Posts Tagged Information Commissioner’s Office
Lack of guidance on BYOD raises data protection concerns
Posted by brianfpennington in brian pennington on 08/03/2013
The UK Information Commissioner’s Office (ICO) has commissioned a survey into business attitudes towards Bring Your Own Device (BYOD). The survey results shown many employers appear to have a ‘laissez faire’ attitude to allowing staff to use their personal laptop, tablets or smartphone for at work and for work business, which may be placing people’s personal information […]
Nursing and Midwifery Council fined for breaching the Data Protection Act
Posted by brianfpennington in brian pennington on 16/02/2013
The Information Commissioner’s Office has issued a £150,000 fine to the Nursing and Midwifery Council was for breaching the Data Protection Act. The Nursing and Midwifery Council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. In October 2011 the DVDs, containing confidential information, […]
The Information Commissioner provides an update on the European Data Protection Act
Posted by brianfpennington in brian pennington on 26/01/2013
David Smith the UK’s Deputy Commissioner of the Information Commission has commented on the progress of the Revise European Data Protection Act. Put simply, the proposals could prove to be one of the biggest changes to data protection this country has ever seen. Against that backdrop it is no surprise that we’ve been monitoring events in […]
The Prudential is fined £50,000 for breaching the Data Protection Act
Posted by brianfpennington in brian pennington on 06/11/2012
The UK’s Information Commissioner’s Office (ICO) has fined the Prudential £50,000 after an administrative error in two accounts that led to tens of thousands of pounds, meant for an individual’s retirement fund, ending up in the wrong account. This is the first monetary penalty served by the ICO that doesn’t relate to a significant data loss. […]
Overall the UK needs to improve its approach to the Data Protection Act
Posted by brianfpennington in brian pennington on 11/10/2012
The Information Commissioner’s Office (ICO) has published its audits for of the UK’s four largest sectors and whilst it was positive about the approach of the Private Sector it raised concerns about the Public Sector. The audit reports (below) summarise the outcomes of over 60 ICO audits carried out in the private, NHS, local and […]
Information Commissioner publishes guidance on cloud computing
Posted by brianfpennington in Uncategorized on 28/09/2012
The UK’s Information Commissioner’s Office (ICO) has published guidelines to on how business treat personal information in the cloud whether that is a private or public cloud. The data protection regulator ICO is concerned that many businesses do not realise they remain responsible for how the data is handled whilst it is in the cloud. This has […]
Data Protection Advice for schools and just about everyone else
Posted by brianfpennington in brian pennington on 19/09/2012
The UK Information Commissioner’s Office has released a report which gives practical advice on how to comply with the Data Protection Act. The advice was prompted by a survey of 400 schools across nine local authority areas that showed that whilst awareness of data protection laws was generally good, schools need to pay more attention to […]
An overview of EU security legislation and the impact of cyber incident reporting
Posted by brianfpennington in brian pennington on 29/08/2012
The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA has responded to the growing threat posed by cyber security incidents by producing an overview paper of current legislation and the impact of incident reporting. I have summarised […]
Who has breached the Data Protection Act in 2012? Find the complete list here.
Posted by brianfpennington in brian pennington on 16/08/2012
So far 2012 has been a busy year for the Information Commissioners Office (ICO) and with almost three quarters of the year gone I thought I would look at who has fallen foul of the Data Protection Act. There are normally three types of punishments administered by the ICO Monetary. The most serious of the […]
The Information Commissioner’s 5 Tips on how to better protect personal information
Posted by brianfpennington in PCI DSS Compliance on 08/08/2012
The UK’s Information Commissioners office has created a list of 5 useful tips for protecting personally identifiable information (PII). The list comes on the back of an offer by the ICO to help charities and other third sector organisations to help them protect data and avoid potential fines of up to £500,000. Louise Byers, Head […]
Information Commissioners reaction to Google and their retention of Street View data
Posted by brianfpennington in brian pennington on 27/07/2012
Google have had a long running battle with the UK Information Commissioner’s Office (ICO) on the subject of the retention of data collected when Google created its Street View maps and photos. Clearly the ICO is upset and extremely annoyed at Google for not doing so in a timely fashion and this can only lead […]
Information Commissioner’s Office consults on new anonymisation code of practice
Posted by brianfpennington in brian pennington on 31/05/2012
The Information Commissioner’s Office (ICO) has begun a public consultation on a new anonymisationcode of practice. The code will provide guidance on how information can be successfully anonymised and how to assess the risks of identification. The ICO has also launched a tendering process to establish a network of experts to share best practice around the release of data in […]
2,000 lost Medical Records leads to an investigation by the Information Commissioner
Posted by brianfpennington in brian pennington on 27/03/2012
Pharmacyrepublic Limited lost around 2000 patients personal details when a computer was stolen from their premises. Pharmacyrepublic Limited contacted the ICO in September 2011 to report the theft of a Patient Medication Record (PMR) system. The system contained details of the medicine handed out to patients at one of its pharmacies, and was stolen while the pharmacy was being […]
Police fined by the Information Commissioner. If the Police can lose sensitive that then anyone can.
Posted by brianfpennington in Uncategorized on 14/03/2012
The Lancashire Constabulary has been fined £70,000 by the Information Commissioner’s Office (ICO) after papers containing sensitive information about a 15 year old girl. This is the first penalty the ICO has served to a police force. The missing person’s report was discovered by a member of the public on 23 July 2011. The report had previously been used by […]
School boy error at a University
Posted by brianfpennington in brian pennington on 02/03/2012
How many other people will have done this? Taken a screenshot for training purposes, to demonstrate a technical error, share a section of a document, etc. and how many people have inadvertently included another application, image or data without realising or not thinking it was important. What ever the reason, if we include Personal information in those […]
Personal Information is under threat from “social engineering”
Posted by brianfpennington in brian pennington on 28/02/2012
This week as uncovered two more breaches of the Data Protection Actafter action was taken by the Information commissioner and the Serious and Organised Crime Agency (SOCA) against individuals who used social engineering for profit. The more criminal of the two cases involved “private detectives” blagging confidential information for their clients to use. SOCA defines […]
Is the Information Commissioner having a purge on breaches?
Posted by brianfpennington in brian pennington on 16/02/2012
It seems that the Information Commissioner’s Office is releasing, on a daily basis, details of organisations that have breached the Data Protection Act. Every day some employee has done something they should not have done posted to the wrong place, not used the correct system, etc. which means the common cause is human… The latest involves Cheshire […]
European Privacy Day 2012 – 28th January
Posted by brianfpennington in Uncategorized on 27/01/2012
The 28th January will be the European Privacy day for 2012. The campaign states that “2011 was a year with privacy discussions about Facebook, use of hacking by journalists, use of intelligent CCTV by police forces, use of twitter during urban riots, face recognition, smart houses and smart viewing of houses, and ICT for active […]
Clarification given on private email details and the Freedom of Information Act
Posted by brianfpennington in brian pennington on 15/12/2011
The Information Commissioner has clarified the Freedom of Information Act’s regulations affecting the storing of personal email address. Overview FOIA applies to official information held in private email accounts (and other media formats) when held on behalf of the public authority. Such information may be exempt and will not necessarily have to be disclosed It may be necessary to […]
Information Commissioner fines two councils for emailing personal information
Posted by brianfpennington in brian pennington on 28/11/2011
The Information Commissioner’s Office (ICO) has served monetary penalties to two councils for breaching the Data Protection Act. North Somerset Council and Worcestershire County Council after staff at both authorities sent highly sensitive personal information to the wrong recipients. The news comes as the Information Commissioner is pressing for stronger powers to audit data protection […]
Brian Pennington
-
