fbpx

Download free GDPR compliance checklist!

Tag Archives for " ICO "

Watchdog approves use of UK phone data to help fight coronavirus

The UK’s privacy watchdog has said the government can legally use personal data from people’s mobile phones to track and monitor behaviour if it helps fight the spread of coronavirus.

It emerged last week that the government was in talks with UK mobile phone companies to potentially use anonymous location and usage data to create movement maps, with a 12- to 24-hour delay, to discover whether the public are abiding by lockdown rules.

Source: Watchdog approves use of UK phone data to help fight coronavirus | World news | The Guardian

Scottish company hit with maximum fine for making nearly 200 million nuisance calls

The Information Commissioner’s Office (ICO) has fined CRDNN Limited with the maximum £500,000 fine for making more than 193 million automated nuisance calls.

Operating out of a Clydebank business park, CRDNN Limited was raided by the ICO in March 2018, with computer equipment and documents seized for further analysis of their nuisance call operation.

Source: Scottish company hit with maximum fine for making nearly 200 million nuisance calls | ICO

Cathay Pacific fined £500,000 for failing to secure its customers’ personal data

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.

Source: International airline fined £500,000 for failing to secure its customers’ personal data | ICO

ICO issues maximum pre-GDPR fine on major UK retailer

Last month the Information Commissioner’s Office (ICO), the UK data protection regulator, imposed a monetary penalty notice of £500,000 on electronics retailer DSG Retail Limited (DSG), a company better known by its trading brands, such as Currys PC World and Dixons Travel. DSG is a subsidiary of Dixons Carphone plc.

The personal data breach occurred during a compromise of DSG’s systems in the time period between 24 July 2017 to 25 April 2018 – before GDPR came into force.

The ICO’s decision to impose the maximum penalty is another clear example of the fact that the ICO is determined to use its fining powers when it considers it appropriate and to impose high fines for what it considers to be serious failures.

Source: #Privacy: ICO issues maximum pre-GDPR fine on major UK retailer

ICO Publishes Final Version of Its Age Appropriate Design Code

On January 21, 2020, the UK Information Commissioner’s Office (ICO) published the final version of its Age Appropriate Design Code, which sets out the standards that online services need to meet in order to protect children’s privacy.

The code lists 15 standards that organizations must meet, including requirements to (1) take into consideration the best interests of children, (2) refrain from using children’s personal data in ways that are detrimental to their wellbeing, and (3) ensure that settings are “high privacy” by default.

Source: ICO Publishes Final Version of Its Age Appropriate Design Code

‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech

The UK’s data regulator, the Information Commissioner’s Office (ICO), has issued a warning to any adtech companies which have failed to “use the window of opportunity to engage and transform” their practices – it’s coming for them.

The ICO’s update on its investigation into the adtech sector reveals it focused on specific issues such as the treatment of “special category data” – like race, sexuality and health – as well as how secure data is as it’s passed through the supply chain and the thorny issue of Legitimate Interest.

Source: ‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech | The Drum

Retailer fined half a million pounds for data breach of at least 14 million people

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Source: National retailer fined half a million pounds for failing to secure information of at least 14 million people | ICO

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

ICO launches consultation on draft direct marketing code of practice

The Information Commissioner’s Office (ICO) has launched a public consultation on a draft direct marketing code of practice.

The ICO has previously produced direct marketing guidance and the draft code builds on this, as well as taking into account the input received during the initial call for views. The code takes a practical life-cycle approach to direct marketing.

The code is out for consultation until 4 March 2020 and the final version is expected later this year. You can read the code and take part in the consultation through the ICO website.

Source: ICO launches consultation on draft direct marketing code of practice | ICO

First Ever UK GDPR Penalty is €325k for London Pharmacy

The first ever General Data Protection Regulation (GDPR) penalty in the United Kingdom has been sanctioned against a London-based pharmacy by the Information Commissioner’s Office (ICO).

ICO has fined Doorstep Dispensaree €325,000 (UK£275,000) by the Information Commissioner’s Office (ICO) in relation to its ‘cavalier attitude to data protection’. This decision was taken after it was discovered that that Burnt Oak Broadway, Edgware based pharmacy placed 500,000 medical documents that included sensitive information in unsecured and unlocked containers, disposal bags and in a cardboard box.

Source: First Ever UK GDPR Penalty is €325k for London Pharmacy – Compliance Junction

1 2 3 17
>