fbpx

Download free GDPR compliance checklist!

Tag Archives for " UK "

Marriott International fined £18.4m for 2014 data breach

The UK data regulator has issued Marriott International with a watered-down £18.4 million fine for a data breach that affected 339 million guest records worldwide.

The sum has been significantly reduced from the initial £99 million notice of intent to fine that the Information Commissioner’s Office (ICO) first issued the hotel chain in July 2019. The decision to issue a substantially lower fine once again raises questions as to the effectiveness of GDPR enforcement.

Source: Marriott International fined £18.4m for 2014 data breach | IT PRO

Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices

Experian has been rapped over the knuckles by the UK’s Information Commissioner’s Office (ICO) after it discovered the credit reference agency was trading “millions” of people’s data for marketing purposes.

Instead of issuing a monetary fine, however, the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

In an aggressive response, Experian chief exec Brian Cassin claimed the ICO enforcement notice against his employer “risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis.”

Source: Experian vows to drag UK’s Information Commissioner’s Office to court after being told off for data-slurping practices • The Register

Experian faces GDPR action after ICO finds ‘widespread data protection failings’

The Information Commissioner’s Office (ICO) has ordered credit rating giant Experian to stop profiting from the secretive enriching and processing of people’s personal data or face a massive GDPR fine.

The investigation found the three firms were trading, enriching and enhancing people’s personal data without their knowledge or consent. This resulted in products which were used by third-party commercial organisations to find new customers, identify those who were most likely to be able to afford products, and build individual profiles around people.

UK watchdog gives Experian nine-month ultimatum to change ‘illegal’ business practices or face punishment.

Source: Experian faces GDPR action after ICO finds ‘widespread data protection failings’ | IT PRO

ICO probes complaints following allegations Wagamama used Covid-19 track and trace data to survey customers

Wagamama customers in the UK have allegedly been sent a survey after sharing contact details for Covid-19 contact tracing, The Times reports. The Information Commissioner’s Office (ICO) is now making enquiries after receiving a number of complaints about the restaurant chain.

UK regulations state that hospitality venues including restaurants must ask at least one member of every party of customers to provide their name and contact details or use a QR code. Some customers reportedly received a survey after sharing contact details with Wagamama, despite not granting permission.

Source: ICO probes complaints following allegations Wagamama used Covid-19 track and trace data to survey customers

UK police get access to people told to self-isolate

People who have been told to self-isolate through NHS test and trace could have their contact details passed to police, a move some fear could deter people from being tested for coronavirus.

Police forces will be able to access information about people “on a case-by-case” basis, so they can learn whether an individual has been told to self-isolate, the Department of Health and Social Care (DHCS) said.

Source: Police get access to people told to self-isolate by NHS test and trace

ICO probes Klarna after newsletter emailed to customers in error

Klarna, a Swedish provider of payment solutions, surprised some UK consumers this week when it mistakenly sent a marketing email to people who had not opted in to receive the weekly newsletter.

Klarna, a Swedish provider of payment solutions, mistakenly sent a marketing email to people who had not opted in to receive the weekly newsletter. And the ICO had received more than 90 complaints from members of the public.

Source: ICO probes Klarna after newsletter emailed to customers in error – PrivSec Report

UK government under pressure to prove data adequacy to EU

The UK government is coming under increasing pressure to convince Brussels regulators that the country’s data protection landscape is fit for EU personal data, amid wider concerns that UK surveillance practices compromise the security of EU standards.

On 13 October the UK’s upper chamber, the House of Lords, published a report on the future relationship between the UK and the EU in the business world, highlighting their worry that “there is a possibility that the Commission may not grant the UK a data adequacy decision,” for data transfers from the bloc after the Brexit transition period concludes at the end of the year.

“We call on the Government to push for the assessment to be concluded as soon as possible, to give businesses in the UK and EU legal certainty and time to prepare,” the Lords’ report added.

Source: UK government under pressure to prove data adequacy to EU – EURACTIV.com

ICO fines British Airways £20m for data breach affecting more than 400,000 customers

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

Source: ICO fines British Airways £20m for data breach affecting more than 400,000 customers | ICO

Five Eyes governments, India, and Japan make new call for encryption backdoors

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.

The statement is the alliance’s latest effort to get tech companies to agree to encryption backdoors.

The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.

Source: Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet

ICO Launches Consultation on Its Draft Statutory Guidance

On October 1, 2020, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft Statutory Guidance.

The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Source: ICO Launches Consultation on Its Draft Statutory Guidance

>