Articles about Ico

Cookie Monster

BBC will ‘retain your viewing history’

Last week the BBC launched a mobile app, called BBC+, delivering “customisable content collections” to your phone or tablet. It’s a personalised service which requires an email address. Last year, when the corporation announced its plans for personalised services, it made several data protection promises. Specifically, Phil …
Andrew Orlowski, 25 Jul 2016
Curser icon over a news paper folded

IoT baby monitor style hacks still a threat

Lessons have not been learned from an incident where a Russian website provided links to access baby monitor cameras, according to the UK’s data protection watchdog. The website allowed people to watch footage from insecure cameras around the world, prompting a warning from the Information Commissioner’s Office (ICO) back in …
John Leyden, 19 Jul 2016
Abstract newspaper letters

ICO smacks lying spammers

The Information Commissioner's Office had said that passing off nuisance calls as legitimate market research “will not wash”. Steve Eckersley, the head of enforcement at the ICO, has issued a "stop order" against Bolton-based Change and Save Ltd that lied to claim it was phoning people as part of a lifestyle survey – a …

Data protection, Brexit and campaigners: Privacy policy? Eh?

Were you phoned up by the Leave or Remain Campaigns on your ex-directory telephone number during the Referendum Campaign (probably in breach of PECR)? I was. If so, how did they get my number? How did one of the Campaigns, for example, know who was a Millwall fan so the caller from a Campaign gloated (sorry, I mean …

ICO slapped data blabbers with £2m in fines last year

The Information Commissioner's Office doubled the amount of fines it dished out to organisations in breach of data protection rules last year, issuing £2m in penalties, according to its annual report. The hike in fines was mainly due to changes in the rules on nuisance marketing. For the previous year 2014/15, the commission …
Kat Hall, 28 Jun 2016
data

Brexit and data protection: A period of shock and reflection

BREXIT What price the UK's secession from the European Union? “It's far too soon to tell,” has been the sober and much-repeated line of legal and privacy professionals following the United Kingdom's referendum which voiced public opinion to leave the European Union. Speaking to The Register this morning Andrew Joint, commercial …
Big Ben and Underground sign. Pic: Crown copyright/MoD

Telco bosses' salaries must take heat for cyber attacks, says MPs' TalkTalk enquiry

A Parliamentary inquiry into the TalkTalk hack has said that telco CEOs' salaries should be garnished if their firms' cyber security practices are lacking. The report by the Culture, Media and Sport Committee, titled Cyber Security: Protection of Personal Data Online was initiated last November as “an inquiry into cyber- …
Cartoon of employee asking wky boss makes hium wear suspenders (while pincer through open trapdoor remains poised above his head) illustration by Cartoon resource for Shutterstock

Hey cloud lawyer: Can I take my client list with me?

You spend months or years building up a client list for your employer. You nurture the relationship and build up personal ties with the client. When you leave the employer, naturally the client goes with you. And so does the client list, via a USB stick or Dropbox or your webmail account. If you don’t get all the details before …
Frank Jennings, 20 Jun 2016

Just a quarter of Brits trust businesses with our personal data

The Information Commissioner's Office (ICO) has published a survey into the British public's approach to personal data, showing widespread distrust in others' handling of it. According to the commish himself, Christopher Graham, 2016's issue of annual research shows that "consumers are taking up the fight to protect their own …

Dyfed-Powys Police fined for publicising pervs' particulars

Dyfed-Powys Police in Wales, UK, sent confidential information that could identify convicted sex offenders to a member of the public by accident. Although the leak was minor, Brit watchdog the ICO fined the force £150,000 as it indicated sloppy internal processes. An officer sent an email chain containing the names and …
Team Register, 08 Jun 2016
Error

Trouble originating between chair and keyboard caused most UK breaches

UK data breaches caused by good old human error rose again early this year, accounting for 62 per cent of all data breaches reported to UK data protection watchdogs in the first quarter of 2016. This far outstrips other causes of breaches, such as insecure webpages and hacking, which stands at nine per cent combined. The …
John Leyden, 02 Jun 2016
Her Majesty Queen Elizabeth II, aged 81, of the United Kingdom. Photo taken during a visit in NASA’s Goddard Space Flight Center. Greenbelt, Maryland, USA

Queen's Speech: Ministers, release the spaceplanes!*

Promises on broadband make up the mainstay of a new Digital Bill, first revealed at The Register back in January and formally revealed in the Queen’s Speech today. It’s one of 21 new legislative proposals. The speech reiterated plans to create the right for every household to access high speed broadband. The plans for a …
Team Register, 18 May 2016

Nuisance caller fined a quarter of a million pounds by the ICO

A claims spam company from Blackburn has been fined £250,000 by the Information Commissioner's Office (ICO) after making over 17.5 million nuisance calls. Check Point Claims had harassed people illegally with automated calls encouraging them to claim compensation for job-related hearing loss. The ICO launched its …

Brexit campaign group fined £50k for sending half a million spam texts

Pro-Brexit group Leave.EU has been fined £50,000 for sending up to 500,000 unsolicited text messages urging people to support its campaign, the Information Commissioner’s Office (ICO) said today. The group, registered as Better for the Country Ltd and funded by millionaire UKIP donor Arron Banks, broke the law by not having …
Doctor Nick Riviera

London NHS trust fined £180,000 after second bcc fail on HIV email list

The Information Commissioner's Office (ICO) has handed down a £180,000 fine to an NHS trust in London after it revealed the email addresses of more than 700 users of an HIV information service. The data blunder occurred last year when a sexual health clinic at 56 Dean Street, which is operated as part of Chelsea and …

ICO fines NHS trust £185K for publicly airing personnel files

A health trust that exposed the private details of 6,574 members of staff on its website has been fined £185,000 by UK data privacy watchdogs. Blackpool Teaching Hospitals NHS Foundation Trust inadvertently published workers’ confidential data including their National Insurance number, date of birth, religious beliefs and …
John Leyden, 04 May 2016

Denham new UK Info Com

Canadian Elizabeth Denham has officially been named the new UK Information Commissioner. She will start June 29. As expected, Denham was formally approved by the House of Commons' culture, media and sport select committee yesterday, following her recommendation by Culture Secretary John Whittingdale last month. Officially she …
Kieren McCarthy, 28 Apr 2016
Illustration of a man with a beard reading a tablet

ICO scolds Scots council

West Dunbartonshire Council has been issued with an ICO enforcement notice. It was told to implement training and guidance or face court action following a data breach that led to a child's medical reports being stolen. The council just west of Glasgow has been audited twice in 2013 and advised to improve its data-handling. …
Angry man yelling on phone while reading vintage printer paper report. Photo by SHutterstock

What a difference a year makes: ICO tele-spam fines break £2m barrier

The Information Commissioner's Office (ICO) has issued £2m in fines since a change in the law allowing it to crack down on nuisance marketing, an increase of more than 565 per cent on the preceding 12 months. As the law stands, companies intending to make marketing phone calls without prior permission must first check the …

MoD contractor hacked, 831 members of defence community exposed

Exclusive Up to 831 members of Britain's defence community with high-level security clearances had their personally identifying information stolen when the Ministry of Defence's business networking organisation was hacked, The Register has learned. Although heavily redacted in places, correspondence between the MoD and Niteworks— …
Abbott and Costello dressed as policemen

Kent Police handed domestic abuse victim's data to alleged abuser – a Kent cop

Kent Police has been fined £80k by the Information Commissioner's Office (ICO) after sensitive personal details of a woman who accused her partner of domestic abuse were passed to the suspect, who was a police officer. According to the ICO, the copper's solicitor was handed the entire contents of the complainant’s mobile phone …

UK cops trial £250k drone squadron

Surrey and Sussex Police have received almost £250k of Police Innovation Fund cash to acquire four UAVs as part of the "largest trial of police drones in England and Wales". The forces will augment their existing capability of one Aeryon SkyRanger - operating at Gatwick since 2014 - with four more examples of the Canadian-built …
Lester Haines, 12 Apr 2016

SportPursuit coughs to being hacked. When? What got nicked? They ain't saying

Update Clothes website SportPursuit was hit by hackers over the Easter weekend, potentially losing customers' bank card details. SportPursuit admitted on Sunday that it had "uncovered evidence" of "an attempted data hack" which "may have affected" what it claims were "a limited number" of its customers. The company's statements to …
Woman angrily hangs up phone. Photo via Shutterstock

Glasgow boiler firm in hot water for cold calls, cops £180K fine

A Glasgow-based boiler replacement firm has been fined £180,000 for its prolific and obnoxious nuisance call campaign. FEP Heatcare made 2.6 million unwanted calls, which played a recorded message promoting the company’s products and services. Its activities made it one of Britain’s most complained about nuisance callers. …
John Leyden, 17 Mar 2016

Going on a thin client diet

We may not be in the post-PC age, but we’re definitely in the ‘plus everything else’ era. A gaggle of new mobile devices has gathered to join the PC, and it’s making things more complex for IT administrators. Smart phones were already heavily in the enterprise, and now, tablets are gaining traction too. How can they cut through …
Robin Birtstone, 08 Mar 2016
Laurel and Hardy on the phone

ICO fined cold-call firm £350k – so directors put it into liquidation

A Brighton-based robo-call spam operation has been hit by a record £350,000 fine by data privacy watchdogs. Since the firm has been closed down and entered liquidation, however, even the Information Commissioner admits the fine is unlikely to be paid. Prodial Ltd, a lead generation firm responsible for more than 46 million …
John Leyden, 29 Feb 2016
a coffee cup topped with cappucino foam with a wi-fi symbol sprinkled on top in powdered chocolate

Wi-Fi operators must notify device users of potential data processing

Organisations that provide Wi-Fi services to their staff or customers must notify device users of the potential for their data to be analysed before they begin to process their information, the UK's data protection watchdog has said. Wireless connectivity between Wi-Fi connection points and electronic devices, like mobile …
OUT-LAW.COM, 23 Feb 2016

'Leave' or 'Stay' in the referendum? UK has to implement GDPR either way

Opinion “In” or “out”, the UK has to implement the General Data Protection Regulation (GDPR). This is important given that some organisations might think that a “Leave” vote might change matters with respect to the GDPR compliance (especially as the Cabinet minister responsible for GDPR implementation, John Whittingdale, is a prominent …
hand holdin retro telephone

Telemarketers hit with £70,000 fine for cold-calling pensioners

A nuisance-calling firm from the West Midlands had been hit with a £70,000 fine for making 'frightening' automated calls to pensioners in the wee hours of the morning with sales pitches for burglar alarms. In just one day, according to the ICO, Dudley-based Direct Security Marketing Ltd made nearly 40,000 automated calls, with …

Quotemehappy? No, I'm furious: Insurance site loses customer details

Aviva-owned online-only insurance business Quotemehappy.com has informed customers that there has been a data breach at its website. Quotemehappy announced that it had "recently" lost a "small number" of customers' details, comprising "vehicle registration, email address, mobile number, landline number and address." An email …
Virgin Media content searching on TiVo

Virgin Media spoof email mystery: Customers take to Facebook

Customers of Virgin Media who are increasingly convinced their service provider has been victim of a security breach have formed a Facebook group to share their experiences and push for answers. Virgin Media is firmly denying any breach of its systems but users are equally adamant that the cause of a widespread and ongoing …
John Leyden, 09 Feb 2016
Home Secretary Theresa May introduces draft Investigatory Powers Bill to MPs. Pic credit: Parliament TV

Home Office lost its workers' completed security vetting forms

The Home Office has admitted to The Register that among its data breach incidents last year was one in which security vetting documents disappeared from within secured government premises. Through the Freedom of Information Act, The Register has learned that the Home Office – responsible for the UK's domestic counter- …

ICO says TalkTalk customers need to get themselves a lawyer

A Parliamentary inquiry into the TalkTalk security breach heard the Information Commissioner, Christopher Graham, stress that aggrieved TalkTalk customers should lawyer up. People expecting his office to sort out reparations for them should instead take their complaints directly to the telco, the hearing heard. The "TalkTalk …
Cash on scales. Pic: Images Money, Flickr

ICO: You call that a sentence? Courts need power to hit data thieves harder

Blighty's data watchdog has moaned that the UK's courts needs greater powers to impose penalties on data thieves after a woman was slapped with a £1,000 for flogging 28,000 customer records for £5,000. Sindy Nagra, 42, from Hayes, was issued the fine by Isleworth Crown Court on Friday. She was an admin assistant at a car …
Kat Hall, 11 Jan 2016
hand holdin retro telephone

Watch out, er, 'oven cleaners': ICO plans nuisance call crackdown in 2016

The UK's Information Commissioner's Office is planning a further crackdown against nuisance call companies, with massive fines coming next year for transgressors. The non-departmental, regulatory public body imposed more than a million pound's worth of penalties on those responsible for nuisance calls and text messages in 2015 …
John Leyden, 29 Dec 2015

UK says wider National Insurance number use no longer a no-no

UK government policy towards the wider use of the National Insurance Number (NINo) as a general identifier appears to have changed again. This ever-shifting policy now illustrates that well-known saying “What goes around comes around”. As is well known, the “general identifier” powers in the Data Protection Act (Schedule 1, …

ICO slaps HIV support group with £250 fine following email blunder

An HIV support group responsible for inadvertently revealing patient identities via an email blunder has been slapped with a £250 fine by the Information Commissioner's Office. The Bloomsbury Patient Network sent out a newsletter to 200 patients via email using a list of addresses in the "to" field rather than the "bcc" field …
Kat Hall, 18 Dec 2015
container_ship_hamburg_shutterstock_648

After safe harbour: Navigating data sovereignty

Max Schrems has a lot to answer for. The Austrian is single-handedly responsible for bringing down a key transnational data agreement that has left cloud service providers scrabbling for legal counsel. This is either a good thing, if you’re a privacy activist concerned about intrusive US surveillance policies, or a confusing and …
Danny Bradbury, 17 Dec 2015

JD Wetherspoon: A 'hacker' nicks 650,000 pub-goers' data

Pub chain JD Wetherspoon has confessed to a data breach in which a third party managed to snag the personal data of 650,000 customers, together with some financial data, through a hack on its old website. Some of the pub chain's staffers' personal info was also accessed. A database containing personally identifiable …
hand holdin retro telephone

Nuisance call blocking firms fined £170,000 ... for making nuisance calls

The Information Commissioner's Office has raised a tidy £250,000 this week with two more fines for companies flogging nuisance call-blocking services by, yep, you guessed it, making nuisance calls, after receiving over 1,000 complaints. Poole-based Nuisance Call Blocked Ltd received a fine of £90,000, while Telecom Protection …

'Hypocritical' Europe is just as bad as the USA for data protection

Europe is being hypocritical by derailing the Safe Harbour data protection agreement - because its own protections for citizens against indiscriminate surveillance are worse than the USA’s. That’s the view of one expert on international data protection law at a meeting held by European competition group iComp today. Dr Ian …
Andrew Orlowski, 24 Nov 2015
Week #25 - Pet Peeves SMS by https://www.flickr.com/photos/rwdave/  cc 2.0 attribution noderivs https://creativecommons.org/licenses/by-nd/2.0/

ICO fines PPI claims firm £80,000 over 1.3m spam SMS deluge

The Information Commissioner's Office has served up penalty of £80,000 to a PPI claims company that sent more than 1.3 million spam texts. Brum-based UKMS Money Solutions Limited (UKMS) had bought numbers in bulk from list brokers which it subsequently spammed to encourage people to make compensation claims for mis-sold …

Crimestoppers finally revamps weak crypto. Take your time guys

UK crime tip-off service Crimestoppers has revamped its weak website crypto after months of running a system that relied upon obsolete protocols. Crimestoppers "secure" form was previously insecure – rating an “F” in tests using the industry standard SSL Labs service last month – chiefly because of the site’s use of the SSLv2 …
John Leyden, 20 Nov 2015

Touchnote breach: Wrote a postcard with us? Thieves have your pal's name, address

London-based postcard biz Touchnote has offered more details about a data breach it confessed to on Bonfire Night. In a statement published on its site on 5 November, Touchnote claimed it had the previous day "received information confirming that Touchnote has been victim of criminal activity, resulting in the theft of some of …
European commission photo via Shutterstock

Facebook CTO: Clear legal grounds needed for EU-US data exports

A European Court last month threw data-sharing with the US into a thicket by tearing up the so-called safe harbor agreement. The catalyst for that was Facebook – or, rather Austrian Max Schrems, who’d accused Facebook of illegally analyzing user data, tracking users on third-party pages and participating in the US National …
Gavin Clarke, 06 Nov 2015

UK govt sneaks citizen database aka 'request filters' into proposed internet super-spy law

A secret database of citizens' personal lives and habits isn't explicitly spelled out in the UK's latest surveillance law. No, instead, it's described as a set of "request filters." The term is buried in the draft Investigatory Powers Bill (IPB), which was introduced to Parliament on Wednesday. Turn to page 254 of the 299-page …
Kelly Fiveash, 04 Nov 2015
shutterstock_150125084_police_woman(2)

CPS fined £200k over theft of laptops holding 'sensitive interviews'

The Crown Prosecution Service has been slapped with a £200,000 fine by the Information Commissioner's Office for negligence that led to the theft of laptops containing police interviews regarding violent and sexual cases. The interviews were with 43 victims and witnesses and involved 31 investigations. Some of those related to …
Kat Hall, 04 Nov 2015

Here's how TalkTalk ducked and dived over THAT gigantic hack

Timeline It has been almost two weeks since the "cyber attack" on the TalkTalk website of 21 October, yet the company is yet to tell its customers how their data was compromised. TalkTalk's CEO Dido Harding has yet to offer anything more than a token apology regarding the company's security practices, which allowed more than a million …

UK watchdog offers 'safe harbor' advice on US data transfers

David Smith, deputy information commissioner, said businesses should "take stock" of their data transfer arrangements and review whether they provide adequate protection of personal data, as is required by EU law. Smith's comments follow a ruling by the Court of Justice of the EU (CJEU) earlier this month. The CJEU ruled that …
OUT-LAW.COM, 31 Oct 2015

Brit mobile pay biz reveals historical cyber attacks, gets smacked in the share price

The share price of mobile payments business Optimal Payments has taken a banging after the company confessed it was only just beginning to investigate historical data breaches, following the discovery of its customers' data being trafficked online. The British company said that it had only come to know about the data breaches …