Blog: Spotlight on the Children’s Code standards – best interests of the child, detrimental use of children’s data and data minimisation

A blog by Michael Murray, ICO’s Head of Regulatory Strategy 28 July 2021 Providing detailed explanations of each standard is one of the ways we’re supporting organisations to conform with the ICO’s Children’s Code. Our Spotlight blogs are aimed at organisations that are already familiar with the code and the UK General Data Protection Regulation (UK GDPR). If you’re new to the code and think you may be impacted by it, our Children’s Code video is a good place to start. Our second post focuses on the standards that compel…

Blog: Regulating through a pandemic and beyond

A blog by James Dipple-Johnston, Deputy Commissioner for Operations at the ICO 27 July 2021 When the ICO’s management team met at the start of the pandemic, to discuss how COVID-19 could impact the ICO’s work, our top priority was providing clarity to those we regulate. We knew that, in uncertain times, organisations needed us to be clear about how we would regulate, and what they could expect to see us do differently. That is why we published a document setting out our regulatory approach during the pandemic. We wanted to…

ICO approves the first UK eIDAS Regulations Qualified Trust Service Provider

The Information Commissioner’s Office has approved GlobalSign as the UK’s first qualified trust service provider [QTSP] under the UK eIDAS Regulations. Trust services are important to businesses as they help ensure electronic transactions can happen securely and legally using mechanisms such as electronic signatures. To become a QTSP organisations must undergo a conformity assessment to demonstrate they meet the requirements of the UK eIDAS Regulations. This is then checked by the ICO. GMO GlobalSign Ltd is the first company globally to have gone through this process in the UK under…

Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law

Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version. 20 July 2021 “Understanding how to assess compliance with data protection principles can be challenging in the context of AI. From the exacerbated, and sometimes novel, security risks that come from the use…

Blog: Reflecting on the past five years of fundraising and data protection regulation

Lord Toby Harris, Chair of the Fundraising Regulator & Elizabeth Denham CBE, the UK Information Commissioner, reflect on the past five years of fundraising and data protection regulation in the charity sector. It has been more than five years since serious public concerns were raised about how some charities were using the personal data they held about their donors. A lack of adequate fundraising regulation meant that practices of sharing and exchanging donor data had become common. A review of charitable fundraising regulation followed, which found that the existing regulatory…

Blog: What’s next for the Accountability Framework?

A blog by Anulka Clarke 15 July 2021  Accountability is a key data protection principle, but it is not one size fits all. So, when we launched the Accountability Framework in 2019, we knew that listening to and working with data protection professionals was going to be the key to success. We wanted to create something all data protection professionals could use to assess the effectiveness of the accountability measures they have in place and understand where they need to improve. Your feedback has helped us to achieve this. The…

ICO fines transgender charity for data protection breach exposing sensitive personal data

The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure. The ICO’s investigation began after it received a data breach report from the charity in relation to an internal email group it set up and used from August 2016 until July 2017 when it was decommissioned. The charity only became aware of the breach in June 2019. The ICO found that the group was created with insufficiently secure settings, leading to approximately 780 pages of confidential emails to be…

ICO publishes annual tracking research

77% of people say protecting their personal information is essential, research commissioned by the ICO has found. The survey of over 2,000 individuals monitors changes in what people think about data protection and freedom of information, and how they utilise their information rights. This has been especially important during the pandemic where the public and organisations have had to quickly adapt their daily lives and businesses. The survey, carried out by Harris Interactive, also shows levels of trust and confidence in how companies and organisations store and use personal information…

Blog: ICO launches investigation into the use of private correspondence channels at the Department of Health and Social Care

A blog by Elizabeth Denham, UK Information Commissioner 06 July 2021 The role of transparency as fundamental to democracy has never been clearer than in the past eighteen months. Government decisions about public health and civil liberties, about where we can travel and who we can see, about vaccines and testing, about supporting and reshaping economies – all these decisions are made on behalf of society by those in power. The effects of decisions taken during this time will be with us for years to come. It is through transparency…

Blog: ICO creates practical design guidance to help embed children’s privacy standards

In May, I blogged about how we wanted to collaborate with the digital design community to create practical guidance to support conformance with the ICO’s Children’s Code. Since then, we’ve held several co-design workshops and gained valuable insights into what the community needs from the guidance. By engaging with the community we’ve learned that smaller organisations and design companies need more help from us to implement the code in practice. Designers also told us that the guidance we produce must use language relevant for designers and contain practical content, such…