Tag Archives: United Kingdom (UK)

UK Government Proposes Cybersecurity Law with Serious Fines

Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive).  The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or … Continue Reading

Developments in the Right to Be Forgotten

As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading

UK Starts 3-Week Consultation on GDPR Implementation

On Thursday, April 20th, the UK government launched a “Call for Views” regarding the UK’s options for the implementation of the new EU General Data Protection Regulation (GDPR) at national level.  The consultation deadline is May 10th, at mid-day UK time. Although the GDPR was an effort to bring greater harmonization to data protection regimes … Continue Reading

The Information Commissioner’s Office Publishes a Consultation Paper on Profiling and Automated Decision-Making under the GDPR

By Dan Cooper and Rosie Klement On April 2, 2017, the Information Commissioner’s Office (“ICO”) released a consultation paper for UK organizations to comment on how the new profiling provisions under the General Data Protection Regulation (“GDPR”) could be interpreted and applied when the GDPR comes into force in May 2018. The public consultation on … Continue Reading

UK Company Fined For Buying And Selling Non-Compliant Marketing Databases

The UK Information Commissioner’s Office (ICO), which enforces data protection legislation in the UK, has fined a company £20,000 (approximately 24,000 USD / 23,000 EUR) for not exercising sufficient due diligence when buying and using marketing databases. The ICO found that over 580,000 individuals’ contact details had been obtained by The Data Supply Company Ltd … Continue Reading

UK Information Commissioner’s Office Publishes Draft Guidance on Consent under the GDPR

By Dan Cooper and Rosie Klement On March 2, 2017, the Information Commissioner’s Office (“ICO”) released draft guidance for UK organizations on how the notion of consent will be interpreted and applied when the General Data Protection Regulation (“GDPR”) comes into force in May 2018. The ICO is currently engaging in a public consultation on … Continue Reading

UK Government Considering New Patient Data Security and Research Consent Standards, Sanctions

A new post on the Covington eHealth blog reports that the UK government is running a consultation around NHS patient data security standards and a new legal framework for secondary uses (e.g. research) of patient data.  To find out more about the proposals and the consultation, please click here.… Continue Reading

Company Receives Record Fine from UK Regulator For Cold Calling

The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds.  This is the highest fine issued by the ICO to date.… Continue Reading

EU DPA Enforcement Guidance Post-Schrems

Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”).  As we explained in recent posts (here and here), publication of an … Continue Reading

UK ICO Issues Largest Ever Fine In Connection With Automated Marketing Calls

The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls.  The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in relation to “free” solar panels, recklessly … Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

UK Supreme Court Will Hear Google’s Appeal in Important Privacy Case

The UK Supreme Court has granted Google the right to appeal part of the English and Welsh Court of Appeal’s notable ruling in Google Inc. v. Vidal-Hall & Ors [2015] EWCA Civ 311. Our previous blog highlighted the facts of the case (brought by Internet users against Google’s ad-tracking practices) and the significant consequences of … Continue Reading

Client Event – Cyber Security Series, ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’

Please note that this event, originally scheduled for December 10, is being rescheduled for February 2015 – date TBC Covington’s London office will be hosting a breakfast seminar for clients on ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’ with The Chertoff Group.… Continue Reading

UK Data Protection Regulator Surveys Use of Smart Medical Devices

By Phil Bradley-Schmieg The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance … Continue Reading

UK Parliamentarians Seek FOI Changes To Force Private Sector Suppliers To Disclose NHS Contract Details

By Tom Jackson and Phil Bradley-Schmieg A cross-party group of UK Members of Parliament (“MPs”) is seeking to amend the UK’s ‘freedom of information’ regime under the Freedom of Information Act 2000 (“FOIA”) to also cover current and prospective private sector suppliers to the National Health Service (“NHS”) in England and Wales. The Freedom of … Continue Reading

Updating Ofcom’s Guidance on Network Security – New Consultation

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on the responses received, Ofcom intends … Continue Reading

European Council Taps the Breaks–Adoption of EU General Data Protection Regulation Delayed

Only a few days after the leading parliamentary committee waved through the proposed amendments to the European Commission’s legislative proposal for a General Data Protection Regulation (see here and here), the EU Member States’ governments have decided to postpone the adoption of the Regulation to 2015.  Germany and the UK, in particular, supported the delay, albeit … Continue Reading

The ICO Responds to the Leveson Report

By Dan Cooper, Helena Marttila & Fredericka Argent Following the 2011 News International phone-hacking scandal, the UK government commissioned an in-depth inquiry into the accusations made against the British press to be conducted by Lord Justice Leveson.  The “Leveson Inquiry” was a full-scale investigation, which culminated in an approximately 2000-page report published in November 2012.  The … Continue Reading

ICO Releases New Guidance on Destruction of Electronic Equipment

By Bonnie Drury and Ezra Steinhardt The Information Commissioner’s Office (ICO) has produced new guidance on “IT asset disposal for organisations” to help data controllers understand their responsibilities relating to the destruction and disposal of electronic equipment.  The guidance, which addresses one of the areas where organizations are most frequently fined under the UK Data … Continue Reading

ICO issues £440,000 fine to telecoms company for illegal direct marketing

By Bonnie Drury and Ezra Steinhardt On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR).  The fine penalized Tetrus for sending millions of unsolicited text messages … Continue Reading

UN Report Calls for Mandatory Data Retention

By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks.  Besides providing an overview of the existing legal frameworks to address terrorists’ use of the … Continue Reading

UK Government Launches Consultation on New Data Portability Requirement

The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format.  The UK Government (UKG) would prefer that the data be supplied at no cost and … Continue Reading
LexBlog