More Data Breaches – More Fines – More Policing Powers for the ICO

UK Data Protection Headlines this month:

  • Dixons Carphone says data breach affected 10 million and not 1.2 million as previously estimated
  • Marketing firm fined £100,000 in UK for making over 75,000 nuisance calls.
  • Reddit confirms data breach
  • ICO’s regulatory action plan goes to government for approval:  
    • The ICO’s intentions for enforcing information law have been put before lawmakers for approval. The Information Commissioner’s Office consulted on a new regulatory action plan earlier this year. The regulatory action plan would apply to the ICO’s activities under a range of legislation, including the GDPR, the UK’s new Data Protection Act and e-Privacy rules.  “This policy sets out a risk-based approach to taking regulatory action against organisations and individuals that have breached the provisions of the data protection,  freedom of information and other legislation,” the ICO said in its revised action plan. “As with earlier versions of the policy it focusses on areas of highest risk and most harm and the principles we apply in exercising our powers.”
  • Butlin’s warns of potential personal data breach
  • Company director disqualified after marketing calls breach. 
    • This case needs to be applauded.  Coventry-based Easyleads Limited was issued with a £260,000 fine by the Information Commissioner’s Office in September 2017, after the regulator found the company responsible for making 16.7 million automated marketing calls without the prior consent of recipients.  Easyleads failed to pay the fine which led the ICO to file for and obtain a court order to wind up the company. The Insolvency Service subsequently investigated and has now announced that the sole director of Easyleads, Shaun Harkin, 48 from Coventry, has accepted a disqualification undertaking that will prevent him from being directly or indirectly involved in the promotion, formation or management of a company for six years from 13th July 2018.
  • Data broking company fined £140,000
  • First UK collective action cases in the pipeline
  • ICO consultation on data sharing code of practice
  • ePrivacy Regulation further delayed.
    • It appears likely that the ePrivacy Regulation will be handed over by the Austrian presidency of the Council to the Romanian presidency with no more than a status update being published before the end of the year.  Progress is then likely to stall before the European Parliament elections in May 2019.  This means that the ePrivacy Regulation is unlikely to take effect before 2020 at the earliest.
  • DMA calls on members to contribute to Brexit debate

To read more click on this link: Newsletter – Sept 18

Courtesy of Mike Bradford
Regulatory Strategies Ltd