‘When we talk about offering digital services at the ICO we don’t mean driving customers to the least expensive contact channel’

By Paul Arnold, Head of Customer and Business Services.

digital-servicesProviding modern, fit for purpose, public services, in difficult economic times, is a challenge facing all regulators and public sector bodies. Securing value for money from our investment of public funds is therefore central to the ICO’s information technology and digital by default strategies. In addition, as the regulator of many organisations collecting and processing information through digital services, it’s vital our own digital and wider technology credentials are up to the job. Continue reading

Posted in Paul Arnold | Tagged , , , , , | Leave a comment

Be wary of public Wi-Fi

By Simon Rice, Group Manager for Technology.

Wi-FiIf you’re among the many who make use of free Wi-Fi services in our shops, hotels, train stations and airports, you may have noticed how different the sign-up process can be – ranging from just a simple click, to completing a lengthy form before you get online.

With so many organisations responsible for public Wi-Fi and the widely differing requests for personal information we decided to take a look at some of the Wi-Fi networks available on the UK high street. The results highlighted that while some networks did not request any personal data, others asked for varying amounts. In one case, this included a full name, postal and email address, mobile number, gender, as well as asking for a date of birth. Only the gender question was optional, the rest mandatory. Continue reading

Posted in Simon Rice | Tagged , , , , , , , | Leave a comment

Does your website have a leak?

By Simon Rice, Group Manager for Technology

IT securityAs any developer knows, today’s websites and mobile apps can be complex beasts, with far more going on behind the scenes than the typical user realises.

Central to getting the right functionality can be coordinating a range of sources to pull in content. That can mean connections to many third party sources such as social media, weather, adverts and news feeds. Developers are also able to link to code libraries, such as jQuery or font definitions                                                                                       hosted on third-party websites.

Problems can arise when the first party website leaks personal data to third-party sites by mistake. A simple example of how this can happen is through the HTTP referer header. Each time a user sends a request for a webpage, the browser will normally send the URL of the webpage they were previously viewing.

Continue reading

Posted in Simon Rice | Leave a comment

Businesses: how to prepare for the EU reforms

By David Smith, Deputy Commissioner and Director of Data Protection.

eu-blog-2You may have seen my recent blog offering an update on progress on EU data protection regulation reforms.

Negotiations are very much ongoing, but if all goes according to plan, we’ll know pretty much what’s going to be in the Regulation by the end of this year. There’ll still be plenty of process to go through before final adoption, including translation. On the most optimistic forecasts, the two year run in period is unlikely to start much before June 2016, with the Regulation in force in June 2018, though end of 2018 might be a more realistic prospect. Continue reading

Posted in David Smith | Tagged , , , | Leave a comment

ICO investigating charity data sharing

By Christopher Graham, Information Commissioner

junk-mailThe reports in the Daily Mail about data sharing in the charity sector are clearly concerning. We’ve launched an investigation to work out exactly what has happened, and if the law’s been broken then we will take action.

The Data Protection Act is very clear: the very first principle is that your data should only be processed fairly and lawfully. What has been described in the papers this week doesn’t look like that. If Samuel Rae is still being plagued with unwanted mail and unwanted approaches, then it is really beside the point whether or not he ticked a box in 1994. Continue reading

Posted in Christopher Graham | Tagged , , , , , , , , | Leave a comment

What’s the latest on the ICO privacy seals?

By Gemma Farmer, Senior Policy Officer.

Privacy seal

It’s been a little while since we talked about the ICO’s plans to introduce a brand new, consumer facing privacy seal for UK data controllers.

Since then we’ve continued beavering away behind the scenes, laying the legal and technical foundations and exploring how to best achieve the high level of consumer recognition that will be essential to the success of the privacy seal. Putting these in place is taking a little time, but once these foundations are ready, we will publish the final framework criteria and invite proposals from potential scheme operators who would like to run an ICO endorsed privacy seal scheme. Continue reading

Posted in Gemma Farmer | Tagged , , , , , | Leave a comment

The EU Regulation – approaching the home straight?

By David Smith, Deputy Commissioner and Director of Data Protection.


As Brussels takes its summer holidays (we soldier on here at the ICO!), it’s an opportune time to again take stock of what still needs to be done before we see the EU’s data protection reforms in place. Back in February, I said we’re not even in the home straight, let alone close to the finishing line. This blog brings positive news of real progress. There’s still some way to go, but that home straight does seem closer. Continue reading

Posted in David Smith | Tagged , , , , , | Leave a comment

Personal data in leaked datasets is still personal data

By Simon Rice, Group Manager for Technology

Personal data in leaked datasets is still personal dataThey say ‘no publicity is bad publicity’, but after spending most of the week trending on Twitter, I wonder if the users of the Ashley Madison site might disagree.

Having already prompted a flurry of news stories when the online attack of the Ashley Madison servers was first revealed, this week we’ve seen another wave of coverage as the personal data was published online. Continue reading

Posted in Simon Rice | Tagged , , , , , | Leave a comment

Insurers using subject access requests to see medical information

The Information Commissioner has been considering the emerging practice of insurance companies obtaining medical records by using patients’ subject access rights.

We recognise that insurance companies may have a genuine need to review medical information about its customers when providing policies like life and critical illness cover. Continue reading

Posted in ICO | Tagged , , , | Leave a comment

Crimewatch: exposing one of the most common DPA exemptions

Today we’ve launched an update of our guidance around one of the most commonly used exemptions under the Data Protection Act – crime and taxation.

Disclosing information to prevent or detect crime may seem a fairly straightforward exemption on the surface, but once organisations have to consider real-world examples, it can appear more complex. Continue reading

Posted in Thomas Oppé | Tagged , , , , | Leave a comment