Posts Tagged Data Protection Act 1998
Receptionist prosecuted for breaching the Data Protection Act
Posted by brianfpennington in brian pennington on 12/03/2013
Another nosy parker faces the results of their snooping after she decided to spy on her ex-husband’s new wife. The GP receptionist at a Southampton surgery was prosecuted by the UK’s Information Commissioner’s Office (ICO) for unlawfully obtaining sensitive medical records. The ICO reported on the 12th March 2013 that Marcia Phillips was prosecuted under section […]
An update on the progress of the European Data Protection Act
Posted by brianfpennington in brian pennington on 12/03/2013
At last week’s Information Commissioners Data Protection Officers Conference in Manchester I had the privilege of being updated on the progress, or lack of progress, of the revised European Data Protection Act. With the existing directive dating back over 17 years an upgrade is well over due but there is significant pressure from businesses to […]
EU Commission proposes a comprehensive reform of the Data Protection rules
Posted by brianfpennington in Uncategorized on 30/01/2013
This week the European Commission proposed a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and to boost Europe’s digital economy. The press release states: Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have […]
The Information Commissioner provides an update on the European Data Protection Act
Posted by brianfpennington in brian pennington on 26/01/2013
David Smith the UK’s Deputy Commissioner of the Information Commission has commented on the progress of the Revise European Data Protection Act. Put simply, the proposals could prove to be one of the biggest changes to data protection this country has ever seen. Against that backdrop it is no surprise that we’ve been monitoring events in […]
2013 looks like being a bigger year than 2012 as the ICO starts catching up with the backlog of breaches
Posted by brianfpennington in Uncategorized on 25/01/2013
2013 has started as 2012 finished off with UK Information Commissioner (ICO) coming down hard on those who breach the Data Protection Act. So far this January 3 organisations have fallen foul of the ICO: Sony Computer Entertainment Europe Limited Mansfield District Council Prospect Trade Union Sony Computer Entertainment Europe Limited Sony Computer Entertainment Europe Limited […]
2012 was a big year for the Data Protection Act with record fines and breaches, see the full 2012 list here.
Posted by brianfpennington in brian pennington on 29/12/2012
As we are about to enter 2013 I thought it would be a good time to publish the entire list of who fell foul of the UK Data Protection Act and were punished by the Information Commissioner (ICO) during 2012. There are three types of punishments administered by the ICO Monetary. The most serious of the […]
Data Protection Advice for schools and just about everyone else
Posted by brianfpennington in brian pennington on 19/09/2012
The UK Information Commissioner’s Office has released a report which gives practical advice on how to comply with the Data Protection Act. The advice was prompted by a survey of 400 schools across nine local authority areas that showed that whilst awareness of data protection laws was generally good, schools need to pay more attention to […]
Rubbish causes a breach of the Data Protection Act and a £250,000 fine
Posted by brianfpennington in brian pennington on 11/09/2012
Scottish Borders Council employed an outside company to digitise their employee records but when the pension records of several hundred ex-employees were found in recycling bins the Information Commission’s Office began an investigation for a breach of the Data Protection Act. Following the investigation the Information Commissioner has fined the Council £250,000 for not seeking appropriate guarantees on […]
65% of businesses do not protect their customers’ private data
Posted by brianfpennington in PCI DSS Compliance on 24/08/2012
According to a survey by GreenSQL more than 65% of businesses do not protect their customers’ private data from unauthorised employees and consultants. The results are interesting because every day we hear of another data breach or another form of malware which can steal data or at least damage data and you would think that […]
Who has breached the Data Protection Act in 2012? Find the complete list here.
Posted by brianfpennington in brian pennington on 16/08/2012
So far 2012 has been a busy year for the Information Commissioners Office (ICO) and with almost three quarters of the year gone I thought I would look at who has fallen foul of the Data Protection Act. There are normally three types of punishments administered by the ICO Monetary. The most serious of the […]
The Information Commissioner’s 5 Tips on how to better protect personal information
Posted by brianfpennington in PCI DSS Compliance on 08/08/2012
The UK’s Information Commissioners office has created a list of 5 useful tips for protecting personally identifiable information (PII). The list comes on the back of an offer by the ICO to help charities and other third sector organisations to help them protect data and avoid potential fines of up to £500,000. Louise Byers, Head […]
Torbay Care Trust (NHS) fined £175,000 for breaching the Data Protection Act
Posted by brianfpennington in brian pennington on 06/08/2012
Torbay Care Trust in Torquay has been fined £175,000 after it published the sensitive details of over 1,000 employees on the Trust’s website. Staff at the Trust published the information in a spreadsheet on their website in April 2011 and only realised when a member of the public reported it 19 weeks later. The data […]
Latest NHS Fine for breaching the Data Protection Act is close to the “current” limit at £325,000
Posted by brianfpennington in brian pennington on 01/06/2012
After a series of breaches where the NHS organisation involved received nothing more than a slap on the wrist the Information Commissioner is finally ratcheting up the pressure on public sector organisations, especially the NHS for breaching the Data Protection Act. In the latest breach Brighton and Sussex University Hospitals NHS Trust has been fines […]
Information Commissioner’s Office consults on new anonymisation code of practice
Posted by brianfpennington in brian pennington on 31/05/2012
The Information Commissioner’s Office (ICO) has begun a public consultation on a new anonymisationcode of practice. The code will provide guidance on how information can be successfully anonymised and how to assess the risks of identification. The ICO has also launched a tendering process to establish a network of experts to share best practice around the release of data in […]
No NHS fines for breaching the Data Protection Act then two come along in quick succession
Posted by brianfpennington in brian pennington on 21/05/2012
At the end of April the Information Commissioner’s Office fined The Aneurin Bevan Health Board for breaching the Data Protection Act and today they fined Central London Community Healthcare (CLCH) NHS Trust £90,000. The CLCH breach first occurred in March 2011, after patient lists from the Pembridge Palliative Care Unit, intended for St John’s Hospice, were faxed to the wrong […]
School boy error at a University
Posted by brianfpennington in brian pennington on 02/03/2012
How many other people will have done this? Taken a screenshot for training purposes, to demonstrate a technical error, share a section of a document, etc. and how many people have inadvertently included another application, image or data without realising or not thinking it was important. What ever the reason, if we include Personal information in those […]
Personal Information is under threat from “social engineering”
Posted by brianfpennington in brian pennington on 28/02/2012
This week as uncovered two more breaches of the Data Protection Actafter action was taken by the Information commissioner and the Serious and Organised Crime Agency (SOCA) against individuals who used social engineering for profit. The more criminal of the two cases involved “private detectives” blagging confidential information for their clients to use. SOCA defines […]
Is the Information Commissioner having a purge on breaches?
Posted by brianfpennington in brian pennington on 16/02/2012
It seems that the Information Commissioner’s Office is releasing, on a daily basis, details of organisations that have breached the Data Protection Act. Every day some employee has done something they should not have done posted to the wrong place, not used the correct system, etc. which means the common cause is human… The latest involves Cheshire […]
Another bad day for councils but this time there were costs attached – £180,000!
Posted by brianfpennington in PCI DSS Compliance on 13/02/2012
Today the Information Commissioners Office has notified two councils of monetary fines for breaching the Data Protection Act. Croydon Council has been handed a penalty of £100,000 Norfolk County Council has been served with an £80,000 Croydon Council The Croydon Council breach was the result of an unlocked bag belonging to a social worker being […]
Bad day at the office for UK Councils as several breach the Data Protection Act
Posted by brianfpennington in brian pennington on 10/02/2012
Today the Information Commissioner has notified five councils after they breached the Data Protection Act. Information Commissioner, Christopher Graham said: “At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents’ privacy […]
Brian Pennington
-
