recent work

January News Round Up

Plenty has happened in the data protection world through January 2013 – here’s just a short summary of some of the highlights:

  • Sony were fined £250,000 and criticised for poor information security, insufficient control of data processors, and for storing too much information about its customers following last years’ data security incident in which the Playstation network was hacked and the personal information of over 70 million people including credit card details was stolen.


  • The Information Commissioner published his response to the proposed EU Regulation giving ground in some areas while digging his heals in with others.  One big debate is whether the new laws should be a Regulation or a Directive.  Regulations apply directly in every EU Member State whereas directive need to be transposed in a more flexible way into national law.  The EU expects to have the shape of the new law published by June this year.


  • An influential group of British businesses published their thoughts regarding the proposed EU Regulation including the ICO’s right to do unannounced spot checks, the obligation on businesses to appoint a professionally qualified data manager, the requirement to report data breaches, and the right to be forgotten.


  • Cookies Update – the ICO published a review of cookies which basically said what we all thought: some good work has been done by web sites but most still rely on implied consent to place cookies that are not strictly necessary on users devices.  The ICO advises that this approach is unlikely to be lawful but cookies are not a top priority for the British public and therefore not for the ICO.


  • The ICO was critical of local government in his January newsletter over their attitude towards protecting personal data after serving four local councils with monetary penalties totaling over £300,000. The ICO accused councils of treating sensitive personal data in the same routine way they would deal with more general correspondence.


  • New Zealand was bestowed with an EU adequacy ruling making it far easier for UK organisations to transfer personal information to NZ.


  • Data Privacy Day – 28th January came and went without really being noticed!


  • Absolute Data moved into beta testing of its information assurance software DataWISE expected to be released in February.

Tags: , , ,