‘Now you don’t see it, now you do’ – the dangers of hidden data

By Simon Rice, Group Manager for Technology.

spyman-redactionDetails of 2,000+ residents published online, a £70,000 penalty and an “extremely sorry” local council. That was the result of Islington Council being a little more transparent than it had intended, providing a freedom of information requestor with spreadsheets they didn’t realise included sensitive personal data.

It was, unfortunately, not an isolated incident. Whether it’s a response under the Freedom of Information Act or a reply to a subject access request, there are many different ways to inadvertently include personal data. Continue reading

Posted in ICO | Leave a comment

Has the search result ruling stopped the internet working?

By David Smith, Deputy Commissioner and Director of Data Protection.

SearchIt’s almost 18 months since the EU Court of Justice ruling on search results, and while it’s an appropriate time to reflect on the immediate effects of the judgment, there’s no doubt that for many these effects will have been something of an anti-climax.

The sky has not fallen in. No books have been burned. Serious criminals aren’t free to rewrite their own histories. And the internet has not stopped working. Continue reading

Posted in ICO | Tagged , , , , | Leave a comment

The US Safe Harbor – breached but perhaps not destroyed!

By David Smith, Deputy Commissioner and Director of Data Protection.

Not surprisingly there’s been huge interest in the impact of the judgment of the Court of Justice of the European Union (CJEU) regarding the US Safe Harbor scheme.

For those not in the know, the formal Decision of the European Commission recognising Safe Harbor gave businesses an assurance that if they transferred personal data to members in the US, they would satisfy the legal requirement for personal data transferred outside the EU to be adequately protected. That assurance has now been removed.

Continue reading

Posted in David Smith | Tagged , , , , , | Leave a comment

Collective leadership at the ICO

By Christopher Graham, Information Commissioner

The next few weeks will see some big changes in the leadership of the Information Commissioner’s Office – changes of personnel and changes of approach. I want to take this opportunity to tell our stakeholders about what’s afoot and to explain my thinking.

Continue reading

Posted in Christopher Graham | Tagged , , , | 2 Comments

‘When we talk about offering digital services at the ICO we don’t mean driving customers to the least expensive contact channel’

By Paul Arnold, Head of Customer and Business Services.

digital-servicesProviding modern, fit for purpose, public services, in difficult economic times, is a challenge facing all regulators and public sector bodies. Securing value for money from our investment of public funds is therefore central to the ICO’s information technology and digital by default strategies. In addition, as the regulator of many organisations collecting and processing information through digital services, it’s vital our own digital and wider technology credentials are up to the job. Continue reading

Posted in Paul Arnold | Tagged , , , , , | Leave a comment

Be wary of public Wi-Fi

By Simon Rice, Group Manager for Technology.

Wi-FiIf you’re among the many who make use of free Wi-Fi services in our shops, hotels, train stations and airports, you may have noticed how different the sign-up process can be – ranging from just a simple click, to completing a lengthy form before you get online.

With so many organisations responsible for public Wi-Fi and the widely differing requests for personal information we decided to take a look at some of the Wi-Fi networks available on the UK high street. The results highlighted that while some networks did not request any personal data, others asked for varying amounts. In one case, this included a full name, postal and email address, mobile number, gender, as well as asking for a date of birth. Only the gender question was optional, the rest mandatory. Continue reading

Posted in Simon Rice | Tagged , , , , , , , | Leave a comment

Does your website have a leak?

By Simon Rice, Group Manager for Technology

IT securityAs any developer knows, today’s websites and mobile apps can be complex beasts, with far more going on behind the scenes than the typical user realises.

Central to getting the right functionality can be coordinating a range of sources to pull in content. That can mean connections to many third party sources such as social media, weather, adverts and news feeds. Developers are also able to link to code libraries, such as jQuery or font definitions                                                                                       hosted on third-party websites.

Problems can arise when the first party website leaks personal data to third-party sites by mistake. A simple example of how this can happen is through the HTTP referer header. Each time a user sends a request for a webpage, the browser will normally send the URL of the webpage they were previously viewing.

Continue reading

Posted in Simon Rice | Leave a comment

Businesses: how to prepare for the EU reforms

By David Smith, Deputy Commissioner and Director of Data Protection.

eu-blog-2You may have seen my recent blog offering an update on progress on EU data protection regulation reforms.

Negotiations are very much ongoing, but if all goes according to plan, we’ll know pretty much what’s going to be in the Regulation by the end of this year. There’ll still be plenty of process to go through before final adoption, including translation. On the most optimistic forecasts, the two year run in period is unlikely to start much before June 2016, with the Regulation in force in June 2018, though end of 2018 might be a more realistic prospect. Continue reading

Posted in David Smith | Tagged , , , | Leave a comment

ICO investigating charity data sharing

By Christopher Graham, Information Commissioner

junk-mailThe reports in the Daily Mail about data sharing in the charity sector are clearly concerning. We’ve launched an investigation to work out exactly what has happened, and if the law’s been broken then we will take action.

The Data Protection Act is very clear: the very first principle is that your data should only be processed fairly and lawfully. What has been described in the papers this week doesn’t look like that. If Samuel Rae is still being plagued with unwanted mail and unwanted approaches, then it is really beside the point whether or not he ticked a box in 1994. Continue reading

Posted in Christopher Graham | Tagged , , , , , , , , | Leave a comment

What’s the latest on the ICO privacy seals?

By Gemma Farmer, Senior Policy Officer.

Privacy seal

It’s been a little while since we talked about the ICO’s plans to introduce a brand new, consumer facing privacy seal for UK data controllers.

Since then we’ve continued beavering away behind the scenes, laying the legal and technical foundations and exploring how to best achieve the high level of consumer recognition that will be essential to the success of the privacy seal. Putting these in place is taking a little time, but once these foundations are ready, we will publish the final framework criteria and invite proposals from potential scheme operators who would like to run an ICO endorsed privacy seal scheme. Continue reading

Posted in Gemma Farmer | Tagged , , , , , | Leave a comment