Tag Archives: information commissioner’s office

The Information Commissioner’s Office Publishes a Consultation Paper on Profiling and Automated Decision-Making under the GDPR

By Dan Cooper and Rosie Klement On April 2, 2017, the Information Commissioner’s Office (“ICO”) released a consultation paper for UK organizations to comment on how the new profiling provisions under the General Data Protection Regulation (“GDPR”) could be interpreted and applied when the GDPR comes into force in May 2018. The public consultation on … Continue Reading

Inherited Infrastructure, Outdated Software, And Other Failings That Led To TalkTalk’s Record Fine

On October 5, 2016, the UK Information Commissioner’s Office (“ICO”) fined telecoms company TalkTalk a record £400,000 for failing to put in place appropriate data security measures and allowing a cyber-attacker to access TalkTalk customer data “with ease.”  The ICO highlighted several  technical and organizational deficiencies as justification for issuing its largest fine to-date.  Many … Continue Reading

UK Telco Loses Appeal; Should Have Reported Data Breach Within 24 Hours Of Customer Complaint, Not Fuller Investigation

By Phil Bradley-Schmieg and Gemma Nash On August 30, 2016, a major UK telecoms company (TalkTalk) lost its appeal against a fine imposed on it for failing to report a personal data breach to the UK national data protection authority (the Information Commissioner) within 24 hours of its receipt of a customer’s complaint. Commission Regulation … Continue Reading

ICO Publishes New Guidance On Encryption

On March 3, 2016, the UK’s Information Commissioner’s Office (“ICO”) released new guidance on encryption.  The guidance aims to provide advice to organizations on protecting personal data (such as customer and employee data) through the use of encryption.  There is no legally-binding requirement under UK data protection law to encrypt data, either when static or … Continue Reading

UK ICO Issues Largest Ever Fine In Connection With Automated Marketing Calls

The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls.  The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in relation to “free” solar panels, recklessly … Continue Reading

Regulators in the U.S. and U.K. Monitoring Mobile Apps and Websites Directed at Children

By Megan L. Rodgers What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues. The FTC recently released a follow-up report on privacy notices in mobile apps directed … Continue Reading

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short, … Continue Reading

UK’s Information Commissioner’s Office Issues Consultation on Data Protection and the Press

By Fredericka Argent and Helena Marttila-Bridge On 21 February 2013, the ICO launched a consultation on its proposal for a new code of practice regulating the press in the UK.  The consultation is in response to the publication of the Leveson Report in November 2012, which recommended significant and wide-ranging changes to the structure and … Continue Reading
LexBlog