fbpx

Download free GDPR compliance checklist!

Tag Archives for " ICO "

UK ICO Publishes New Data Sharing Code

On December 17, 2020, the UK Information Commissioner’s Office (ICO) published its Data Sharing Code of Practice following a public consultation which commenced in 2019.

The Code focuses mainly on data sharing among data controllers who are subject to the GDPR and the UK Data Protection Act 2018. Due to the detailed way in which the Code covers data sharing in the context of the GDPR, it will also be of wider interest to data controllers in the EU and beyond – even after the end of the Brexit transition period.

Source: UK ICO Publishes New Data Sharing Code | Alston & Bird Privacy Blog

‘Antiquated process’: UK data regulator on obtaining Cambridge Analytica warrant

The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.

Elizabeth Denham, the information commissioner, spoke to Damian Collins MP, the former chair of the digital, culture, media and sport committee, who led the parliamentary enquiry into disinformation, on his podcast Infotagion. She described discovering that Facebook was inside the offices of defunct electioneering consultancy Cambridge Analytica while in the middle of an interview with Channel 4’s Jon Snow.

Source: ‘Antiquated process’: data regulator on obtaining Cambridge Analytica warrant | Data protection | The Guardian

Ticketmaster fined £1.25m over personal data breach

Ticketmaster has been fined £1.25m for failing to keep the personal data of millions of customers secure.

The online events ticket seller failed to put “appropriate security measures in place” to prevent a cyber-attack on a chat-bot installed on its online payment page, the Information Commissioner’s Office (ICO) in the UK said.

The breach potentially affected 9.4million customers across Europe. As a result, 60,000 payment cards belonging to Barclays Bank customers were subjected to fraud, and another 6,000 cards were replaced by Monzo bank after suspected fraud.

Source: Ticketmaster fined £1.25m over personal data breach

UK’s ICO faces legal action after closing adtech complaint with nothing to show

The UK’s data watchdog is facing a legal challenge after it took the decision to quietly close a complaint against the adtech industry’s high velocity background trading of personal data.

The original complaint — challenging the adtech industry’s compliance with Europe’s General Data Protection Regulation (GDPR) — was filed to the ICO in September 2018 by Jim Killock, executive director of the Open Rights Group, and Michael Veale, a lecturer in digital rights at the University College London.

Source: UK’s ICO faces legal action after closing adtech complaint with nothing to show for it | TechCrunch

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

On October 27, 2020, the UK Information Commissioner’s Office (ICO) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian.

During the investigation, the ICO conducted audits of the direct marketing data broking businesses of the UK’s three largest credit reference agencies  – Experian, Equifax and TransUnion – and found “significant data  protection failures at each” that were “deeply embedded” within the businesses.

Source: ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Data protection scofflaws failed to pay £2m or 68% of fines from UK watchdog

Scofflaws have failed to pay nearly £2m in fines handed out by the UK Information Commissioner’s Office over the past 18 months, according to new research.

Between January 2019 and August 2020, the ICO issued a total of £3.2m in monetary penalty notices but just £1.03m has been paid, according to research from SMS API biz The SMS Works.

When measured as a percentage of the fine amount, nuisance-call operators were the least likely to have paid their fines, with The SMS Works finding that just 13 per cent of penalties handed to such firms had been paid.

Source: Data protection scofflaws failed to pay £2m in fines from UK watchdog – and 68% of penalties are still outstanding • The Register

Marriott International fined £18.4m for 2014 data breach

The UK data regulator has issued Marriott International with a watered-down £18.4 million fine for a data breach that affected 339 million guest records worldwide.

The sum has been significantly reduced from the initial £99 million notice of intent to fine that the Information Commissioner’s Office (ICO) first issued the hotel chain in July 2019. The decision to issue a substantially lower fine once again raises questions as to the effectiveness of GDPR enforcement.

Source: Marriott International fined £18.4m for 2014 data breach | IT PRO

Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices

Experian has been rapped over the knuckles by the UK’s Information Commissioner’s Office (ICO) after it discovered the credit reference agency was trading “millions” of people’s data for marketing purposes.

Instead of issuing a monetary fine, however, the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

In an aggressive response, Experian chief exec Brian Cassin claimed the ICO enforcement notice against his employer “risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis.”

Source: Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices • The Register

Experian faces GDPR action after ICO finds ‘widespread data protection failings’

The Information Commissioner’s Office (ICO) has ordered credit rating giant Experian to stop profiting from the secretive enriching and processing of people’s personal data or face a massive GDPR fine.

The investigation found the three firms were trading, enriching and enhancing people’s personal data without their knowledge or consent. This resulted in products which were used by third-party commercial organisations to find new customers, identify those who were most likely to be able to afford products, and build individual profiles around people.

UK watchdog gives Experian nine-month ultimatum to change ‘illegal’ business practices or face punishment.

Source: Experian faces GDPR action after ICO finds ‘widespread data protection failings’ | IT PRO

ICO probes complaints following allegations Wagamama used Covid-19 track and trace data to survey customers

Wagamama customers in the UK have allegedly been sent a survey after sharing contact details for Covid-19 contact tracing, The Times reports. The Information Commissioner’s Office (ICO) is now making enquiries after receiving a number of complaints about the restaurant chain.

UK regulations state that hospitality venues including restaurants must ask at least one member of every party of customers to provide their name and contact details or use a QR code. Some customers reportedly received a survey after sharing contact details with Wagamama, despite not granting permission.

Source: ICO probes complaints following allegations Wagamama used Covid-19 track and trace data to survey customers

1 2 3 20
>