Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: UK

Posted in International/EU Privacy

Recap on the ICO Stance on Data Security

The UK’s Information Commissioner’s Office is known to prefer an “engaging” rather than an enforcement approach with organisations. However, when looking at the “action we’ve taken” page on the ICO website the ICO’s enforcement activity seems to be increasing by the day. While the ICO has stated that it wants to focus its enforcement efforts going forward on unsolicited marketing, such as nuisance messages and calls, breaches of security requirements have to date attracted the majority of the ICO’s enforcement attention. Therefore, organisations operating in the UK would be well-served to focus on understanding and adhering to the ICO’s expectations for data security compliance.

Posted in International/EU Privacy

UK Government Seeks to Preserve Data Retention Powers

On 10 July, the UK government announced cross-party backing for emergency legislation designed to ensure that the police and security services can continue to access communications data held by communications service providers for the purpose of investigating criminal activity and protecting national security. This is in response to the recent European Court of Justice judgment of 8 April 2014 in joined cases (C-293/12 Digital Rights Ireland & C-594/12 Seitlinger) which declared the Data Retention Directive (2006/24/EC) invalid.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Survey Exposes Gaps in UK Companies’ Readiness for Cyber Threats

A recent survey from the UK Government’s Department for Business, Innovation and Skills has highlighted that the majority of FTSE 350 firms are not regularly taking cyber risks into account in their decision making. Despite a growing international trend in cyber crime targeted at businesses, the survey showed that only 14 percent of FTSE 350 companies regularly consider cyber threats, and nearly half of those surveyed do not even include cyber risks on their company’s strategic risk register.

Posted in International/EU Privacy

UK ICO Suggests Preparations for Draft EU Data Protection Regulation

The continued uncertainty around the draft EU Data Protection Regulation presents something of a challenge for data controllers. It’s clear that it could require them to make significant changes to how they handle individuals’ data, but the ongoing fundamental political disagreements make it difficult to predict which changes will make it into the final form of the legislation. So it is interesting to see the recommendations on the UK ICO’s blog on where to start in preparing for reforms, highlighting three areas: consent, breach notification, and privacy by design.

Posted in Consumer Privacy, International/EU Privacy

UK ICO Publishes Guidance on Social Networking and Online Forums

The UK Information Commissioner’s Office recently published new guidance on the application of data protection laws to social networking and online forums that clarifies that organizations operating social networking sites or online forums may have responsibilities as data controllers under the UK Data Protection Act, including the responsibility to take reasonable steps to check the accuracy of any personal data posted on its site by third parties.

Posted in International/EU Privacy

UK ICO Publicizes Concerns on Draft Data Protection Regulation

Concerned that the prescriptive nature of the proposed EU Data Protection Regulation will impose a significant additional administrative burden on regulators, the UK Information Commissioner’s Office as published on its website a letter to the Secretary of State for Justice which re-states the Information Commissioner’s concerns about the proposed Regulation.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

UK Publishes Call for Evidence on Proposed EU Cybersecurity Directive

In February 2013 the European Union published the EU Cyber Security Strategy and accompanying proposed Directive. Now, in anticipation of the implementation of the Directive, the UK’s Department for Business, Innovation and Skills (BIS) has published a call for evidence to look at the impact of the Directive upon businesses in the UK.

Posted in International/EU Privacy

UK Parliament Committee Requests Written Evidence on Proposed EU Data Protection Framework

On June 28, the UK Parliament Justice Select Committee, chaired by Sir Alan Beith MP, issued a request for written evidence for its new inquiry into the European Union Data Protection framework proposals, including the much-debated proposal for a new EU Data Protection Regulation. This post discusses the questions posed by the request.

Posted in News & Events

Blogging from the IAPP London Data Protection Intensive

IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains an instant report from today’s opening session, and summarizes the comments of UK’s Information Commissioner and Yahoo’s Vice-President for EMEA Advertising Marketplaces. The comments of the Information Commissioner are especially insightful regarding enforcement, cookies, and the pending European Regulation.

Posted in International/EU Privacy

Hogan Lovells Submits Comments on Proposed EU Regulation to UK Ministry of Justice

The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March. On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients.

Posted in International/EU Privacy

London Privacy Workshop Seeks Input for UK Consultation

Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.

Posted in International/EU Privacy

EU Article 29 Working Party Report on ISP and Telecom Carrier Data Retention for Law Enforcement Purposes

Winston Maxwell, a partner in Hogan Lovells’ Paris Office prepared this entry. On July 13, 2010 the EU’s Article 29 Data Protection Working Party adopted a report (http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp172_en.pdf ) describing how ISPs and telecom carriers retain traffic data for law enforcement purposes in Europe. The European Data Retention Directive 2006/24/EC (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML) was supposed to harmonize national […]

Posted in International/EU Privacy

New UK government website for public access to official data

The UK government has announced plans to launch a new website www.data.gov.uk , which will allow public access to official data, and has called on web-founder Sir Tim Berners-Lee, to assist.  The website aims to improve transparency and will be similar to the US site ‘data.gov’, which already includes information from the US defense department and NASA. The plan, initiated by […]

Posted in Cybersecurity & Data Breaches, International/EU Privacy

UK Government consults on custodial sentences for data protection offences

Under the Data Protection Act 1998 (“DPA”), it is an offense to knowingly or recklessly obtain or disclose personal data, or the information contained in personal data, without the consent of the data controller.  Section 55 of the DPA details the offenses and any exclusions, or defenses, which may apply.  It also sets out the procedure […]

Posted in International/EU Privacy

New Notification Fee for Data Controllers in the UK

The United Kingdom Information Commissioner’s Office ("ICO") has announced that with effect from 1 October 2009, a new notification fee of £500 will be payable by some larger organizations.  This is the first change to the fee structure since the Data Protection Act 1998 became law in 2000. Notification is the process by which data […]

Posted in Cybersecurity & Data Breaches

UPS Ltd Subject of UK Data Security Enforcement

UPS Ltd has joined the ever-increasing number of companies featuring in the ‘Enforcement’ section of the UK Information Commissioner’s website, for failing to ensure the adequate security of personal data, which was held on an unencrypted laptop. Security is one of the key data protection principles set out in Schedule 1, Part 1, of the […]