Continue reading “ICO Refuses to Disclose GDPR Policy Document for Special Categories Data”

GDPR is coming but don’t panic!

The General Data Protection Regulation (GDPR)will come into force in 3 weeks time. 25thMay though is not a cliff edge; nor is it doomsday when the Information Commissioner will start wielding her 20million Euro (fine) stick! In December, the Commissioner addressed some of the myths being peddled about GDPR: “I‘ve even heard comparisons between the GDPR … Continue reading “GDPR is coming but don’t panic!”

Book Review: Blackstone’s’ Guide to the Investigatory Powers Act 2016 by Simon McKay (@simonmckay)

The Investigatory Powers Act received Royal Assent on 29 November 2016. Nicknamed “the Snoopers’ Charter”, the Act provides that communications service providers may be required by the Secretary of State to retain communications data, for up to 12 months, where it is considered necessary and proportionate to do so and where that decision has been approved … Continue reading “Book Review: Blackstone’s’ Guide to the Investigatory Powers Act 2016 by Simon McKay (@simonmckay)”

What impact will GDPR have on your CCTV systems?

There are now less that nine months to go before the General Data Protection Regulation (GDPR) comes into force replacing the Data Protection Act 1998 (DPA). So what should operators and controllers of CCTV and video systems be doing now? The short answer is, ensure you are complying with the current law and don’t believe … Continue reading “What impact will GDPR have on your CCTV systems?”