By Andrew Paterson, Senior Technology Officer
UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year.
Not so long ago, the collection of personal information by body worn devices was limited to trials in specific police forces, and others that could afford the specialist equipment. However, recent progress in hardware means that wearable technology may well become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information to make your life that little bit easier.
If you’re one of the more than one million people in the UK who go running each week you may already be familiar with the range of smart bands that can track useful information, such as heart rate, running speed and location, all using something no bigger than a standard watch. All of this can help you improve your times, find out how many calories you burn off and plan your next route. Continue reading
Posted in Andrew Paterson
Tagged andrew paterson, body worn devices, CCTV, data protection, Google Glass, IT, personal information, police, security, Surveillance Camera Commissioner, technology, wearable technology, wearables
By Thomas Oppé, Senior Policy Officer, Policy Delivery.
While the Environmental Information Regulations do not prompt as many enquiries to the ICO as the Freedom of Information Act, there are still parts of the regulations that require clarification and case law is still emerging.
One of the most notable is how much public authorities can charge for access to environmental information. That’s the focus for two revised pieces of guidance published today, which will be of use to any public authority that handles EIR requests. Continue reading
By Steve Eckersley, Head of Enforcement.
When we published our data protection guidance for app developers just before Christmas, I was shocked to see that half the people surveyed about apps had decided not to download one due to privacy concerns.
That figure is sure to be a concern for legitimate app developers, who can ill-afford to be losing half of their target audience. But it’s a concern too for data protection regulators: here’s an industry in its formative years that is already raising privacy concerns.
The issue is an international one – many mobile apps are developed abroad, and many sold to a domestic audience from abroad, and so it was an ideal subject to address through the Global Privacy Enforcement Network, of which ICO is a member. Continue reading
By Christopher Graham, Information Commissioner.
On Wednesday, eBay wrote to us to tell us they believed a cyberattack had compromised a database of customer information. We’re actively looking at this situation, with a view to launching a formal investigation. On the face of it, this is a very serious breach.
Our response is made complicated by the nature of a big multinational internet company like eBay. They’re an American company, so the Federal Trade Commission will look into this. They’ve got a European headquarters in Luxembourg, and so the Luxembourg data protection authority will lead on an investigation in Europe. And there’s millions of UK citizens affected, so clearly we will be involved where we can. Continue reading
By David Smith, Deputy Commissioner and Director of Data Protection.
*UPDATE, 05/06/14: Google has now published a form allowing people to apply to have search results linked to their name removed. The Article 29 Working Party, which brings together data protection authorities from across Europe, has also now commented on the judgment.
The Court of Justice of the European Union grabbed headlines last week when it ruled in favour of a man who wanted Google to remove information about him from its search results. Here, we reflect on what we’ve learned from that judgment.
We’ve also produced a brief overview of what we see as the main points of the judgment. Continue reading
Posted in David Smith
Tagged Article 29 Working Party, compliance, Court of Justice of the European Union, data controllers, data protection, David Smith, European Data Protection Directive, Google, individuals, personal data, right to be forgotten, search engines
By Simon Entwisle, ICO Director of Operations.
A year ago I wrote about the top five myths of unwanted marketing calls and texts. If I was writing that list again today, I think there’d be a worthy contender to be the ‘sixth myth’: that a small minority of rogue companies are behind the calls and texts.
It is certainly true that organisations with little regard for the law do exist, and we spend a chunk of our time looking to target them, but there are just as many – if not more – messages and calls coming from big name, respected organisations.
That’s borne out in the quarterly enforcement update we’ve published today. The update lists the action we’ve taken this year, and features some well-known brands. Continue reading
Posted in Simon Entwisle
Tagged BSkyB, central government, concerns, data controllers, EE, enforcement, individuals, non-notification, nuisance calls, Simon Entwisle, spam texts
Simon Rice, Group Manager for our Technology team, answers questions about our IT security report, which was launched on 12 May 2014.
By Simon Rice, Group Manager
There is barely a week that goes by without another website being the subject of a targeted attack. Some make the headlines, but many do not. Often these attacks result in the personal information of thousands of people being compromised and in many cases organisations only learn that they are the victim of an attack when it’s already too late.
Perhaps one of the most common techniques an attacker will use to exploit a vulnerable website can be found in the form of an SQL injection attack. Continue reading
By Simon Rice, Group Manager.
Sadly, the most commonly used passwords continue to be ‘123456’ and ‘password’. While individuals have a clear role to play in using sensible passwords and not repeating their use across all websites, as an organisation there are still steps you should be taking to keep people’s information secure.
As a first step, you should make sure that service users are able to use passwords that include a combination of numbers, symbols and lower and upper case letters, to access your website or service. By adopting this approach your users can create passwords which will take longer for hackers to crack, providing your organisation with more time to identify an attack and take action to stop it. Continue reading