Posts Tagged Information Commissioner
Rubbish causes a breach of the Data Protection Act and a £250,000 fine
Posted by brianfpennington in brian pennington on 11/09/2012
Scottish Borders Council employed an outside company to digitise their employee records but when the pension records of several hundred ex-employees were found in recycling bins the Information Commission’s Office began an investigation for a breach of the Data Protection Act. Following the investigation the Information Commissioner has fined the Council £250,000 for not seeking appropriate guarantees on […]
Latest NHS Fine for breaching the Data Protection Act is close to the “current” limit at £325,000
Posted by brianfpennington in brian pennington on 01/06/2012
After a series of breaches where the NHS organisation involved received nothing more than a slap on the wrist the Information Commissioner is finally ratcheting up the pressure on public sector organisations, especially the NHS for breaching the Data Protection Act. In the latest breach Brighton and Sussex University Hospitals NHS Trust has been fines […]
Proposed European wide Data Protection Act – a review
Posted by brianfpennington in brian pennington on 28/05/2012
Over the last few months I have attended several conferences and read a lot of research on the proposed upgrade of the European Commission’s 1995 Data Protection Act and have found it fascinating. The rumours, the speeches, the headlines and of course the lack of clarity on how the major issues will be dealt with […]
E*Trade Securities Ltd falls foul of the ICO after losing customer records
Posted by brianfpennington in Uncategorized on 03/02/2012
In April 2010 E*Trade Securities Ltd discovered that 608 customer records were lost at a UK based storage facility and despite an investigate were unable to recover the records. E*Trade Securities Ltd did not have a formal agreement to store the customer information securely and subsequently informed Information Commissioner’s office in December 2010. E*Trade Securities Ltd […]
Health worker convicted of obtaining patient details unlawfully
Posted by brianfpennington in brian pennington on 17/01/2012
Juliah Kechil, formerly known as Merritt, a former Health Care Assistant in the outpatients department at the Royal Liverpool University Hospital has pleaded guilty to unlawfully obtaining patient information by accessing the medical records of five members of her ex-husband’s family in order to obtain their new telephone numbers. She was convicted under section 55 of the Data […]
Illicit access of medical records leads to a breach of the Data Protection Act
Posted by brianfpennington in brian pennington on 17/12/2011
Image via Wikipedia A receptionist who unlawfully obtained her sister-in-law’s medical records in order to find out about the medication she was taking has been found guilty of an offence under section 55 of the Data Protection Act (DPA). Usha Patwal, of Romford, was given a two year conditional discharge and ordered to pay £614 prosecution costs […]
Websites failing cookie regulations
Posted by brianfpennington in brian pennington on 13/12/2011
Earlier this year the UK government tried to implement Privacy and Electronic Communications Regulations after an EU Directive. The regulations were to have taken effect on the 25th may 2011 but after a series of lobbies and petitions the regulations were put back to the 26th May 2012. As part of the process the Information Commissioner implemented a 12 month […]
Information Commissioner gets tough with the largest fine for the breach of the Data Protection Act
Posted by brianfpennington in brian pennington on 06/12/2011
The Information Commissioner’s Office (ICO) has served a penalty of £130,000 on Powys County Council for breaching the Data Protection Act. Powys County Council sent the details of a child protection case to the wrong recipient. The £130,000 penalty is the highest that the ICO has served since it was given the power in April 2010 and follows […]
Estate Agent prosecuted for not disclosing he stored personal data
Posted by brianfpennington in brian pennington on 02/12/2011
Merfyn Pugh Estate Agents pleaded guilty (1.12.11) to the offence of failing to notify the Information Commissioner’s Office (ICO) that his business processes personal data. John Merfyn Pugh of the Estate Agents Merfyn Pugh was prosecuted under section 17 of the Data Protection Act. The Data Protection Act 1998 requires every organisation or person who is processing personal information in […]
Information Commissioner fines two councils for emailing personal information
Posted by brianfpennington in brian pennington on 28/11/2011
The Information Commissioner’s Office (ICO) has served monetary penalties to two councils for breaching the Data Protection Act. North Somerset Council and Worcestershire County Council after staff at both authorities sent highly sensitive personal information to the wrong recipients. The news comes as the Information Commissioner is pressing for stronger powers to audit data protection […]
Gambling takes on a new meaning when someone steals your personal information
Posted by brianfpennington in brian pennington on 10/11/2011
A former gambling industry worker who unlawfully obtained and sold personal data relating to over 65,000 online bingo players has been found guilty of committing three offences under section 55 of the Data Protection Act. Marc Ben-Ezra, of Finchley, was given a three year conditional discharge and ordered to pay £1,700 to Cashcade Limited as well […]
Who fell foul of the Information Commissioner in October?
Posted by brianfpennington in brian pennington on 31/10/2011
A week after Calls for tougher penalties for breaches of the Data Protection Act (read my post here) I thought it would be good time to have a look at who the Information Commissioner’s Office (ICO) has taken action against during the month of October 2011. To add some consistency I have also included actions taken […]
Calls for tougher penalties for breaches of the Data Protection Act
Posted by brianfpennington in brian pennington on 27/10/2011
In the United Kingdom there is an Act of Parliament that seeks to protect the personal data of its citizens, it is the Data Protection Act 1998 (DPA). The enforcer of the Act is the Information Commissioner’s Office (ICO). The ICO also has responsibility for other Acts of Parliaments, specifically the Freedom of Information Act 2000, […]
Information Commissioner: Businesses ‘waking up’ to Data Protection responsibilities
Posted by brianfpennington in brian pennington on 24/10/2011
The Information Commissioner has reported that businesses may be ‘waking up’ to their obligations under the Data Protection Act (DPA) but public confidence in how personal information is being handled continues to decline, the Information Commissioner’s Office (ICO) said today. Figures published show that nearly three quarters of businesses surveyed now know that the DPA requires them to […]
Disclosure rules clarified, or made more confusing?
Posted by brianfpennington in brian pennington on 14/10/2011
Following the UK’s Information Commissioner’s call for compulsory audits and Disclosure Laws in France and Germany the US Securities and Exchange Commission (SEC) has release a statement containing Disclosure Guidance. In setting the scene for their Gisclosure Guidance the SEC points out the risks and results of a Cyber attack, Victim(s) to successful cyber attacks may […]
Information Commissioner calls for powers to conduct compulsory Data Protection Audits
Posted by brianfpennington in brian pennington on 13/10/2011
The Information Commissioner has called for powers to conduct compulsory data protection audits in local government, the health service and the private sector are needed to ensure compliance with the law, the Information Commissioner said today at the 10th annual data protection compliance conference in London. Christopher Graham’s call came as figures showed that the ICO […]
Education, education, when will people learn, encrypt your data as two more education establishments lose data
Posted by brianfpennington in brian pennington on 05/10/2011
The Information Commissioner has announced today two actions against education establishments who have lost data by failing to adequately protect their laptops. Having a policy that leaves the decision on what information needs to be encrypted to the user is always likely to lead to trouble. Encrypt everything and then the user cannot be blamed for […]
Brian Pennington
-
