The UK Information Commissioner raises the concerns about the “staggeringly inaccurate” face recognition systems used by the police

May 16, 2018

Facial recognition technology has long been touted as an effective tool in crime prevention and investigation as well as important for national security.  It is also touted as a way of improving efficiency in business and through social media.  Unfortunately the hype does not match the facts.  The algorithms and the quality of images that power facial recognition technology are often below par leading to many false positives.  The technology is also plagued by Read the rest of this entry »

UK Information Privacy Commissioner releases comprehensive guide for lawful basis for processing data under the General Data Protection Regulation

May 14, 2018

The issue of consent is very significant under all data protection acts, not least the Australian Privacy Act 1988.  The UK Information Commissioner has released its guidance on consent.  While it is directly applicable to the obligations under the General Data Protection Regulation (the GDPR) the contents will be of use in the Australian context.  Issues relating to consent are common across jurisdictions and the UK Information Commissioner’s guidances are generally Read the rest of this entry »

The UK Information Commissioner releases its Guide to the General Data Protection Regulation

May 6, 2018

The UK Information Commissioner’s Office (the ICO) produces excellent guides relating to UK and EU laws. They are much clearer, specific and, therefore, useful than the guidances produced by the Australian Information Commissioner.  Given the legislation and regulations in this area of the law is principles based having good guidances is critical.

The ICO has produces its Guide to the General Data Protection Regulation (GDPR).  A 171 page tome on all matters relating to compliance with the GDPR.  The GDPR is about to take effect in Europe, on 25 May 2018 to be precise.  It’s impact will range farther than the borders of the European Union.    Even Mark Zuckerberg in his much vaunted testimony to Congress in April said Facebook would, eventually, comply with the GDPR.

The GDPR differs from the Australian Privacy Principles.  It is much more comprehensive.  However that does not mean that they are not relevant for Australian practitioners.  Companies with a significant presence in the EU will need to be aware of the GDPR requirements.  At the local level Read the rest of this entry »

UK Information Commissioners Office fines data supplier 80,000 pounds and sends a warning to the data broking industry

November 6, 2017

The Information Commissioner’s Office has been an active regulator in the United Kingdom.  The legislation in the United Kingdom, the Data Protection Act, empowers the ICO to levy heavy monetary penalty notices, technical terms for fines. In Australia the Information Commissioner can commence civil penalty proceedings which penalties of up to $1.7 million.  Each regulator has its own regulatory armaments.  The difference is that the ICO is active.  The Australian Information Commissioner is not.

This fine is the first by the ICO involing the data broking industry.

The ICO  issued a monetary penalty notice, fining Verso Group (UK) Limited for supplying personal information to another company, Prodial Ltd which used that data to make 46 million nuisance calls.  Prodial received a record fine but the investigation continued and went to the source of the data.  That is quite a common feature of regulatory investigations.  Commonly one investigation for Read the rest of this entry »

UK Information Commissioners office fines Nottinghamshire Council 70,000 pounds for leaving vulnerable peoples personal information on line for 5 years

September 5, 2017

The UK Information Commissioner’s Office has again taken action for breaches of data security. This time it issued a monetary penalty notice, of £70,000, against the Nottinghamshire Council for exposing the personal information of vulnerable people for 5 years.  While the legislative structures are different the assertive approach by the ICO compares favourably to the lethargic and timid approach taken by the Australian Privacy Commissioner.

The nub of the problem was that Nottinghamshire County Council had set up a portal to allow social care providers to confirm that they had capacity to support a vulnerable person.  The architecture of the portal was flawed.  A member of the public discovered Read the rest of this entry »

UK Information Commissioner fines a North London council for security flaw which exposed thousands of people’s personal information

August 20, 2017

The UK Information Commissioner (“ICO”) continues to set a brisk pace in taking action against data breaches, this time imposing a £70,000 fine on the Islington Council for failing to keep personal information secure on its parking ticket system website.  It highlights that breaches of privacy laws are as much about ensuring that personal information is secure from potential breach as responding to a breach itself.  The infraction can be just as costly.

In the case of Islington council the ICO found that its website which allowed people to see an image of their parking offence had design faults which Read the rest of this entry »

UK Information Commissioner slaps a 100,000 pound fine on Telco firm TalkTalk for failing to look after its customer’s data

August 18, 2017

TalkTalk has had a dreadful few years courtesy of data breaches.  In 2016 it received a record fine of £400,000 for theft of personal data involving 157,000 customers which had not been encrypted as a result of a hack in 2015.  It later estimated Read the rest of this entry »

Federal Trade Commission halts company that used information in loan applications to sell personal information to third parties wanting leads for their own business purposes for the pu

July 20, 2017

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

Royal Free London NHS Foundation Trust enters into undertaking because of the breach of the Data Protection Act in turning over sensitive medical data of around 1.6million patients to DeepMind

July 15, 2017

The UK Information Commissioner’s Office (the “ICO”) has its detractors however as a regulator it has been by far more energetic than its Australian equivalent.  The legislative structure is different as is the resourcing.  The UK Data Protection Act provides more scope for enforcement action and the penalties can be swingeing.  That said the approach taken by the ICO in both adopting an educational approach, the carrot, but also high profile and tough regulatory action, monetary penalty notices, highlights a difference with the Office of the Information Commissioner, which has been all about the education and very little about the enforcement. That has had a deleterious effect on privacy and data protection compliance in Australia.

The ICO took action against the Royal Free London NHS Foundation Trust for failing to Read the rest of this entry »

The Australian Competition and Consumer Commission sends warning about phishing

June 20, 2017

The Australian Competition and Consumer Commission (ACCC) has issued an alert about phishing scams stating that so far this eyar there have been 11,000 reports and a loss of $260,000.  Given under reporting is the norm it is likely that the losses are much greater.

The media release provides:

The ACCC is warning people to stay alert to ‘phishing’ scammers pretending to be from well-known businesses and government departments trying to con unsuspecting victims out of their personal information and money. Read the rest of this entry »