Seven things you should know about the ICO’s big data report

By Carl Wiper, Senior Policy Officer

Big data is a hot topic at the moment, with businesses, scientists and governments all keen to see what benefits it can offer. But big data is not a game that is played by different rules. If it involves personal data, you need to follow the Data Protection Act. The ICO’s report gives our perspective as the regulator of that law.

big data1. What big data is

Big data is often defined by the so-called ‘three Vs’: volume, variety and velocity: big data typically uses massive datasets, brings together data from different sources and can be used to analyse data in real time. But it is difficult to produce a watertight definition. Big data has been described as a phenomenon rather than a technology, and that’s a useful distinction. Continue reading

Posted in Carl Wiper | Tagged , , , | Leave a comment

Wearable technology – the future of privacy

By Andrew Paterson, Senior Technology Officer

UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year.

Not so long ago, the collection of personal information by body worn devices was limited to trials in specific police forces, and others that could afford the specialist equipment. However, recent progress in hardware means that wearable technology may well become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information to make your life that little bit easier.

wearable-technologyIf you’re one of the more than one million people in the UK who go running each week you may already be familiar with the range of smart bands that can track useful information, such as heart rate, running speed and location, all using something no bigger than a standard watch. All of this can help you improve your times, find out how many calories you burn off and plan your next route. Continue reading

Posted in Andrew Paterson | Tagged , , , , , , , , , , , , | 17 Comments

ICO clarifies rules on charging for access to environmental information

By Thomas Oppé, Senior Policy Officer, Policy Delivery.


While the Environmental Information Regulations do not prompt as many enquiries to the ICO as the Freedom of Information Act, there are still parts of the regulations that require clarification and case law is still emerging.

One of the most notable is how much public authorities can charge for access to environmental information. That’s the focus for two revised pieces of guidance published today, which will be of use to any public authority that handles EIR requests. Continue reading

Posted in Thomas Oppé | Tagged , , , , , | 2 Comments

International study looks at phone app privacy

By Steve Eckersley, Head of Enforcement.

When we published our data protection guidance for app developers just before Christmas, I was shocked to see that half the people surveyed about apps had decided not to download one due to privacy concerns.

ico-blog-tabletThat figure is sure to be a concern for legitimate app developers, who can ill-afford to be losing half of their target audience. But it’s a concern too for data protection regulators: here’s an industry in its formative years that is already raising privacy concerns.

The issue is an international one – many mobile apps are developed abroad, and many sold to a domestic audience from abroad, and so it was an ideal subject to address through the Global Privacy Enforcement Network, of which ICO is a member. Continue reading

Posted in Steve Eckersley | Tagged , , , , , , , , , | 1 Comment

eBay attack is ‘wake-up call to all of us’

By Christopher Graham, Information Commissioner.

On Wednesday, eBay wrote to us to tell us they believed a cyberattack had compromised a database of customer information. We’re actively looking at this situation, with a view to launching a formal investigation. On the face of it, this is a very serious breach.

ico-blog-ebay-dOur response is made complicated by the nature of a big multinational internet company like eBay. They’re an American company, so the Federal Trade Commission will look into this. They’ve got a European headquarters in Luxembourg, and so the Luxembourg data protection authority will lead on an investigation in Europe. And there’s millions of UK citizens affected, so clearly we will be involved where we can. Continue reading

Posted in Christopher Graham | Tagged , , , , , , , | 17 Comments

Four things we’ve learned from the EU Google judgment

By David Smith, Deputy Commissioner and Director of Data Protection.

*UPDATE, 05/06/14: Google has now published a form allowing people to apply to have search results linked to their name removed. The Article 29 Working Party, which brings together data protection authorities from across Europe, has also now commented on the judgment.

ico-blog-search-bThe Court of Justice of the European Union grabbed headlines last week when it ruled in favour of a man who wanted Google to remove information about him from its search results. Here, we reflect on what we’ve learned from that judgment.

We’ve also produced a brief overview of what we see as the main points of the judgment. Continue reading

Posted in David Smith | Tagged , , , , , , , , , , , | 22 Comments

New technologies mean new CCTV code

By Jonathan Bamford, Head of Strategic Liason.

UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year.

It’s fair to say that 2000, when we first published our guidance on CCTV, feels like a very long time ago. Back then, what we meant by CCTV needed little explanation, immediately conjuring up thoughts of video cameras on poles.

ico-blog-droneHow times change. Today we’ve begun consulting on an updated version of our CCTV code of practice that includes everything from automatic recognition of car number plates to flying drones.

Those two examples are both from the emerging technologies section, which perhaps makes for some of the most interesting reading. There’s a section in there on body worn cameras, for instance, which have attracted headlines recently as the Metropolitan Police Service announced their roll out. Continue reading

Posted in Jonathan Bamford | Tagged , , , , , , , , , , , , , | 5 Comments

Nuisance calls and texts: big-name brands can be to blame

By Simon Entwisle, ICO Director of Operations.

A year ago I wrote about the top five myths of unwanted marketing calls and texts. If I was writing that list again today, I think there’d be a worthy contender to be the ‘sixth myth’: that a small minority of rogue companies are behind the calls and texts.

ico-blog-helpline It is certainly true that organisations with little regard for the law do exist, and we spend a chunk of our time looking to target them, but there are just as many – if not more – messages and calls coming from big name, respected organisations.

That’s borne out in the quarterly enforcement update we’ve published today. The update lists the action we’ve taken this year, and features some well-known brands. Continue reading

Posted in Simon Entwisle | Tagged , , , , , , , , , , | 4 Comments

ICO IT security report: your questions answered

Simon Rice, Group Manager for our Technology team, answers questions about our IT security report, which was launched on 12 May 2014.

Posted in ICO | Leave a comment

SQL injection – what is it and what does it mean for you?

By Simon Rice, Group Manager

blog-sql-injectionThere is barely a week that goes by without another website being the subject of a targeted attack. Some make the headlines, but many do not. Often these attacks result in the personal information of thousands of people being compromised and in many cases organisations only learn that they are the victim of an attack when it’s already too late.

Perhaps one of the most common techniques an attacker will use to exploit a vulnerable website can be found in the form of an SQL injection attack. Continue reading

Posted in Simon Rice | Tagged , , , , , , | Leave a comment