Environmental Information Regulations 2004

ICO warns of email data breach risk as it issues two reprimands

Retrieved on: 
Wednesday, August 2, 2023
Review, Survivor, Freedom, Executive, Northern Ireland Historical Institutional Abuse Inquiry, Environmental Information Regulations 2004, EIR, Telephone, ICO, Information privacy, Privacy, Data wrangling, Carbon, Patient, HIA, PCC, Executive Office for United States Attorneys, Information, PECR, FOIA, Newsletter, Gender dysphoria, Telecommunications, Freedom of Information Act 2000, United Kingdom, Data Protection Act 1998, Privacy and Electronic Communications (EC Directive) Regulations 2003, Mail, Cryptocurrency

The Information Commissioner’s Office (ICO) has reprimanded two Northern Irish organisations for disclosing people’s information inappropriately via email.

Key Points: 
  • The Information Commissioner’s Office (ICO) has reprimanded two Northern Irish organisations for disclosing people’s information inappropriately via email.
  • Both the Patient and Client Council (PCC) and the Executive Office disclosed recipient details by using inappropriate group email options.
  • Although the body of the email did not contain personal information, the people who received the email could reasonably infer that the other recipients also had experience of gender dysphoria, given their inclusion in the email.
  • - To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.

ICO reprimands NHS Lanarkshire for sharing patient data via WhatsApp

Retrieved on: 
Tuesday, August 1, 2023
Freedom, Pressure, WhatsApp, Environmental Information Regulations 2004, EIR, Telephone, ICO, Disclosure, Information privacy, Privacy, Editing, Data wrangling, Public sector, Information, PECR, FOIA, Name, Patient, Telecommunications, Freedom of Information Act 2000, Compliance, United Kingdom, Knowledge, NHS, NHS Lanarkshire, Data Protection Act 1998, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency, Pharmaceutical industry, Medical device, Review

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Lanarkshire, following staff’s unauthorised use of WhatsApp to share patients’ personal data over the course of two years.

Key Points: 
  • The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Lanarkshire, following staff’s unauthorised use of WhatsApp to share patients’ personal data over the course of two years.
  • Between April 2020 and April 2022, 26 staff at NHS Lanarkshire had access to a WhatsApp group where patient data was entered on more than 500 occasions, including names, phone numbers and addresses.
  • While it was made available for communicating basic information only at the start of the pandemic, WhatsApp was not approved by NHS Lanarkshire for processing patient data and was adopted by these staff without the organisation’s knowledge.
  • For example, there was no assessment of the potential risks relating to sharing patient data in this way.

ICO statement on banks sharing and gathering personal information

Retrieved on: 
Wednesday, July 26, 2023
Freedom, HM Treasury, UK Finance, BBC, Financial Conduct Authority, Environmental Information Regulations 2004, EIR, Telephone, Suggestion, ICO, Privacy, Data wrangling, Confidentiality, Person, DPA, Complaint, Information, PECR, FOIA, Telecommunications, Freedom of Information Act 2000, NatWest, United Kingdom, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Concern, Cryptocurrency, Ridesharing

- Concern at banks sharing personal information with media

Key Points: 
  • - Concern at banks sharing personal information with media
    - ICO writes to banks around information held on customers
    - ‘Farage’s experience shows why data protection rights are so important’
    Following media reports of NatWest Bank sharing personal financial information about Nigel Farage with the BBC, Information Commissioner John Edwards said:
    “The banking duty of confidentiality is over a hundred years old, and it is clear that it would not permit the discussion of a customer’s personal information with the media.
  • “We trust banks with our money and with our personal information.
  • Banks should not be holding inaccurate information, they should not be using information in a way that is unduly unexpected, and they should not be holding any more information than is necessary.
  • - The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information.

ICO backs new data sharing schemes to protect gamblers from harm

Retrieved on: 
Thursday, July 13, 2023
Freedom, Note, Gambling, Industry, Interest, UK Finance, Gambling Commission, Environmental Information Regulations 2004, EIR, Telephone, Commission, ICO, Privacy, Data wrangling, DPA, Information, PECR, FOIA, Game Council New South Wales, Telecommunications, Freedom of Information Act 2000, Risk register, United Kingdom, Health, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency, Pharmaceutical industry, Medical device, Sandbox

The Information Commissioner’s Office (ICO) has today backed proposals for the financial sector to share data with gambling companies to protect customers from unaffordable losses.

Key Points: 
  • The Information Commissioner’s Office (ICO) has today backed proposals for the financial sector to share data with gambling companies to protect customers from unaffordable losses.
  • Stephen Almond, Executive Director of Regulatory Risk, added:
    “Data sharing can be a force for good, enabling organisations to protect people from gambling-related harm.
  • About the ICO
    - The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  • - To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.

ICO submits Data protection and journalism code of practice to the Secretary of State

Retrieved on: 
Thursday, July 6, 2023
Review, Freedom, Heart, Department, State, Journalism, Industry, Democracy, Technology, Environmental Information Regulations 2004, EIR, Telephone, ICO, Information privacy, Privacy, Innovation, Data wrangling, DPA, Parliament, Information, PECR, Public inquiry, FOIA, Data, Telecommunications, Freedom of Information Act 2000, United Kingdom, Leveson Inquiry, Privacy and Electronic Communications (EC Directive) Regulations 2003, Legislation, Cryptocurrency, Medical device, Audit

The code provides practical guidance on how to comply with data protection law and good practice when personal information is used for journalism.

Key Points: 
  • The code provides practical guidance on how to comply with data protection law and good practice when personal information is used for journalism.
  • The code is limited to the ICO's regulatory remit for data protection law and does not concern media standards in general.
  • “The crucial public interest role served by the media is the reason journalism is covered by data protection law.
  • Notes to editors
    About the Data protection and journalism code of practice
    - The DPA 2018 requires the ICO to produce a code of practice that provides practical guidance for organisations and individuals processing personal data for the purposes of journalism.

“They are failing their residents.” - ICO takes action against Croydon Council for failing to respond to Freedom of Information requests

Retrieved on: 
Friday, June 30, 2023
Commissioner, Freedom, Croydon London Borough Council, Court of cassation, Environmental Information Regulations 2004, EIR, Telephone, ICO, Information privacy, Privacy, High court, Data wrangling, Illinois Freedom of Information Act, Certification, PECR, FOIA, S52, National Minimum Wage (Enforcement Notices) Act 2003, Freedom of Information Act 2000, Council, Telecommunications, Compliance, United Kingdom, FOI, Information commissioner, Data Protection Act 1998, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Lease, Cryptocurrency, Property management, Information

On 26 September 2022, the Information Commissioner directed Croydon Council to improve its compliance with the FOIA.

Key Points: 
  • On 26 September 2022, the Information Commissioner directed Croydon Council to improve its compliance with the FOIA.
  • The enforcement notice requires the council to respond to all outstanding requests over 20 working days old, no later than six months from the date of the notice.
  • - The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information.
  • - To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.

ICO urges organisations to harness the power of data safely by using privacy enhancing technologies

Retrieved on: 
Tuesday, June 20, 2023
Freedom, Adoption, Partnership, Commission nationale de l'informatique et des libertés, Health, Environmental Information Regulations 2004, EIR, Public, Telephone, ICO, Information privacy, Federal Trade Commission, Privacy, Center, Research, Data wrangling, Personal Information Protection Commission (South Korea), G7, Pet, Information, PECR, FOIA, Computer ethics, Local government, Personal Information Protection Commission, Trust, Ethics, Telecommunications, Freedom of Information Act 2000, Federal Commissioner for Data Protection and Freedom of Information, United Kingdom, Fraud, Privacy Commissioner, Data Protection Act 1998, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency, Medical device, Film industry
Key Points: 

ICO warns of “real danger” of discrimination in new technologies that monitor the brain

Retrieved on: 
Monday, June 19, 2023
Freedom, Heart, Technology, Note, Marketing, Environmental Information Regulations 2004, EIR, Workplace, ICO, Information privacy, Data collection, Privacy, Brain, Emotion, Data wrangling, Neurodiversity, Video, Science, Information, PECR, Neurotechnology, FOIA, Dementia, Risk, Telecommunications, Freedom of Information Act 2000, Nervous system, Sport, United Kingdom, Bias, Data Protection Act 1998, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency

The regulator predicts that the use of technology to monitor neurodata, the information coming directly from the brain and nervous system, will become widespread over the next decade.

Key Points: 
  • The regulator predicts that the use of technology to monitor neurodata, the information coming directly from the brain and nervous system, will become widespread over the next decade.
  • It can predict, diagnose, and treat complex physical and mental illnesses, transforming a person’s responses to illnesses such as dementia and Parkinson’s disease.
  • Neurodivergent people may be particularly at risk of discrimination from inaccurate systems and databases that have been trained on neuronormative patterns.
  • - To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.

Don’t be blind to AI risks in rush to see opportunity – ICO reviewing key businesses’ use of generative AI

Retrieved on: 
Monday, June 19, 2023
Freedom, Technology, Environmental Information Regulations 2004, EIR, Synthetic media, ICO, Information privacy, Privacy, Data wrangling, Information, PECR, FOIA, Risk, Telecommunications, Freedom of Information Act 2000, Risk register, Generative, Compliance, United Kingdom, AI, Data Protection Act 1998, Privacy and Electronic Communications (EC Directive) Regulations 2003, Cryptocurrency, Audit, Customer service, Medical device

“Businesses are right to see the opportunity that generative AI offers, whether to create better services for customers or to cut the costs of their services.

Key Points: 
  • “Businesses are right to see the opportunity that generative AI offers, whether to create better services for customers or to cut the costs of their services.
  • Laws already exist to protect people’s rights, including privacy, and apply to generative AI as an emerging technology.
  • In April, the ICO set out eight questions organisations developing or using generative AI that processes personal data need to be asking themselves.
  • Our recently updated Guidance on AI and Data Protection provides a roadmap to data protection compliance for developers and users of generative AI.

ICO reprimands Thames Valley Police for releasing witness details to suspected criminals

Retrieved on: 
Friday, June 2, 2023
Freedom, Note, TVP, Environmental Information Regulations 2004, EIR, Telephone, Policy, ICO, Disclosure, Information privacy, Privacy, Crime, Data wrangling, Information, PECR, FOIA, Thames Valley Police, Risk, Telecommunications, Freedom of Information Act 2000, Compliance, United Kingdom, Data Protection Act 1998, UK, Privacy and Electronic Communications (EC Directive) Regulations 2003, Property management, Risk management, Cryptocurrency

The Information Commissioner’s Office (ICO) has issued a reprimand to Thames Valley Police (TVP) after details were released which led to suspected criminals learning the address of a witness.

Key Points: 
  • The Information Commissioner’s Office (ICO) has issued a reprimand to Thames Valley Police (TVP) after details were released which led to suspected criminals learning the address of a witness.
  • TVP did not have appropriate steps, such as training, in place to ensure officers were aware of guidance around disclosure and redaction.
  • - The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information.
  • - To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.