fbpx

Download free GDPR compliance checklist!

Tag Archives for " ICO "

‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech

The UK’s data regulator, the Information Commissioner’s Office (ICO), has issued a warning to any adtech companies which have failed to “use the window of opportunity to engage and transform” their practices – it’s coming for them.

The ICO’s update on its investigation into the adtech sector reveals it focused on specific issues such as the treatment of “special category data” – like race, sexuality and health – as well as how secure data is as it’s passed through the supply chain and the thorny issue of Legitimate Interest.

Source: ‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech | The Drum

Retailer fined half a million pounds for data breach of at least 14 million people

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Source: National retailer fined half a million pounds for failing to secure information of at least 14 million people | ICO

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

ICO launches consultation on draft direct marketing code of practice

The Information Commissioner’s Office (ICO) has launched a public consultation on a draft direct marketing code of practice.

The ICO has previously produced direct marketing guidance and the draft code builds on this, as well as taking into account the input received during the initial call for views. The code takes a practical life-cycle approach to direct marketing.

The code is out for consultation until 4 March 2020 and the final version is expected later this year. You can read the code and take part in the consultation through the ICO website.

Source: ICO launches consultation on draft direct marketing code of practice | ICO

First Ever UK GDPR Penalty is €325k for London Pharmacy

The first ever General Data Protection Regulation (GDPR) penalty in the United Kingdom has been sanctioned against a London-based pharmacy by the Information Commissioner’s Office (ICO).

ICO has fined Doorstep Dispensaree €325,000 (UK£275,000) by the Information Commissioner’s Office (ICO) in relation to its ‘cavalier attitude to data protection’. This decision was taken after it was discovered that that Burnt Oak Broadway, Edgware based pharmacy placed 500,000 medical documents that included sensitive information in unsecured and unlocked containers, disposal bags and in a cardboard box.

Source: First Ever UK GDPR Penalty is €325k for London Pharmacy – Compliance Junction

UK ICO Issues Draft Guidance on Explaining Decisions Made by AI

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI. The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.

The guidance sets out key principles to follow and steps to take when explaining AI-assisted decisions — including in relation to different types of AI algorithms — and the policies and procedures that organizations should consider putting in place.

Guidance is out for consultation until January 24 2020.

Acces ICO AI guidelines.

UK ICO publishes new guidance on special category data

On November 14, 2019, the UK Information Commissioner’s Office (ICO) published detailed guidance on the processing of special category data.

The guidance sets out

  • what are the special categories of data,
  • the rules that apply to the processing of special category data under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 (DPA);
  • the conditions for processing special category data; and
  • additional guidance on the substantial public interest condition, including what is an “appropriate policy document”.

Source: UK ICO publishes new guidance on special category data

The ICO are owed £7m in unpaid fines

The Information Commissioner’s Office (ICO) are struggling to collect monetary penalties from organisations it has fined since 2015.

152 fines have been issued since 2015, equating to £16.6 million – however, 30% are still unpaid which amounts to over £7 million.

Fines handed to charities and public organisations have all been paid, however the main culprits for non-payment are in the claims management industry. The industry has received a total of £3.2 million in fines, yet only £490,000 has been collected, and an overwhelming 84% remains unpaid.

Source: #Privacy: The ICO are owed £7m in unpaid fines

UK’s data regulator again warns ad tech over GDPR compliance

U.K. data protection authority, The Information Commissioner’s Office, has stepped up its warning for the ad tech industry to get its house in order quickly if it is to comply with the European Union’s General Data Protection Regulation (GDPR) and avoid heavy fines.

The ICO held an “ad tech fact-finding forum” in London on Tuesday. It discussed the data protection watchdog’s latest findings since it released a report in June taking the ad tech and real-time bidding marketplace to task on GDPR compliance and giving the industry six months to clean up its act. This summer the ICO said the industry’s current real-time bidding protocols violate GDPR. At the time, the ICO outlined “key areas of concern” including issues such as companies’ treatment of sensitive, “special category” data and the often substandard contractual agreements to protect how bid-request data is shared between vendors.

Source: UK’s data regulator again warns ad tech over GDPR compliance – Digiday

ICO concerned by mass health data-sharing with advertisers

The UK’s data regulator has expressed deep concerns over reports that some of the most popular health websites are sharing sensitive data with advertisers across the world.

The majority of prominent health websites embed tracking cookies in users’ browsers without explicit consent to allow third-party companies to track them while surfing the internet.

This data is then transmitted to a swathe of advertising platforms including Amazon and Facebook, with the majority of data sent to Google’s DoubleClick targeted ad platform. This includes information like medical symptoms, diagnoses, drug names and fertility information.

Source: ICO concerned by mass health data-sharing with advertisers | IT PRO

>