PECR

ICO issues Ministry of Justice with reprimand after confidential personal information left in prison holding area

Retrieved on: 
Saturday, May 27, 2023
Review, Freedom, Justice, Environmental Information Regulations 2004, EIR, Telephone, Policy, ICO, Disclosure, Prisoner, Information privacy, Trust, Record, Privacy, Data wrangling, Ministry of Justice (United Kingdom), Information, PECR, Ministry, FOIA, Risk, Telecommunications, Freedom of Information Act 2000, United Kingdom, NHS trust, NHS, Data Protection Act 1998, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Legislation, Cryptocurrency, Mail, Risk management, Audit, Property management

The ICO has issued a formal reprimand to the Ministry of Justice (MoJ) after confidential waste documents were left in an unsecured prison holding area.

Key Points: 
  • The ICO has issued a formal reprimand to the Ministry of Justice (MoJ) after confidential waste documents were left in an unsecured prison holding area.
  • During this time staff challenged prisoners who were openly reading the documents, but did nothing proactive to ensure the personal information was secured.
  • “Everyone has the right to expect their personal details will be kept secure and this includes in a prison environment, where exposure of personal information could potentially have serious consequences.
  • - The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information.

John Edwards, Information Commissioner, delivers a keynote speech at the Data and the Future of Financial Services Summit

Retrieved on: 
Saturday, May 27, 2023
Insurance, Technology, Home Office, Travel, UK Finance, Prevalence, Life, Marketing, Financial Conduct Authority, Synthetic media, ICO, Pioneer Fund, Information privacy, Privacy, Ofcom, Government, Competition, Thought, Information, PECR, Name, City, Bank of England, Risk, General Data Protection Regulation, Compliance, FCA, Home, AI, Bank, Fraud, Goldin Financial Global Centre, Environment, Risk management, Cryptocurrency, Pharmaceutical industry, Property management, Sales
Key Points: 

ICO takes action against both Plymouth City Council and Norfolk County Council for failing to respond to information access requests

Retrieved on: 
Monday, May 15, 2023
Plymouth City Council, Freedom, Delays, Norfolk County Council, SAR, Environmental Information Regulations 2004, EIR, Anxiety, Telephone, ICO, Information privacy, Privacy, Data wrangling, Information, PECR, FOIA, Outline, Time, Telecommunications, Freedom of Information Act 2000, Compliance, Data Protection Act 1998, United Kingdom, UK, SARS, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency, Property management, Life insurance

Both Plymouth City Council and Norfolk County Council repeatedly failed to meet the legal deadline of one to three months for responding to a SAR.

Key Points: 
  • Both Plymouth City Council and Norfolk County Council repeatedly failed to meet the legal deadline of one to three months for responding to a SAR.
  • There were 20 outstanding requests up to a year old, and eight requests still outstanding up to two years later.
  • The ICO has asked Norfolk County Council and Plymouth City Council to provide details of actions taken to address these recommendations within six months of the reprimand being issued.
  • - The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information.

ICO takes action against Shropshire Council for failing to respond to Freedom of Information requests

Retrieved on: 
Tuesday, May 9, 2023
Freedom, Shropshire Council, Environmental Information Regulations 2004, EIR, Telephone, ICO, Information privacy, Privacy, Data wrangling, Freedom of Information Act 2000, PECR, FOIA, S52, Telecommunications, Compliance, United Kingdom, FOI, Data Protection Act 1998, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency, Information

The Information Commissioner’s Office (ICO) has issued an enforcement notice to Shropshire Council for its poor handling of requests made under the Freedom of Information Act (FOIA) 2000.

Key Points: 
  • The Information Commissioner’s Office (ICO) has issued an enforcement notice to Shropshire Council for its poor handling of requests made under the Freedom of Information Act (FOIA) 2000.
  • The council said it had plans to clear its backlog of FOI requests by the end of March, but still had 143 unanswered requests towards the end of April.
  • The oldest unanswered request dated back to April 2021, with remaining requests dating from January 2022 and every subsequent month.
  • In its poor handling of FOI requests Shropshire Council has been failing to be transparent and accountable.

“A crucial learning experience.” - ICO calls for highest standards in HIV services after NHS Highland reprimand

Retrieved on: 
Thursday, March 30, 2023
Commissioner, Freedom, Failure, CC, HIV, Environmental Information Regulations 2004, EIR, ICO, Information privacy, Privacy, NHS Highland, Data wrangling, Carbon, Public sector, Information, PECR, FOIA, Trust, Telecommunications, Freedom of Information Act 2000, United Kingdom, NHS, Research, Data Protection Act 1998, BCC, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Pharmaceutical industry, Cryptocurrency, Medical device

A formal reprimand has been issued to NHS Highland, which emailed 37 people likely to be accessing HIV services, inadvertently using CC (carbon copy) instead of BCC (blind carbon copy).

Key Points: 
  • A formal reprimand has been issued to NHS Highland, which emailed 37 people likely to be accessing HIV services, inadvertently using CC (carbon copy) instead of BCC (blind carbon copy).
  • The ICO has applied its public sector approach to this case – instead of issuing a £35,000 fine, the regulator has issued a reprimand to NHS Highland in response to this breach.
  • “What we saw here with NHS Highland was a serious breach of trust, and those accessing vital services failed.
  • “Every HIV service provider in the country should look at this case and see it as a crucial learning experience.

ICO reaches agreement with Easylife Ltd

Retrieved on: 
Saturday, March 18, 2023
Data Protection Act 2018, Information, ICO, PECR, GDPR, Information privacy, First-tier Tribunal, Privacy, Health, Tribunal, MPN, Cryptocurrency, Property management

The Information Commissioner’s Office (ICO) has reached an agreement with Easylife Ltd (Easylife) to reduce the monetary penalty notice (MPN), issued for breaching the GDPR, to £250,000.

Key Points: 
  • The Information Commissioner’s Office (ICO) has reached an agreement with Easylife Ltd (Easylife) to reduce the monetary penalty notice (MPN), issued for breaching the GDPR, to £250,000.
  • Easylife accepts the ICO’s findings set out in the MPN and has agreed to pay the reduced fine.
  • The ICO fined Easylife on 4 October 2022.
  • The ICO found this involved the processing of special category data by Easylife, and the activity was being conducted without a lawful basis.

ICO issues reprimand to the Metropolitan Police Service for inadequate handling of files related to organised crime groups

Retrieved on: 
Saturday, March 18, 2023
Freedom, PND, Database, Kinahan Organised Crime Group, Environmental Information Regulations 2004, EIR, Telephone, ICO, Information privacy, Privacy, Record, Data wrangling, MPS, Information, PECR, FOIA, Time, Metropolitan, Telecommunications, Freedom of Information Act 2000, Compliance, United Kingdom, OCG, Data Protection Act 1998, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Private investigator, Television, Cryptocurrency, Tax advisor, Medical device

The Information Commissioner’s Office (ICO) has issued a reprimand to the Metropolitan Police Service (MPS) following several issues identified around their uploading, amending and deleting of various criminal intelligence files relating to Organised Crime Groups (OCG).

Key Points: 
  • The Information Commissioner’s Office (ICO) has issued a reprimand to the Metropolitan Police Service (MPS) following several issues identified around their uploading, amending and deleting of various criminal intelligence files relating to Organised Crime Groups (OCG).
  • This caused some files being rejected, an issue that went unnoticed by the MPS for a considerable amount of time.
  • This consequently resulted in the ICO taking action and issuing a reprimand to the MPS.
  • - To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.

ICO and Australian Communications and Media Authority sign Memorandum of Understanding

Retrieved on: 
Friday, March 3, 2023
Information, ACMA, Telecommunications, Intelligence, Freedom of Information Act 2000, COVID-19, Australian Communications and Media Authority, FOIA, Privacy and Electronic Communications (EC Directive) Regulations 2003, Data wrangling, Environmental Information Regulations 2004, Information privacy, Memorandum of understanding, United Kingdom, Data Protection Act 1998, Freedom, Media, PECR, ICO, EIR, Privacy, Cryptocurrency

The Information Commissioner’s Office (ICO) and the Australian Communications and Media Authority (ACMA) have signed a Memorandum of Understanding (MoU), which formalises their commitment to work together on protecting people from unwanted nuisance calls and spam messaging.

Key Points: 
  • The Information Commissioner’s Office (ICO) and the Australian Communications and Media Authority (ACMA) have signed a Memorandum of Understanding (MoU), which formalises their commitment to work together on protecting people from unwanted nuisance calls and spam messaging.
  • “I’m pleased the MoU reaffirms our collaborative efforts to protect people against the misuse of their personal data for unlawful electronic marketing practices.
  • - The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information.
  • - To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.

Information Commissioner's Office calls for accountants to play their role in SMEs data protection compliance

Retrieved on: 
Sunday, February 26, 2023
Companies House, Privacy, Knowledge, Environmental Information Regulations 2004, Compliance, SME, FOIA, Research, Privacy and Electronic Communications (EC Directive) Regulations 2003, Information, Self-assessment, Risk, ICO, Data Protection Act 1998, United Kingdom, GDPR, Information privacy, Data wrangling, EIR, Letter, Legislation, SAR, PECR, Telecommunications, Corporate services, Freedom of Information Act 2000, Freedom, Audit, Cryptocurrency

Regulator publishes key questions for accountants to ask SME clients to ensure they get data protection compliance right.

Key Points: 
  • Regulator publishes key questions for accountants to ask SME clients to ensure they get data protection compliance right.
  • The ICO is calling on UK accountants to recognise the crucial role they play in helping their SME clients have the right data protection practises in place from the day their business is established.
  • Data protection law sets out what businesses should do to make sure they are looking after people’s personal information properly and fairly.
  • In addition to the legal requirement, good data protection makes economic sense.
  • The ICO has an array of free resources for SMEs, providing advice and guidance for on data protection, electronic marketing and freedom of information on its dedicated SME hub.
  • The ICO has listed seven key questions for accountants to ask their SME clients about their data protection compliance.
  • How much does your client know about data protection compliance and the ICO?Establishing a client’s level of knowledge is a useful place to start.
  • Do they know what to do if their business has a personal data breach?A data breach action plan is essential.
  • Named SME Data Essentials, it is aimed at empowering organisations to become better equipped to manage their own data compliance.