Asia Pacific Privacy Authorities (APPA) Forum

I’m a long way from my own front door! Or at least my front door in my adopted country! But I must say in some ways I feel right at home. My links with APPA are wide and deep. When I was Privacy Commissioner for British Columbia I held the secretariat for APPA and I have fond memories of hosting APPA meetings in Vancouver. I am a frequent flier. Once a month, I travel to Brussels to sit on the European Data Protection Board with regulators from 27 other EU…

International Privacy Forum | ICO

I’m a long way from my own front door! Or at least my front door in my adopted country! But I must say in some ways I feel right at home. My links with APPA are wide and deep. When I was Privacy Commissioner for British Columbia I held the secretariat for APPA and I have fond memories of hosting APPA meetings in Vancouver. I am a frequent flier. Once a month, I travel to Brussels to sit on the European Data Protection Board with regulators from 27 other EU…

Former GP surgery secretary fined for reading medical records of 231 patients in two years

A former trainee secretary at a GP surgery has been fined after she admitted unlawfully reading the records of 231 patients in two years. Hannah Pepper was employed at the Fakenham Medical Practice in Norfolk in August 2015 and her duties included lawfully accessing medical records to assist doctors, solicitors and insurance companies. However, despite being trained in the legal and ethical requirements for patient confidentiality, the surgery discovered in October 2017 that she had been reading a work colleague’s patient file without consent. A subsequent investigation by the surgery…

ICO issues the first fines to organisations who have not paid the data protection fee

Organisations across the business services, construction and finance sectors are among the first to be fined by the ICO for not paying the data protection fee. All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350. This follows regulations which came into force alongside the new Data Protection Act on 25 May 2018. These first organisations have been fined for not renewing their fees following their…

ICO fines Uber £385,000 over data protection failings

The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack. A series of avoidable data security flaws allowed the personal details of around 2.7million UK customers to be accessed and downloaded by attackers from a cloud-based storage system operated by Uber’s US parent company. This included full names, email addresses and phone numbers. The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were…

Blog: ICO regulatory sandbox | ICO

ICO analysing initial responses to regulatory sandbox project 21 November 2018 We published a ‘call for views’ on the development of our regulatory sandbox back in September, in line with the commitment made in our Technology Strategy to consult before the end of this year. We were keen to explore a wide range of issues, from identifying areas where data protection might be perceived as a barrier to innovation to the general scope of the sandbox and on to some more detailed questions about what mechanisms and operational approaches we…

Information Commissioner’s Office appoints in-house expert to research and investigate the impact of Artificial Intelligence on data privacy

The Information Commissioner’s Office (ICO) has appointed its first Postdoctoral Research Fellow in Artificial Intelligence (AI). Dr Reuben Binns, an influential figure in the emerging AI and data protection policy community, is joining the ICO on a fixed term fellowship. During his two-year term, Dr Binns will research and investigate a framework for auditing algorithms and conduct further in-depth research activities in AI and machine learning. His appointment supports the ICO’s goal of developing and enhancing its expertise and work in this increasingly important area. Dr Binns is currently a…

Blog: Information Commissioner’s investigation into the Metropolitan Police Service’s Gangs Matrix concludes with enforcement action

Gang violence is a matter of national concern – but the tools to tackle it must be fair, fit for purpose and above all, trusted by those communities at most risk 16 November 2018 Violent gang crime in London is a matter of national concern. At a time when children are tragically being murdered on the streets and with nearly 200 gangs operating in London, this is a very real and immediate concern and the challenges faced by the Metropolitan Police Service cannot be underestimated. I have the utmost respect…

ICO finds Metropolitan Police Service’s Gangs Matrix breached data protection laws

An investigation by the Information Commissioner’s Office (ICO) found that the Metropolitan Police Service’s (MPS) use of the Gangs Matrix led to multiple and serious breaches of data protection laws. The investigation into the Gangs Matrix, a database that records intelligence related to alleged gang members, began in October 2017 after concerns were raised by Amnesty International. The ICO found that, whilst there was a valid purpose for the database, the inconsistent way it was being used did not comply with data protection rules. It has now issued an Enforcement…