Tag Archives: Information Commissioner’s Office (ICO)

Ransomware is on the rise – what to do if you are faced with a cyber attack

As a result of the COVID-19 pandemic, many more organisations have moved their business operations online.  From a cybersecurity and privacy perspective, this brings hackers and criminals greater opportunities to try to infiltrate the increased amount of devices and even deploy ransomware attacks. This is where malware is installed to block access to the user’s … Continue Reading

UK Amends Requirements for issuing Monetary Penalty Notice: No requirement to prove “substantial damage or distress”

The early part of 2015 saw major changes to the monetary fines that may be imposed for breaches of the Data Protection Act (‘DPA’). For example, unlimited fines may now be imposed by UK Magistrates’ courts for criminal offences under the DPA. The Information Commissioner’s Office (‘ICO’) has now seen similar changes to its powers. … Continue Reading

UK Public Authority Forced To Identify Private Sector Consultant Under Freedom of Information Act

The First Tier Tribunal General Regulatory Chamber (Information Rights) (the “FTT”), in the case of Alan Matthews v Information Commissioner [2014] EA/2012/0147, ruled that – despite being “personal data” – the name and qualifications of a private consultant should be released in response to a request under the Freedom of Information Act 2000 (“FOIA”). This … Continue Reading

UK Data Protection Watchdog Launches Public Consultation on Future Governance Strategy, ‘A 2020 Vision for Information Rights’

The UK Data Protection Watchdog, the Information Commissioner’s Office (ICO), has launched a public consultation on their future governance strategy, the ‘2020 Vision for Information Rights’. The ICO is being challenged by significant changes in the regulatory landscape triggered by imminent reform of EU data protection law. Simultaneously, the UK regulator is facing cutbacks in … Continue Reading

Information Rights Tribunal Rules Self Reporting Breaches To ICO Does Not Provide Immunity From Fines

This post was written by Cynthia O’Donoghue. A judgement of the Upper Tribunal of the UK Information Rights Tribunal (the Tribunal), in the case of Central London Community Healthcare Trust v Information Commissioner [2013] UKUT 0551 (AAC), has ruled that organisations which voluntarily report incidents of data security breaches to the ICO do not gain … Continue Reading

ICO Enforcement Powers Challenged as Tribunal Overturns £300,000 Monetary Penalty Notice

This post was written by Cynthia O’Donoghue. The First Tier Tribunal (Information Rights) granted appeal against a monetary penalty notice of £300,000 issued by the Information Commissioner in the case of Christopher Niebel v The Information Commissioner (EA/2012/2060), ruling that the penalty notice should be cancelled. The monetary penalty notice had been issued against Christopher … Continue Reading

UK Information Commissioner’s Office issues guidance on notification procedure for data security breaches

The UK Information Commissioner’s Office (ICO) published new guidance following the issuance of EC Regulation (No.611/2013) (The Notification Regulation) (see our blog), which aims to harmonise EU data breach notification procedure for ISPs and telecom providers. The ICO’s guidance seeks to interpret the Notification Regulation in line with Privacy and Electronic Communications (EC Directive) (Amendment) … Continue Reading

UK Data Protection Authority publishes new guidance and checklist on direct marketing.

UK data protection authority, the Information Commissioner’s Office (ICO), has published new guidance, an accompanying checklist, and an at-a-glance guide to help organisations understand the rules governing direct marketing under the Data Protection Act 1988 (DPA), and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR). The ICO guidance attempts to clarify direct … Continue Reading

UK Information Commissioner’s Office clarifies rules for social networking and online forums

This post was written by Cynthia O’Donoghue. In June 2013, the UK Information Commissioner’s Office (ICO) published new guidance entitled “Social networking and online forums—when does the DPA apply?” (Guidance). The document explains what must be considered by organisations that run social media sites, as well as by individuals who upload or download personal data … Continue Reading

The UK Information Commissioner advises on encrypting data

Keeping personal data secure is a well-established obligation under the UK data protection regime. The UK data protection watchdog, Information Commissioner’s Office (ICO), has published advice on using encryption to satisfy this requirement. The ICO recommends universal use of encryption, especially when the loss or theft of personal data could have detrimental effects on individuals. … Continue Reading