Does the ICO have enough power to stop data breaches? ANALYSIS Last week was a big one for data breaches in the UK, as Zurich was hit with a £2.27 million fine for losing customer information.
It was the biggest fine ever handed out by the Financial Services Authority (FSA) for a data security failing. Later in the week, the Information Commissioner’s Office (ICO) found both Yorkshire Building Society and DSG Retail, the owner of PC World, in breach of the Data Protection Act. In the case of DSG Retail, eight customer credit agreements containing personal and financial data were found in a skip outside a PC World store. Yorkshire Building Society had an unencrypted laptop containing customer information stolen. In both cases no fine was handed out, even though the ICO now has the ability to hand out a £500,000 penalty for “serious” breaches of the Act. When the new powers were announced, the ICO said the information Commissioner will adopt “a pragmatic and proportionate approach to issuing an organisation with a monetary penalty.”
Hogan Lovells Submits Comments on Proposed EU Regulation to UK Ministry of Justice. The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March.
On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients since the proposals first became public knowledge. A copy of the submission is available here. This project was initiated and organized by London data protection partner Quentin Archer, with contributions by London partner Roger Tym, Paris partner Winston Maxwell and other lawyers in the firm's privacy practice.
ICO consults on data protection guidance for the media. ICO to publish code of practice for the press on personal data. 30-year retrospective on UK data protection. UK Government Concerned About European Data Protection Reform Pr. The Leveson proposal. Ico fine non compliance 8 data principle. UK Justice committee criticise EU DPD. UK seeks input on proposed changes to EU data protection laws. UK law not properly implementing DPD. UK Ministry of Justice opens data protection consultation. UK— The Ministry of Justice is inviting people and companies to have their say on current data protection law in the UK, as part of a continuing review of the European Union’s data protection directive.
The call for evidence, which is open until 6 October, is designed to furnish the government with “a solid evidence base to use in negotiations with other European Union parties”, said justice minister Lord McNally (pictured). Press superinjunctions show privacy can be had for a price. EU Commission to take UK to court over alleged privacy law failings. New privacy law needed - justice minister. The Tory-Lib Dem coalition government is considering a new privacy law rather than allowing judges to create one by stealth, the justice minister Lord McNally hinted last night.
He said there was a "general consensus" that legislation was needed that "clarifies, consolidates and removes some of the more dangerous aspects of the way case law has grown up". In an interview with the Daily Telegraph, the Lib Dem minister said: "If we are going to have a privacy law, it should be openly debated and freely decided by parliament. " The coalition last month unveiled plans for a major review of defamation law following concerns over "libel tourism". There have also been concerns over the use of superinjunctions against the media – such as the ones sought by oil trading firm Trafigura in 2009, and former England football captain John Terry in January of this year – in which even the existence of an injunction that prevents a newspaper publishing a story cannot be reported. EU threatens UK again over data protection laws. Unless the Information Commissioner's Office (ICO) is given the power to conduct random checks on organisations for compliance with data protection law and issue penalties based on those checks the European Commission will take action, it said.
Mandatory data breach notifications: an opportunity for change - 20/07/2010. UK data protection law should be court in the Act Disclosure of data breaches will be mandatory for all UK organisations within a few years, but data privacy experts say this will be a good thing only if it is done with the right objectives.
Nearly half of UK organisations polled believe UK data protection laws are too relaxed, with 87% saying organisations should be forced to disclose when sensitive data is breached. From May 2011, internet service providers and telecoms companies will be required by law to disclose data breaches under the current European Union data protection directive. A revised directive under consideration is likely to expand that requirement to all organisations, and EU member countries will have to revise their laws to reflect that. In making the new laws, the UK will use the opportunity to build a better regulatory framework for data protection, says Stewart Room, partner at Field Fisher Field Fisher Waterhouse. Punishment doesn't work Court date for citizens.
Response to UK MoJ call for evidence. Extension of compulsory audit powers required to enhance data protection. European Commission Postpones Revision of the General Data Protection Directive.