Top tips to think about now for a merry information rights Christmas

By Laura Middleton, Enforcement Team Manager.

holiday-blog“It’s beginning to look a lot like Christmas,
Ev’rywhere you go,
Take a look at floors one to ten, lots of empty seats there again
Let’s hope there isn’t cause to call the ICO.”

With many offices shutting down for the festive season and plenty of extended leave, it can mean organisations are running on a skeleton staff.

Continue reading

Posted in Laura Middleton | Tagged , , , | Leave a comment

“Would you like us to email you a receipt?”

By Garreth Cameron, Group manager for Business and Industry.

e-receipt-blogOn the surface it’s a simple question increasingly being asked by high street retailers. But sometimes this simple question doesn’t tell the full story.

An e-receipt can be more convenient at times, but it is also a way for shops to collect personal data about their customers and send them marketing.

Continue reading

Posted in Garreth Cameron | Tagged , , , , | Leave a comment

Information Commissioner updates on WhatsApp / Facebook investigation

‘We think consumers deserve a greater level of information and protection, but so far Facebook hasn’t agreed’

By Elizabeth Denham, Information Commissioner.


Eight weeks ago I said my office would look into the approach WhatsApp had decided to take in sharing customer information with Facebook. It’s one of the roles of the Information Commissioner to pull back the curtain on how organisations use personal data, and I wanted to give you an update on what we’ve done so far.

Continue reading

Posted in Elizabeth Denham, ICO | Tagged , , | 1 Comment

Cyber security – what does my organisation need to do? Answers from questions at our webinar

By Simon Rice, Group Manager for Technology.

cyber-security-blogCyber security is a frontline issue and a boardroom issue, not just a matter for information security experts. If you hold personal data and that data is on a device connected to the Internet, then the customers, patients   or citizens the information relates to are at risk of that information being attacked.

Last month David Freeland, from the ICO’s Scotland office, and I presented a webinar on cyber security.

Continue reading

Posted in Simon Rice | Tagged , , | Leave a comment

How the ICO will be supporting the implementation of the GDPR

By Elizabeth Denham, Information Commissioner.


The government has now confirmed that the UK will be implementing the General Data Protection Regulation (GDPR). The Secretary of State Karen Bradley MP used her appearance before the Culture, Media and Sports Select Committee to say:

“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”

Continue reading

Posted in Elizabeth Denham | Tagged , , , | Leave a comment

Closing the back door on nuisance call directors

By Andy Curry, Enforcement Group Manager.


Since the government changed the law in April 2015 to make it easier for us to fine the companies behind nuisance calls, we’ve issued more than £2.7 million in penalties.

It’s a figure that sends out a clear message that the companies behind this nuisance will be held to account.

Continue reading

Posted in Andy Curry | Tagged , , , , | 1 Comment

Transparency, innovation and building a culture of data confidence and trust

By Jo Pedder, Interim Head of Policy Delivery.


It is often argued that if people are increasingly willing to share information on social media and to allow their data to be collected by mobile apps, they’re presumably less concerned about how their data is being collected and processed. It won’t surprise you to learn that we don’t buy it.

Continue reading

Posted in Jo Pedder | Tagged , | Leave a comment

International Right to Know Day 2016 – Four ways the ICO is helping promote openness by public bodies

By Steve Wood, Interim Deputy Commissioner.

rtkd2016-blogInternational Right to Know Day is an annual occasion designed to promote freedom of information worldwide.

In 2016, 250 years since the launch of the world’s first Freedom of Information law in Sweden, the right to request information from public bodies is as important as ever to democracy.

Continue reading

Posted in ICO, Steve Wood | Tagged , , , , | Leave a comment

Don’t get caught out by subject access requests

By Sally-Anne Poole, Enforcement Group Manager.

sar-blogThe ICO’s recent fine for a data breach at a GP surgery in Hertfordshire was the direct result of a subject access request gone wrong.

The practice revealed confidential details about a patient to an estranged ex-partner because there were insufficient systems in place for staff to deal with subject access requests (SAR).

The fallout in this case was huge distress to the family, damage to the organisation’s reputation and a £40,000 fine. It’s easy to imagine how bad the person responsible for dealing with subject access requests at the practice must feel. And yet such a devastating data breach could so easily have been avoided.

Continue reading

Posted in ICO, Sally-Anne Poole | Tagged , | Leave a comment

The what, why and how of transferring data to the USA

By Steve Wood, Interim Deputy Commissioner.

horizonIt’s more than two years since a then little-known privacy campaigner decided to dispute Facebook’s compliance with EU data protection laws.

Max Schrems’ case would travel from Dublin to Luxembourg, and ultimately have ramifications from Stockholm to Silicon Valley.

Continue reading

Posted in ICO, Steve Wood | Tagged , , | Leave a comment