The Information Commissioner is calling for nominations for the second Practitioner Award for Excellence in Data Protection, to recognise those practitioners who go above and beyond when it comes to implementing data protection in practice. Recognising the increasingly vital role played by data protection professionals, the Commissioner says that 2018 was the year that privacy and data security went mainstream. This included a once-in-a-generation reform of data protection laws, high-profile public debates about the use of personal data, and people increasingly exercising their rights. Privacy rights remain in the international…
Tag: Data
Blog: Data protection and Brexit – ICO advice for organisations
Information Commissioner Elizabeth Denham sets out how the ICO is helping businesses, particularly SMEs, prepare for a possible no-deal Brexit 13 December 2018 The basis on which the UK will leave the EU has still to be decided. The Government has made clear that the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow. But organisations that rely on the transfers of personal data between the UK…
ICO issues the first fines to organisations who have not paid the data protection fee
Organisations across the business services, construction and finance sectors are among the first to be fined by the ICO for not paying the data protection fee. All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350. This follows regulations which came into force alongside the new Data Protection Act on 25 May 2018. These first organisations have been fined for not renewing their fees following their…
ICO issues the first fines to organisations that have not paid the data protection fee.
The ICO has issued the first fines for not paying the data protection fee to organisations across a range of sectors including business services, construction, finance, health and childcare. All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350. This follows regulations which came into force alongside the new Data Protection Act on 25 May 2018. These first organisations have been fined for not renewing their fees…
ICO fines Uber £385,000 over data protection failings
The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack. A series of avoidable data security flaws allowed the personal details of around 2.7million UK customers to be accessed and downloaded by attackers from a cloud-based storage system operated by Uber’s US parent company. This included full names, email addresses and phone numbers. The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were…
Information Commissioner’s Office appoints in-house expert to research and investigate the impact of Artificial Intelligence on data privacy
The Information Commissioner’s Office (ICO) has appointed its first Postdoctoral Research Fellow in Artificial Intelligence (AI). Dr Reuben Binns, an influential figure in the emerging AI and data protection policy community, is joining the ICO on a fixed term fellowship. During his two-year term, Dr Binns will research and investigate a framework for auditing algorithms and conduct further in-depth research activities in AI and machine learning. His appointment supports the ICO’s goal of developing and enhancing its expertise and work in this increasingly important area. Dr Binns is currently a…
ICO finds Metropolitan Police Service’s Gangs Matrix breached data protection laws
An investigation by the Information Commissioner’s Office (ICO) found that the Metropolitan Police Service’s (MPS) use of the Gangs Matrix led to multiple and serious breaches of data protection laws. The investigation into the Gangs Matrix, a database that records intelligence related to alleged gang members, began in October 2017 after concerns were raised by Amnesty International. The ICO found that, whilst there was a valid purpose for the database, the inconsistent way it was being used did not comply with data protection rules. It has now issued an Enforcement…
Blog: Information Commissioner’s report brings the ICO’s investigation into the use of data analytics in political campaigns up to date
When we launched our investigation into the use of data analytics for political purposes in May 2017, we had little idea of what was to come. 6 November 2018 We were concerned about invisible processing – the ‘behind the scenes’ algorithms, analysis, data matching and profiling that involves people’s personal information. When the purpose for using these techniques is related to the democratic process, the case for a high standard of transparency is very strong. Since we began, the scope of our investigation has extended to 30 organisations, we have…
UK Information Commissioner elected chair of the International Conference of Data Protection and Privacy Commissioners
Elizabeth Denham, the UK’s Information Commissioner, has today been elected Chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC). Now in its fortieth year, the ICDPPC is the leading global forum of data protection and privacy authorities, encompassing more than 120 members across all continents. The ICDPPC works throughout the year on global data protection policy issues, adopts resolutions and statements addressed to governments and policymakers, and arranges a highly successful annual conference. On accepting her post, Elizabeth Denham said: “In the age of borderless data…
New data protection self-assessment checklist for sole traders
The ICO has today launched a self-assessment checklist that will help sole traders and self-employed individuals to assess their compliance with new data protection laws. The checklist is aimed at improving understanding of data protection and making sure sole traders are keeping people’s personal data secure. The new Data Protection Act 2018 and the General Data Protection Regulation (GDPR) came into force in May and the self-assessment checklist is part of a range of resources to raise awareness within the sole trader and self-employed community. It shows sole traders how…