FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 100, column 0: content:encoded should not contain data-id attribute [help]

<li>To report a concern to the ICO telephone our helpline 0303 123 1113 or g ...

line 138, column 0: content:encoded should not contain decoding attribute (2 occurrences) [help]
```
<td><img decoding="async" id="__mcenew" src="https://www.gigacycle.co.uk/wp- ...
```

Source: https://www.gigacycle.co.uk/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Gigacycle</title>
<atom:link href="https://www.gigacycle.co.uk/feed/" rel="self" type="application/rss+xml" />
<link>https://www.gigacycle.co.uk</link>
<description>Secure IT Asset Disposal, Data Destruction, I.T Asset Remarketing and Asset Management, I.T Redeployment and Computer Recycling</description>
<lastBuildDate>Fri, 07 May 2021 11:39:40 +0000</lastBuildDate>
<language>en-GB</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<image>
<url>https://www.gigacycle.co.uk/wp-content/uploads/2016/11/cropped-Recycle-symbol-1-32x32.png</url>
<title>Gigacycle</title>
<link>https://www.gigacycle.co.uk</link>
<width>32</width>
<height>32</height>
</image>
<item>
<title>British Airways</title>
<link>https://www.gigacycle.co.uk/news/british-airways/</link>
<comments>https://www.gigacycle.co.uk/news/british-airways/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Fri, 16 Oct 2020 09:47:42 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/british-airways/</guid>
<description><![CDATA[The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers. Go to Source
The post <a href="https://www.gigacycle.co.uk/news/british-airways/">British Airways</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers. 
<a href="http://ico.org.uk/action-weve-taken/enforcement/british-airways/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/british-airways/">British Airways</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/british-airways/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>ICO fines British Airways £20m for data breach affecting more than 400,000 customers</title>
<link>https://www.gigacycle.co.uk/news/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400000-customers/</link>
<comments>https://www.gigacycle.co.uk/news/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400000-customers/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Fri, 16 Oct 2020 09:15:51 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400000-customers/</guid>
<description><![CDATA[The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers. An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures...
The post <a href="https://www.gigacycle.co.uk/news/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400000-customers/">ICO fines British Airways £20m for data breach affecting more than 400,000 customers</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.
An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.
ICO investigators found BA ought to have identified weaknesses in its security and resolved them with security measures that were available at the time.
Addressing these security issues would have prevented the 2018 cyber-attack being carried out in this way, investigators concluded.
Information Commissioner Elizabeth Denham said: “People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”
Because the BA breach happened in June 2018, before the UK left the EU, the ICO investigated on behalf of all EU authorities as lead supervisory authority under the GDPR. The penalty and action have been approved by the other EU DPAs through the GDPR’s cooperation process.
In June 2019 the ICO issued BA with a notice of intent to fine. As part of the regulatory process the ICO considered both representations from BA and the economic impact of COVID-19 on their business before setting a final penalty.
<h3>Details of the cyber attack</h3>
The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.
Other details thought to have been accessed include the combined card and CVV numbers of 77,000 customers and card numbers only for 108,000 customers.
Usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were also potentially accessed.
<h3>Failure to prevent the attack</h3>
There were numerous measures BA could have used to mitigate or prevent the risk of an attacker being able to access the BA network. These include:
<ul>
<li>limiting access to applications, data and tools to only that which are required to fulfil a user’s role</li>
<li>undertaking rigorous testing, in the form of simulating a cyber-attack, on the business’ systems;</li>
<li>protecting employee and third party accounts with multi-factor authentication.</li>
</ul>
Additional mitigating measures BA could have used are listed in the penalty notice.
None of these measures would have entailed excessive cost or technical barriers, with some available through the Microsoft Operating System used by BA.
Since the attack, BA has made considerable improvements to its IT security.
<h3>Lack of awareness of the attack</h3>
ICO investigators found that BA did not detect the attack on 22 June 2018 themselves but were alerted by a third party more than two months afterwards on 5 September. Once they became aware BA acted promptly and notified the ICO.
It is not clear whether or when BA would have identified the attack themselves. This was considered to be a severe failing because of the number of people affected and because any potential financial harm could have been more significant.
Notes to Editors
<ol>
<li>The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.</li>
<li>The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.</li>
<li>This penalty was issued under the Data Protection Act 2018 for infringements of the GDPR.</li>
<li>The GDPR sets out six basic principles organisations must comply with in processing personal data. These are: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; security; accountability. This penalty deals with failures by BA regarding the security and accountability principles.</li>
<li>The ICO’s investigation involved various exchanges with BA and considered detailed submissions and evidence. The penalty process involved issuing BA with a Notice of Intent indicating an intention to impose a penalty and offering BA the chance to submit representations.</li>
<li>BA announced the Notice of Intent on the London Stock Exchange and the ICO responded with a statement.</li>
<li>The ICO applied the legislative framework in conjunction with the ICO’s Regulatory Action Policy, which states that before issuing fines we take into account economic impact and affordability. The RAP is currently under review as part of the ICO’s consultation on its Statutory Guidance.</li>
<li>Where, as here, the processing in issue is cross-border, Article 56 of the GDPR makes provision for the designation of a lead supervisory authority. In this case, the ICO acted as the lead supervisory authority.</li>
<li>The ICO completed the Article 60 process prior to the issuing of the penalty. Article 60 of the GDPR provides that the lead supervisory authority shall cooperate with the other supervisory authorities concerned in an endeavour to reach consensus. This includes submitting a draft decision to the other supervisory authorities concerned for their opinion and taking due account of their views.</li>
<li>Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the ICO.</li>
<li>To report a concern to the ICO telephone our helpline 0303 123 1113 or go to <a title="Make a complaint" href="/make-a-complaint/" data-id="1143">ico.org.uk/concerns.</a></li>
</ol>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400000-customers/">ICO fines British Airways £20m for data breach affecting more than 400,000 customers</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400000-customers/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Engagement key in protecting people’s privacy across the UK during the pandemic</title>
<link>https://www.gigacycle.co.uk/news/engagement-key-in-protecting-peoples-privacy-across-the-uk-during-the-pandemic/</link>
<comments>https://www.gigacycle.co.uk/news/engagement-key-in-protecting-peoples-privacy-across-the-uk-during-the-pandemic/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Tue, 13 Oct 2020 11:30:16 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/engagement-key-in-protecting-peoples-privacy-across-the-uk-during-the-pandemic/</guid>
<description><![CDATA[13 October 2020 Information Commissioner Elizabeth Denham highlights the positive results of the ICO’s engagement with the UK devolved administrations on the use of data in the fight against COVID-19. In times of crisis, the value of collaboration is crucial. That’s been central to the...
The post <a href="https://www.gigacycle.co.uk/news/engagement-key-in-protecting-peoples-privacy-across-the-uk-during-the-pandemic/">Engagement key in protecting people’s privacy across the UK during the pandemic</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[13 October 2020
<h3>Information Commissioner Elizabeth Denham highlights the positive results of the ICO’s engagement with the UK devolved administrations on the use of data in the fight against COVID-19.</h3>
In times of crisis, the value of collaboration is crucial. That’s been central to the ICO’s approach during the pandemic, whether that’s benefiting from the shared expertise of international colleagues through the Global Privacy Assembly, or working alongside organisations within the UK.
Last month, I wrote about the engagement with the Department of Health and Social Care on the England and Wales NHS COVID-19 app, and how this positive relationship encouraged the necessary consideration of people’s data protection rights within the app.
We have enjoyed similar positive engagement in Northern Ireland, Scotland and Wales, where public health is a devolved matter. My offices have been working closely with the devolved administrations and other public bodies since the start of the pandemic to ensure that any COVID-19-related projects adopted a privacy by design approach.
This work has included advice and guidance on the shielding and manual contact tracing programmes, the collection of customer details, as well as the Data Protection Impact Assessments (DPIAs) for proximity apps in Northern Ireland and Scotland. We provided feedback on areas including automated decision making, improving transparency information and clarity on people’s information rights and legal basis.
Northern Ireland was the first administration in the UK to launch a proximity app, and the first app in the world to have interoperability with another country, in this case with the Republic of Ireland. The NI Department of Health (DoH) used the ICO’s expectations document as reference for prospective developers. To ensure full transparency and open public collaboration, the source code, the related DPIA and correspondence with the ICO on the StopCOVID NI app have been published by DoH.
The DoH continued to engage with my office in Northern Ireland while working on the recent update of their app, which is now available to children aged 11 and above. We were clear that children’s privacy and level of understanding must be considered in all aspects of the app’s design.
The Scottish Government has worked openly and transparently with my Edinburgh office to ensure people’s information is being handled appropriately. This engagement assisted in increased understanding of the data flows and helped, in the case of the Protect Scotland App, to produce a clear, unambiguous and accessible DPIA that has received very positive feedback.
And my team in Wales played a key role in facilitating and supporting discussions between health bodies and local authorities as the Test, Trace, Protect programme was developed. The collaboration from the authorities involved in the delivery of the programme allowed us to provide advice that will help reassure the Welsh public that their data is being processed lawfully.
Additionally, our engagement with DHSC around the development of the England and Wales COVID-19 app meant that we were able to provide timely and relevant advice to the Welsh Government on how the app would impact the personal data of Welsh citizens.
Our regional support has not just been about working with the public sector. Our local advice services have been busy dealing with enquiries from businesses, organisations and members of the public based in Northern Ireland, Scotland and Wales, providing tailored advice reflecting any differences in the devolved approaches to the COVID-19 response and information rights more generally. In Wales, this includes the provision of advice in the Welsh language for Welsh speaking stakeholders.
What’s important throughout is that people’s privacy rights are being considered at the heart of those apps and services. That’s crucial to trust, so people have the confidence to download an app or to hand over their data to help supress the spread of COVID-19.
Our responsibility as a regulator is to support and advise organisations to comply with data protection law. And my regional offices are best placed to provide guidance to and engage with the three devolved administrations and other local stakeholders to ensure people’s privacy continues to be protected.
<table border="0">
<tbody>
<tr>
<td><img decoding="async" id="__mcenew" src="https://www.gigacycle.co.uk/wp-content/uploads/2020/10/elizabeth-denham-1.jpg" alt="Elizabeth Denham" /></td>
<td>Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.</td>
<td></td>
</tr>
</tbody>
</table>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/engagement-key-in-protecting-people-s-privacy-across-the-uk-during-the-pandemic/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/engagement-key-in-protecting-peoples-privacy-across-the-uk-during-the-pandemic/">Engagement key in protecting people’s privacy across the UK during the pandemic</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/engagement-key-in-protecting-peoples-privacy-across-the-uk-during-the-pandemic/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Keynote at PDP’s 19th annual data protection conference</title>
<link>https://www.gigacycle.co.uk/news/keynote-at-pdps-19th-annual-data-protection-conference/</link>
<comments>https://www.gigacycle.co.uk/news/keynote-at-pdps-19th-annual-data-protection-conference/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Thu, 08 Oct 2020 13:31:45 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/keynote-at-pdps-19th-annual-data-protection-conference/</guid>
<description><![CDATA[  I began my career as an archivist, and I’ve always had a passion for records, for dusty papers tucked away in a basement. We tend to see archives as a way of reviewing the past, of being able to find a different contextual perspective...
The post <a href="https://www.gigacycle.co.uk/news/keynote-at-pdps-19th-annual-data-protection-conference/">Keynote at PDP’s 19th annual data protection conference</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[ 
I began my career as an archivist, and I’ve always had a passion for records, for dusty papers tucked away in a basement. We tend to see archives as a way of reviewing the past, of being able to find a different contextual perspective on a period of history. But what always strikes me when I spend any time reading through historic documents is how much they inform contemporary challenges.
The unique events we face aren’t always quite as unprecedented as we think.
Everything changes and nothing changes.
And so today I’m going to talk about some of the data protection questions we’ve been asked to engage with across a unique year. And I’m going to set out how the answers to a lot of those questions are generally the same as they have ever been.
I’ll talk about what we might consider when we move out of the pandemic, and society takes stock of new priorities and new considerations.
I’ll give a quick overview of where the ICO sits in this, and our evolution as a regulator.
And I’ll end by looking ahead, and considering how we might prepare for an uncertain future.
But first, as I’m saying the past informs how we approach the present, let’s start with what we can learn from an Edwardian English novelist born in 1879.
I was recommended EM Forster’s short story The Machine Stops by a member of my book club, who suggested that despite it being over a century old, I might find it unnervingly prescient.
She was right.
Forster describes a world where people live in pods, and interact only via digital screens.
It is a society in which all music, all learning, all healthcare, all communication with friends and family happens digitally, with a sentient digital assistant managing the information flow.
People don’t entirely understand what goes on behind those screens – how they are connected with other people, how their information if used – but they use it because the Machine makes their lives easier.
I’m sure there’s plenty you recognise from aspects of our world today.
That entwined, interconnected relationship between society and technology has never been clearer than during this pandemic
The pandemic has changed society, not just in the UK but globally. Technology and innovation responded to that change: whether playing a crucial role in keeping us in touch with friends and family, or helping us to continue to attend health appointments or conferences like this.
We’ve seen an acceleration in the uptake of digital services that we would otherwise have expected to take years.
This accelerated progress brought new questions. Organisations asking how their staff can work on sensitive data from home? How they best collect customer details for contact tracing? Can they carry out tests to check whether staff have coronavirus?
We know how hard the data protection community has been working to support their businesses and their organisations in continuing to operate effectively.
And we’ve been pleased that our timely and pragmatic advice in answering questions and providing guidance has played a part in that.
The pandemic has brought new questions – how many employers started the year planning to temperature check every employee as they arrived for work, I wonder? But interesting point here is that while the answers my office has provided will have been pretty recognisable to all of you data protection experts.
The same themes come up.
Are you being transparent with people about what you want to do with their data and why?
Are people being treated fairly, and in ways they would expect?
A lot of this comes down to accountability, a topic I’ll return to shortly.
It’s important too to consider that technology changes fast, but society’s views shift too. Before lockdown, would people have been content with a representative of the government phoning them up to take a list of everyone they’ve been in contact with? Or a supermarket being given their health status?
COVID-19 has brought an increased pragmatism: people’s attitudes have responded to a threat to their health. As the pandemic passes, we should expect to see society’s attitude shift again, but we shouldn’t assume the dials will return to where they were they were at the start of 2020.
This is a theme that I believe will characterise the next year, not just across data protection, but far more broadly:
As we emerge from the pandemic, and as we respond to potential financial pressures, we will see society taking stock across a range of issues.
From our relationship with the NHS to our relationship with our employers, people will want to reassess where their priorities lie, and what balances there needs to be around liberty, privacy, innovation and prosperity.
These are interconnected discussions. Again, to best understand the present, we should consider the past.
Whenever I stop to think about how data protection has changed even just in the past five years, I’m reminded of a partner at a law firm who confessed to me that he only started specialising in data protection and privacy because it seemed quiet and fairly straightforward. Needless to say, that is not his view now!
We are all busy. When I speak to other regulators around the world, I hear the same thing. And that’s because data protection has become so complicated and central to our lives. We’re dealing with tough, tough questions. And we are being asked to find the answers quicker.
And I don’t just mean the complexity of the law, or the technology. Ours is a principles-based law, that requires us to consider subjective questions of what is fair, what is reasonable, what is proportionate? There are tough questions we have to answer on behalf of society – I’m thinking of those ‘would people be happy if we did this with their data’ questions – that society itself hasn’t decided on yet.
If someone has their bag snatched in the street, are they happy for police to use facial recognition technology to track down the perpetrator?
When someone searches the web for information on their medical condition, how much explanation do they need around adtech?
How much privacy will people sacrifice to allow for greater movement and liberty during the pandemic? 
And so often, as a community we are playing catch up, retrofitting the privacy implications of technology that is already in place.
This was the case with my office’s work on our Age Appropriate Design Code – we are working to protect children’s data within an internet that wasn’t build with youngsters in mind.
It’s not been an easy piece of work, and the challenges – of retrofitting protections, of collaborating and liaising with so many stakeholders, of saying ‘just because you’ve done something for a while doesn’t make it ok’ – those are challenges I think many of you will recognise from your own work.
But it’s been a rewarding file for me personally, and that’s because I see where it makes a difference.
So often we deal with broad terms like citizens and consumers, and our work can feel a little removed or philosophical. But the kids code is an example of a file where I’ve spoken with parents about the very real impact bad data processing had on their children. I can see how this work affects the individual.
I see it in other cases too. How our work on the gangs matrix changes the life of a young man wrongly labelled on a database, for instance. And I’m sure you see it in your own work.
Data protection is deeply personal.
Perhaps the clearest example recently is the controversy around the algorithm used for A-level exam results. As an eighteen-year-old student, this could be your first engagement with data protection, with algorithms, with more opaque processing. How is that young person’s attitude to data protection being shaped by this early experience?
Let’s jump briefly back to EM Forster, and his novella, The Machine Stops.
I don’t want to spoil how the story ends, but I would say it is a dystopian vision, and they tend to not have a happy ending!
Let me say this: the people’s relationship with Forster’s Machine – a machine that provides their communication, education and entertainment – is based not on trust, but on relying only on the machine’s functionality. There’s no explanation of how their information is used. And so when the functionality begins to fail, a backlash quickly gains momentum.
And that, I think, is a message our community can still learn from more than a hundred years on.
Participation in new business processes and innovation only happens at scale and at pace when it has the public’s trust and confidence.
Is your organisation’s relationship with customers is based only on functionality? Does your organisation’s confidence in your innovation blind you to the importance of building customer trust? Then you best hope that functionality doesn’t fail, because the backlash could come quicker than you think.
And that’s why your role, as data protection professionals is so important.
At its most basic, data protection is about protections for consumers, for citizens, for people. But the law was born in the 1970s out of a concern that the potential of emerging technology would be lost if society didn’t embrace innovation. The law reassures people they can support innovation, safe in the knowledge there are checks and balances in place to protect them, with an independent regulator who has their back.
And so our role as data protection professionals is to protect both people and innovation.
We need show people how the machine works to build their trust.
Organisations need to be clearer why an app needs their data, where their data is going, how an algorithm works, what AI processing is going on.
As society takes stock of who it trusts, your work has never been so important.
I have role to play in that. My office needs to be there to help you succeed. We need to make sure our work helps your organisation to protect people’s data by following the law, and helps you to encourage people’s trust in the digital innovation – both private sector and public.
I think we have been able to do that more and more through an evolution in how we regulate. Let me give three examples.
Firstly, we are taking an approach that is more collaborative than ever, with regulators and organisations working together.
As a modern regulator, our approach is focused on working alongside organisations, helping them to make changes and improvements to comply with the law to reduce mistakes and misuse of people’s data. Working to get it right at the outset results in better outcomes for businesses and customers.
This really is the work that we are largely set up to deliver – about three quarters of my staff work in roles of this type.
Examples of this work include working with public authorities and supermarkets, so they could share information to support people shielding during Covid-19. Our report into the extraction of data from the mobile phones of victims and witnesses set out expectations of the police that have since been accepted as a sensible and empathetic way forward. And on the access to information side, we have launched our Freedom of Information toolkit for public authorities.
Secondly, we have put a greater emphasis than ever on supporting innovation, that key aspect of why we have data protection.
In the past few months we have published guidance on how Artificial Intelligence can comply with the law, set out how we will support businesses to better protect children’s data online, and have confirmed our continuing support to innovators through partnership with other regulators. Our Sandbox continues to help organisations using personal data to develop innovative services, from the use of data to support student mental health wellbeing at universities to an airport looking to use facial recognition to replace boarding cards.
Our advice and support focuses firmly on enabling innovation to happen: I hope it is clear that the days when data protection regulation was seen as a blocker to innovative business have long passed.
We will continue offering this support, with guidance scheduled on data sharing and accountability, and an information hub dedicated to helping SMEs.
And thirdly, we’re engaging more than ever with the wider regulatory community. I mentioned earlier how the difficult questions we get asked, the tough problems that fall on my desk, so often engage broader societal questions. We are at that intersection between tech, law and society.
And as data becomes less the trail that we leave behind us, and more the very medium through which we live our lives, so data protection becomes so, so broad.
This has a big impact on your work. I am sure many of you will have found aspects of your work overlapping with financial regulation, or content moderation.
As the Information Commissioner, my office cannot answer all the questions alone.
And so the ICO is now part of the UK Regulators Network, seeing the challenges other regulators are facing, and learning from each other.
We’re helping embed data protection by design into other regulators’ models of regulation, so that a holistic approach is conveyed to organisations. Our work around AI is a good example of this, as is our work with the CMA and Ofcom on digital regulation.
And there’s our international work. Chairing the Global Privacy Assembly, and building those global links to the benefit of people and organisations here in the UK.
I’ve covered today some of the data protection questions we’ve been asked across this unique year, and how everything changes and yet nothing changes.
I’ve spoken about what we might consider as society takes stock in a post COVID world. About the complexity of data protection, but its real value too, as an enabler of innovation, as a supporter of public trust.
And I’ve talked about the ICO’s own evolution.
I’d like to end by looking ahead, and considering how we might prepare for an uncertain future.
The first point to make here is that the ICO doesn’t make the weather on DP legislation
My role is not to make or shape laws. Our government and Parliament will decide how we approach our legislation outside of the EU, how we pursue adequacy with the EU, and how we shape our relationship with the rest of the world.
What I can say is that the government has made a clear commitment to high data protection standards equal to those of the EU, as part of an independent policy on data protection
That reflects the international trend of ever higher standards or privacy protections, and it reflects the strong UK tradition of appreciating the value of data protection laws as an enabler of innovation.
What the ICO can do is help you navigate whatever winds of change may come. As I said earlier, our focus is on protecting individuals by supporting organisations to get their compliance with the law right. Our website provides guidance and tips, and we’ll continue to update it as we become aware of any changes organisations need to make.
And this is a two-way conversation. If there are aspects you need help with that we are not covering, then please get in touch and let us know.
And to those of you who want to get ahead of the curve, and prepare for what is round the corner, I’d say this:
I don’t have a crystal ball. But what I can say with confidence is that accountability is a sail that will never fail you, both domestically and internationally.
Take stock of what data you process, and consider the risks that processing is creating. This is a fundamental part of compliance with the GDPR, and indeed with modern DP laws.
These are data protection concerns writ large, as organisational concerns. If your CEO or chairman isn’t across all the finer detail of how they comply with data protection, they should at least be across the corporate obligations around accountability. When neglected, it is a business risk like any other.
The ICO’s accountability toolkit is the perfect starting point on this.
I’ll close with this: if history has taught us anything, it’s that old maxim that trust is hard won, and easily lost.
Accountability, transparency, and data protection more broadly, are fundamental to the relationship you have with your customers. The law exists to protect people, and to enable you to innovate with people’s trust.
That way the machine doesn’t stop.
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/keynote-at-pdp-s-19th-annual-data-protection-conference/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/keynote-at-pdps-19th-annual-data-protection-conference/">Keynote at PDP’s 19th annual data protection conference</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/keynote-at-pdps-19th-annual-data-protection-conference/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>ICO takes action against company for sending spam emails selling face masks during pandemic</title>
<link>https://www.gigacycle.co.uk/news/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/</link>
<comments>https://www.gigacycle.co.uk/news/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Thu, 08 Oct 2020 10:32:45 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/</guid>
<description><![CDATA[A company that sent spam emails selling face masks during the pandemic has been fined £40,000 by the ICO and issued with an enforcement notice. Studios MG Ltd, a London-based software consultancy, tried to exploit the public health emergency by sending up to 9,000 unlawful marketing...
The post <a href="https://www.gigacycle.co.uk/news/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/">ICO takes action against company for sending spam emails selling face masks during pandemic</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[A company that sent spam emails selling face masks during the pandemic has been fined £40,000 by the ICO and issued with an enforcement notice.
Studios MG Ltd, a London-based software consultancy, tried to exploit the public health emergency by sending up to 9,000 unlawful marketing emails to people without their permission. The emails were sent on 30 April in the midst of the pandemic.
The ICO investigation found that the company was not involved in the business of supplying PPE, but that the director had decided to buy face masks to sell on at a profit.
Andy Curry, ICO Head of Investigations, said:
<blockquote> 
”The ICO has investigated a number of companies during the pandemic with the aim of protecting people from being exploited by unlawful marketing attempts. Nuisance emails are never welcome at any time, but especially when people may be feeling vulnerable or worried and their concerns heightened.
“We pursued this case because the company broke the law and invaded people’s privacy. We will take action where we find systematic flouting of the law and evidence of companies trying to make money from people via nuisance marketing.”</blockquote>
The ICO also found that after it initially contacted Studios MG Ltd, the company deleted a database of key evidence which would have shown the full extent of the volume of emails they had sent. Studios MG Ltd randomly collected a list of contacts from a number of various sources, including the company director’s LinkedIn and email contacts.
In order to prevent the company from breaking the law in the future, the accompanying Enforcement Notice orders the company to stop such activity within 30 days.
The company did not provide any evidence to the ICO that they had permission to contact the people on the list, or any accounts for the period covering the activity. This is unlawful under the Privacy and Electronic Communications Regulations 2003 (PECR).
Members of the public who believe they have been the victim of nuisance texts, calls or emails, should report them to the ICO, get in touch via live chat or call our helpline on 0303 123 1113.
Editors’ notes:
<ol>
<li>The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.</li>
<li>The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.</li>
<li>The Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. There are specific rules on:
<ul>
<li>marketing calls, emails, texts and faxes;</li>
<li>cookies (and similar technologies);</li>
<li>keeping communications services secure;</li>
<li>and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.</li>
</ul>
</li>
<li>The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.</li>
<li>Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.</li>
<li>Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).</li>
<li>To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.</li>
</ol>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/">ICO takes action against company for sending spam emails selling face masks during pandemic</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/ico-takes-action-against-company-for-sending-spam-emails-selling-face-masks-during-pandemic/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Studios MG Limited</title>
<link>https://www.gigacycle.co.uk/news/studios-mg-limited/</link>
<comments>https://www.gigacycle.co.uk/news/studios-mg-limited/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Thu, 08 Oct 2020 10:08:40 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/studios-mg-limited/</guid>
<description><![CDATA[The Information Commissioner has issued an enforcement notice against Studios MG Limited for sending thousands of unlawful marketing emails to people without their permission. Go to Source It discusses an important topic. buy viagra online malaysia Perhaps rather than jumping to erroneous conclusions you should...
The post <a href="https://www.gigacycle.co.uk/news/studios-mg-limited/">Studios MG Limited</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[The Information Commissioner has issued an enforcement notice against Studios MG Limited for sending thousands of unlawful marketing emails to people without their permission. 
 
<a href="http://ico.org.uk/action-weve-taken/enforcement/studios-mg-limited-en/" target="_blank" rel="noopener">Go to Source</a>
 It discusses an important topic. <a href="https://viagra-malaysia.com/buy-viagra-malaysia.html">buy viagra online malaysia</a> Perhaps rather than jumping to erroneous conclusions you should actually read the article and inform yourself.The post <a href="https://www.gigacycle.co.uk/news/studios-mg-limited/">Studios MG Limited</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/studios-mg-limited/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Statement on the outcome of the ICO’s compulsory audit of the Department for Education</title>
<link>https://www.gigacycle.co.uk/news/statement-on-the-outcome-of-the-icos-compulsory-audit-of-the-department-for-education/</link>
<comments>https://www.gigacycle.co.uk/news/statement-on-the-outcome-of-the-icos-compulsory-audit-of-the-department-for-education/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Wed, 07 Oct 2020 10:06:14 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/statement-on-the-outcome-of-the-icos-compulsory-audit-of-the-department-for-education/</guid>
<description><![CDATA[The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education DFE carried out in February 2020. The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the...
The post <a href="https://www.gigacycle.co.uk/news/statement-on-the-outcome-of-the-icos-compulsory-audit-of-the-department-for-education/">Statement on the outcome of the ICO’s compulsory audit of the Department for Education</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education DFE carried out in February 2020.
The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws. A total of 139 recommendations for improvement were found, with over 60% classified as urgent or high priority.
The ICO’s primary responsibility is to ensure compliance with the law and its policy is to work alongside organisations committed to making the necessary changes to improve data protection practice.
Throughout the audit process the DfE engaged with the ICO and showed a willingness to learn from and address the issues identified. The Department accepted all the audit recommendations and is making the necessary changes.
The ICO continues to monitor the DfE, reviewing improvements against pre agreed timescales. Enforcement action will follow if progress falls behind the schedule.
The ICO carried out the compulsory audit following complaints received in 2019 regarding the National Pupil Database.
Notes to editors
<ol>
<li>The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.</li>
<li>The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.</li>
<li>The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.</li>
<li>Section 146 of the DPA2018 gives the Information Commissioner the power to carry out compulsory data protection audits, but the ICO predominantly conducts consensual audits. These audits are completed by the Assurance Department.</li>
<li>To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.</li>
</ol>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/statement-on-the-outcome-of-the-ico-s-compulsory-audit-of-the-department-for-education/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/statement-on-the-outcome-of-the-icos-compulsory-audit-of-the-department-for-education/">Statement on the outcome of the ICO’s compulsory audit of the Department for Education</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/statement-on-the-outcome-of-the-icos-compulsory-audit-of-the-department-for-education/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Blog: the conclusion of the ICO’s investigation into the use of personal data in political campaigning</title>
<link>https://www.gigacycle.co.uk/news/blog-the-conclusion-of-the-icos-investigation-into-the-use-of-personal-data-in-political-campaigning/</link>
<comments>https://www.gigacycle.co.uk/news/blog-the-conclusion-of-the-icos-investigation-into-the-use-of-personal-data-in-political-campaigning/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Tue, 06 Oct 2020 16:30:23 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/blog-the-conclusion-of-the-icos-investigation-into-the-use-of-personal-data-in-political-campaigning/</guid>
<description><![CDATA[06 October 2020 There can be few cases that better illustrate how mainstream data protection has become than the ICO’s investigation into the use of personal data in political campaigning, including by the now defunct Cambridge Analytica. How people’s information was being used became a...
The post <a href="https://www.gigacycle.co.uk/news/blog-the-conclusion-of-the-icos-investigation-into-the-use-of-personal-data-in-political-campaigning/">Blog: the conclusion of the ICO’s investigation into the use of personal data in political campaigning</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[<h3>06 October 2020</h3>
There can be few cases that better illustrate how mainstream data protection has become than the ICO’s investigation into the use of personal data in political campaigning, including by the now defunct Cambridge Analytica.
How people’s information was being used became a dinner table topic, prompting undercover news reports, a TV dramatisation and a Netflix documentary.
Our work, alongside the sustained contribution of journalists, civil society groups, researchers and parliamentarians, drew back the curtain on a world that so many people were affected by, but so few people were aware of.
The information we provided to parliament concludes the main outstanding aspects of an investigation that was one of the most complex ever carried out by a data protection authority.
We analysed an entire ecosystem – data analytic companies, platforms, political parties and data brokers – and then sought to make changes to how people’s personal information was being used. We used our full range of powers, including advice and audits, enforcement and prosecution.
Our action led to fines paid by Vote Leave, Leave.EU, Emma’s Diary and Facebook, the latter given the maximum financial penalty we could levy under the law of the time. Had Cambridge Analytica continued trading, we would also have looked to act against their poor data practices.
Where we found no evidence of illegalities, we shared this openly too.
We have now completed our main remaining lines of enquiry as far as the available evidence took us. This included analysis of materials obtained during the investigation and those seized under warrant.
The investigation is therefore concluding.
The ICO’s investigation shows how a modern regulator should work: tackling complex and contentious topics, approaching an issue with an open mind, taking action and responding where wrongdoing is found, and looking to effect changes to future behaviour.
Our work, alongside that of others, has effected change.
It has led to improvements within the ICO on how we approach digital investigations, and strengthened co-operation between privacy and election oversight structures, and between data protection authorities internationally.
The investigation has had an impact internationally, as other regulators and parliamentarian looked to protect their democratic processes, and technology platforms re-evaluated their role in political advertising.
And it has led to greater awareness among policymakers of the risks of data misuse, and improvements to data handling across the political parties in the UK.
Our investigation has concluded but our work in this area does not end here. We will shortly be publishing reports of our audits of the main political parties. Our work with the main credit reference agencies and major data brokers continues, as does our work with the university sector. We will be updating our guidance on political campaigning later this year.
Society benefits from political parties that want to keep in touch with people, through more informed voting decisions, better engagement with hard-to-reach groups, better awareness of disinformation, and the potential for increased engagement in democratic processes. We’re committed to supporting innovation in campaigning, while ensuring that people’s information is used fairly, transparently and securely.
<table border="0">
<tbody>
<tr>
<td><img decoding="async" id="__mcenew" src="https://www.gigacycle.co.uk/wp-content/uploads/2020/10/elizabeth-denham.jpg" alt="Elizabeth Denham" /></td>
<td>Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.</td>
<td></td>
</tr>
</tbody>
</table>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/blog-the-conclusion-of-the-ico-s-investigation-into-the-use-of-personal-data-in-political-campaigning/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/blog-the-conclusion-of-the-icos-investigation-into-the-use-of-personal-data-in-political-campaigning/">Blog: the conclusion of the ICO’s investigation into the use of personal data in political campaigning</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/blog-the-conclusion-of-the-icos-investigation-into-the-use-of-personal-data-in-political-campaigning/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>ICO launches consultation on draft Statutory guidance</title>
<link>https://www.gigacycle.co.uk/news/ico-launches-consultation-on-draft-statutory-guidance/</link>
<comments>https://www.gigacycle.co.uk/news/ico-launches-consultation-on-draft-statutory-guidance/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Thu, 01 Oct 2020 09:16:52 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/ico-launches-consultation-on-draft-statutory-guidance/</guid>
<description><![CDATA[The Information Commissioner’s Office (ICO) has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK. Supporting the ICO’s primary responsibility of ensuring compliance with the law, the document explains the ICO’s...
The post <a href="https://www.gigacycle.co.uk/news/ico-launches-consultation-on-draft-statutory-guidance/">ICO launches consultation on draft Statutory guidance</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[The Information Commissioner’s Office (ICO) has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK.
Supporting the ICO’s primary responsibility of ensuring compliance with the law, the document explains the ICO’s powers; when it will use them and how it calculates fines.
Designed to ensure the rights and freedoms of individuals are protected, the draft guidance also seeks to provide assurance to business that the ICO will use its powers proportionately and consistently.
Elizabeth Denham, Information Commissioner said:
<blockquote> 
“The primary role of my office is to protect the rights and freedoms of individuals in the digital age, and this draft guidance explains how my office will achieve this.
“It sets out our proportionate approach to regulatory action, yet details the robust action we will take against those that flout the law”.</blockquote>
A requirement of the Data Protection Act 2018, the draft Statutory guidance explains how the ICO will exercise its regulatory functions when issuing: information notices; assessment notices; enforcement notices and penalty notices. It sits alongside the Regulatory action policy (RAP), which details how the ICO regulates the other pieces of legislation it covers. The RAP is currently under review.
The consultation will remain open until 5pm on Thursday 12 November 2020.
Notes to Editors
<ol>
<li>The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. It has its head office in Wilmslow, Cheshire, and regional offices in Edinburgh, Cardiff and Belfast.</li>
<li>The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.</li>
<li>The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.</li>
<li>To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.</li>
</ol>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-launches-consultation-on-draft-statutory-guidance/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/ico-launches-consultation-on-draft-statutory-guidance/">ICO launches consultation on draft Statutory guidance</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/ico-launches-consultation-on-draft-statutory-guidance/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Open letter from UK Information Commissioner Elizabeth Denham to UK organisations</title>
<link>https://www.gigacycle.co.uk/news/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/</link>
<comments>https://www.gigacycle.co.uk/news/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/#respond</comments>
<dc:creator><![CDATA[admin]]></dc:creator>
<pubDate>Thu, 24 Sep 2020 12:04:34 +0000</pubDate>
<category><![CDATA[Information & Guidance]]></category>
<guid isPermaLink="false">https://www.gigacycle.co.uk/news/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/</guid>
<description><![CDATA[Dear data protection and freedom of information colleagues, As organisations continue to adapt to respond to the challenges of COVID-19, I wanted to write to you setting out what continued support you can expect from my Office in the coming months, as we continue to...
The post <a href="https://www.gigacycle.co.uk/news/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/">Open letter from UK Information Commissioner Elizabeth Denham to UK organisations</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></description>
<content:encoded><![CDATA[<h3>Dear data protection and freedom of information colleagues,</h3>
As organisations continue to adapt to respond to the challenges of COVID-19, I wanted to write to you setting out what continued support you can expect from my Office in the coming months, as we continue to adjust our approach to reflect these unprecedented times.
—
Throughout COVID-19, we have been offering practical support on new data protection questions that the pandemic has asked of your organisations. Whether you are a local business or a government department, we have been answering your questions on issues like working from home, collecting customer details for contact tracing and testing staff for coronavirus.
We know how hard you have been working to keep your organisation operating effectively. We know reassuring customers, staff and partners that their information is being looked after has been part of that work. We have been pleased that our timely and pragmatic advice has played a part in that.
We will continue prioritising practical advice that supports you through both the pandemic and recovery period.
We have also continued to provide our advice and support to organisations looking to innovate or do things differently. Good data protection enables innovation, because people’s trust in how you use their personal data plays a role in their overall confidence and support for your services.
In the past few months we have published guidance on how Artificial Intelligence can comply with the law, set out how we will support businesses to better protect children’s data online, and have confirmed our continuing support to innovators through partnership with other regulators. Our Sandbox continues to help organisations using personal data to develop innovative services, from the use of data to support student mental health wellbeing at universities to an airport looking to use facial recognition to replace boarding cards.
Our advice and support focuses firmly on enabling innovation to happen: the days when data protection regulation was seen as a blocker to innovative business have long passed.
We will continue offering this support, with guidance scheduled on data sharing and accountability, and an information hub dedicated to helping SMEs.
That work includes supporting public authorities around their freedom of information responsibilities, where we have recently published our self-assessment FOI toolkit.
—
As a regulator, our primary responsibility is to ensure compliance with the law. That might bring to mind images of ICO investigators chasing data protection rogues, but the reality is that modern regulation uses a wide range of tools.
Our fines and penalties may grab the headlines, but we know that our work alongside organisations, helping you to make changes and improvements to comply with the law, is the most effective way of reducing mistakes and misuse of people’s data. Working alongside organisations is also central to maintaining the availability of ‘everyday FOI’ that is such an important part of democracy,.
Examples of this approach include working with public authorities and supermarkets, so they could share information to support people shielding during Covid-19. Our report into the extraction of data from the mobile phones of victims and witnesses set out expectations of the police that have since been accepted as a sensible and empathetic way forward. And on the access to information side, we have launched our Freedom of Information toolkit for public authorities.
Working with an organisation does not remove our ability to take formal action if needed, and we will always have a role in bringing to task those organisations that wilfully ignore the rules, or fail to take responsibility for their actions. That has not changed, nor has the legal requirement that we consider the operational and financial pressures an organisation is facing before we intervene. Measuring the success of regulation by how many organisations are penalised ignores the commitment and dedication I see every day from organisations that work hard to use personal information responsibly to achieve their goals.
—
I know many of you are focused on economic recovery plans now, and as your organisations recover, my regulatory approach will adjust to take account of increasing operational resilience.
We have updated our regulatory approach document today, informed by what you are telling us about your own capacity. It is another step towards returning to our approach before COVID-19, but with the caveats and exceptions that reflect today’s reality.
What does not change is our pragmatic approach and commitment to supporting your organisation to protect people’s information rights. That has been our approach throughout my time as Information Commissioner, and will continue when my five year term comes to an end in July 2021.
—
I hope that gives you a clear picture of how the Information Commissioner’s Office will continue to support you in the coming months. If you need more information, if you have any questions, or if you simply want help finding the right data protection advice, then get in touch. There are full details on our website, at ico.org.uk/contact-us.
<h3>Kind regards, 
Elizabeth Denham</h3>
<a href="http://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/09/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/" target="_blank" rel="noopener">Go to Source</a>The post <a href="https://www.gigacycle.co.uk/news/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/">Open letter from UK Information Commissioner Elizabeth Denham to UK organisations</a> first appeared on <a href="https://www.gigacycle.co.uk">Gigacycle</a>.]]></content:encoded>
<wfw:commentRss>https://www.gigacycle.co.uk/news/open-letter-from-uk-information-commissioner-elizabeth-denham-to-uk-organisations/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//www.gigacycle.co.uk/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//www.gigacycle.co.uk/feed/

Home · About · News · Docs · Terms