Welcome To The Data Leak Lawyers Blog

New ICO powers to fine organisations up to £17 million

Law changes in the coming months mean that the Information Commissioner’s Office (ICO) enforcement powers will no longer be subject to a maximum penalty fine of only £500,000. If any person, company or organisation is found to have breached Data Protection laws in the U.K., they may find themselves slapped with a much heftier fine.

The new maximum fine can be 4% of the company’s global turnover or €20million (almost £17million); whichever is the largest.

The government is introducing this as they adopt stricter E.U. laws for data protection into U.K. legislation. Despite Brexit, the government have said that the new regulation will be implemented by May 2018 in any event.
read more

By Author

ICO study deems website privacy notices are too vague and inadequate

National statistics suggest that 87.9% of all adults in the U.K. use the internet. With some 45.9 million internet users, almost all Britons have access to the internet at work or for leisure.

Most of us carry a smartphone or an internet-connected device and are regularly checking the news, making purchases, watching videos, or logged in to social media. In one day, we may have visited over 20 sites, and the question is: how many of these take information about you and use it without your knowledge or consent? How many websites are truly safe?
read more

By Author

Multiple British intelligence and law enforcement agencies to investigate Uber hack and cover-up

Uber recently admitted to a historic data breach that compromised personal data belonging to some of its 57 million users and drivers worldwide. With six million of those users in the U.K., a significant number of people in Britain are expected to be potentially at risk of further criminal activity like fraud and digital harassment.

To make matters worse, the breach happened a year ago in October 2016, but instead of telling the authorities, Uber decided to ‘handle it’ by finding the hackers and paying them off to keep quiet.
read more

By Author

ICO fines Verso Group £80,000 for breaching data protection laws

The Information Commissioner’s Office (ICO) has issued an £80,000.00 fine to broking company Verso Group (UK) Limited. The ICO found that the company violated data protection laws because it didn’t adequately inform data subjects what was being done to their personal information.

Whilst investigating two other companies for breaches of the Privacy and Electronic Communications Regulations, the ICO noticed that Verso Group may have been supplying the two companies with personal information for the others to send unsolicited direct marketing communications to unwilling subjects. One of the companies, Prodial Ltd, was fined for making 46 million nuisance calls and was subsequently fined £350,000 by the ICO.
read more

By Author

Three NHS employees found guilty of illegal data snooping

Despite Information Commissioner’s Office (ICO) warnings, NHS employees are continuing to breach data protection laws. We again see employees being found guilty of illegally accessing medical records belonging to people they know – i.e. family, friends, neighbours and colleagues – we assume this data snooping is merely to satisfy their curiosity.

In this latest batch, three perpetrators were fined by the ICO for their clear and obvious breaches, and we are yet again left wondering what can be done to stop these continual events happening.
read more

By Author

Does a company have to report a data breach?

The simple answer is – at the moment – no.

Companies and organisations are responsible for data breaches, but don’t have to report them, although it’s generally deemed as good practice to report a breach. However, they do not always have a legal obligation to report a data breach under the Data Protection Act (DPA), but this is all set to change in 2018 when the EU GDPR comes into force.

So, in the near future, reporting certain breaches will actually be mandatory…
read more

By Author

ICO publishes useful guides on the new GDPR

Head of policy and engagement at the Information Commissioner’s Office, Jo Pedder, points to useful guidance on the new EU General Data Protection Regulation that is set to come into force come May 2018.

The regulation will bring in some major changes as to how organisations are expected to look after personal data and the responsibilities in disclosing them to the authorities and affected individuals. The changes could mean huge punishments for organisations who fail to take their data protection responsibilities seriously.
read more

By Author

Dyfed-Powys Police Force signs undertaking after multiple data breaches reported

Dyfed-Powys Police Force in Wales signed an undertaking with the Information Commissioner’s Office (ICO) after a number of data breaches over an 18 month period were identified.

The ICO was alerted to the seriousness of multiple incidents that indicated a potential lack of data protection training and protocols. Although none of the breaches appear to have had any underlying malicious intent, the ICO recognised the seriousness of the repeated data breaches.
read more

By Author

London Borough of Islington fined £79,000 for security flaw that may have compromised personal data belonging to 89,000 people

The Information Commissioner’s Office (ICO) has found that the London Borough of Islington is liable for breaching data protection duties through their reported failure to keep 89,000 people’s personal data safe on an online parking ticketing database.

Information including sensitive health details, disabilities and financial details were reportedly not properly secured.

Islington Council uses a ‘Ticket Viewer’ system to allow members of the public to review CCTV images or videos of the parking offence so they may check any tickets issued, and it is this system that is at the centre of the breach.
read more

By Author

Provident Personal Credit Limited fined £80,000 for sending a million nuisance texts over six month period

The Information Commissioner’s Office (ICO) has concluded investigations into a Bradford-based credit loan company after 285 complaints were made over unwarranted ‘nuisance’ text messages.

Provident Personal Credit Ltd reportedly employed third party vendors to send 999,057 text messages to promote their services. The text messages were unwarranted as the recipients had not agreed to receive such correspondence for marketing purposes.
read more

By Author