Earlier this month, the Information Commissioner’s Office (ICO) brought a criminal prosecution against the parent company of Cambridge Analytica, SCL Elections, for failing to comply with an enforcement notice issued by the ICO. SCL was fined £15,000 and ordered to pay costs. The criminal prosecution may not sound surprising – after all, SCL had failed … Continue Reading
In August, the UK’s data protection regulator, the ICO, fined a Hertfordshire GP practice £40,000 under the Data Protection Act 1998 (“DPA”) after a subject access request (“SAR”) went badly wrong. A lack of process, training and supervision resulted in confidential details about a patient being sent to her estranged ex-partner, who then used them … Continue Reading
The practice of employers forcing employees or applicants to exercise subject access rights has been described by the UK’s Information Commissioner’s Office (‘ICO’) as a “clear perversion of an individual’s own rights”. It is now set to become a thing of the past in the UK and Ireland, as both jurisdictions bring laws into effect … Continue Reading
Following a public consultation in December 2012 on a draft version, the Information Commissioner’s Office (ICO) published its final Subject Access Code of Practice on 8 August 2013. Like all other data protection laws in the EU, the Data Protection Act 1998 (DPA) includes the principle that anyone has the right to find out what … Continue Reading