fbpx

Download free GDPR compliance checklist!

Tag Archives for " UK "

UK looks to replace passwords with biometric technology to reduce NHS login time

The U.K. government is investing £40 million (USD$52 million) in multi-factor authentication technology to upgrade NHS staff computer login system and reduce employee login time, which has reportedly brought great stress and dissatisfaction among staff members.

The system will focus on a partnership with IT system suppliers to replace password logins with biometric multi-factor logins such as fingerprint access, making sure trusts comply and update processes so that staff is granted the access permission needed, and merging local with national system so healthcare facilitators can access all clinical and workforce systems. The upgrade will not only save time logging into different IT systems, but it will also boost infrastructure security.

Source: UK looks to replace passwords with biometric technology to reduce NHS login time | Biometric Update

Retailer fined half a million pounds for data breach of at least 14 million people

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Source: National retailer fined half a million pounds for failing to secure information of at least 14 million people | ICO

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019.

The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). ICO will now have until March 31, 2020 to finalize the penalties imposed on both British Airways and Marriott, which were the result of two high-profile data breaches and subsequent ICO investigations.

Source: ICO Delays British Airways and Marriott GDPR Fines

ICO launches consultation on draft direct marketing code of practice

The Information Commissioner’s Office (ICO) has launched a public consultation on a draft direct marketing code of practice.

The ICO has previously produced direct marketing guidance and the draft code builds on this, as well as taking into account the input received during the initial call for views. The code takes a practical life-cycle approach to direct marketing.

The code is out for consultation until 4 March 2020 and the final version is expected later this year. You can read the code and take part in the consultation through the ICO website.

Source: ICO launches consultation on draft direct marketing code of practice | ICO

First Ever UK GDPR Penalty is €325k for London Pharmacy

The first ever General Data Protection Regulation (GDPR) penalty in the United Kingdom has been sanctioned against a London-based pharmacy by the Information Commissioner’s Office (ICO).

ICO has fined Doorstep Dispensaree €325,000 (UK£275,000) by the Information Commissioner’s Office (ICO) in relation to its ‘cavalier attitude to data protection’. This decision was taken after it was discovered that that Burnt Oak Broadway, Edgware based pharmacy placed 500,000 medical documents that included sensitive information in unsecured and unlocked containers, disposal bags and in a cardboard box.

Source: First Ever UK GDPR Penalty is €325k for London Pharmacy – Compliance Junction

Campaigners threaten UK parties with legal action over data processing

Open Rights Group issue urgent notice to Labour, Conservatives and Lib Dems, representing three individuals.

A data rights group has threatened legal action against the Conservatives, Labour and the Liberal Democrats over the parties’ use of personal data ahead of Thursday’s election.

Source: Campaigners threaten UK parties with legal action over data processing

UK ICO publishes new guidance on special category data

On November 14, 2019, the UK Information Commissioner’s Office (ICO) published detailed guidance on the processing of special category data.

The guidance sets out

  • what are the special categories of data,
  • the rules that apply to the processing of special category data under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 (DPA);
  • the conditions for processing special category data; and
  • additional guidance on the substantial public interest condition, including what is an “appropriate policy document”.

Source: UK ICO publishes new guidance on special category data

The ICO are owed £7m in unpaid fines

The Information Commissioner’s Office (ICO) are struggling to collect monetary penalties from organisations it has fined since 2015.

152 fines have been issued since 2015, equating to £16.6 million – however, 30% are still unpaid which amounts to over £7 million.

Fines handed to charities and public organisations have all been paid, however the main culprits for non-payment are in the claims management industry. The industry has received a total of £3.2 million in fines, yet only £490,000 has been collected, and an overwhelming 84% remains unpaid.

Source: #Privacy: The ICO are owed £7m in unpaid fines

Google to let sites block personalized ads under California privacy law 

Websites and apps using Google’s advertising tools will be able to block personalized ads to internet users in California and elsewhere as part of the Alphabet Inc unit’s effort to help them comply with the state’s new privacy law.

The California Consumer Privacy Act (CCPA), which goes into effect on Jan. 1, requires large businesses to let consumers opt out of the sale of their personal data. Lobbying by internet companies earlier this year failed to have the law exclude personalized ads, leaving the most popular and lucrative online ads in jeopardy.

Source: Google to let sites block personalized ads under California privacy law – Reuters

>