The ICO’s new subject access guidance

The Information Commissioner’s Office has published detailed guidance on how organisations should deal with subject access requests (SARs) “effectively and efficiently”. Ibrahim Hasan looks at the key points. Read more
Slide background
Slide background
Slide background
Slide background
Slide background

  NEWS

Oct 26, 2020

London borough admits some services could be significantly disrupted “for some time” as it reels from cyberattack

Some services provided by Hackney Council may be significantly disrupted for some time as the London borough responds to a cyberattack that has impacted its ‘legacy’ and non-cloud based systems, Mayor Philip Glanville has warned.
Oct 21, 2020

ICO moves to provide clarity in subject access requests on ‘stopping the clock’, manifestly excessive requests, and charges

The Information Commissioner’s Office has published detailed guidance on how organisations should deal with subject access requests (SARs) “effectively and efficiently”.
Oct 07, 2020

Information watchdog strongly criticises Department for Education for failure to prioritise data protection

The Information Commissioner’s Office (ICO) has made 139 recommendations – more than 60% of which are classified as urgent or high priority – to the Department for Education after publishing the outcome of a compulsory audit carried out in February 2020.
Oct 01, 2020

Information Commissioner consults on draft statutory guidance for publication after Brexit

The Information Commissioner's Office (ICO) has launched a public consultation on its draft statutory guidance, which details how it will regulate and enforce data protection legislation in the UK.
Sep 29, 2020

Court finds retention of data obtained under Prevent Strategy when claimant was 11 year old unlawful

The Metropolitan Police’s retention of data on a 16-year-old child (known as II) from the age of 11 was unlawful and a disproportionate interference with his right to private life, a High Court judge has ruled.
Aug 19, 2020

ICO calls for projects on data sharing in public interest as part of “regulatory sandbox”

The Information Commissioner’s Office has called for projects to be submitted that support complex data sharing in the public interest, after re-opening its “regulatory sandbox”.
Aug 11, 2020

Use of facial recognition technology was unlawful but did not contravene article 8 finds Court of Appeal

The Court of Appeal has held that the use of facial recognition technology by the South Wales Police Force (SWP) was unlawful but that its use was proportionate under article 8 of the European Convention on Human Rights (ECHR).
Aug 06, 2020

Council cyber-attack cost estimated at more than £10 million

Redcar and Cleveland Borough Council have said that a cyber-attack that occurred early this year will cost the local authority an estimated £10.144 million.
Jul 27, 2020

Upper Tribunal judge suggests review “long overdue” of appellate mechanisms for Data Protection Act rights

A comprehensive strategic review of the various appellate mechanisms for rights exercisable under the Data Protection Act is “arguably long overdue”, an Upper Tribunal judge has said.
Jul 23, 2020

ICO issues toolkit to help public bodies respond to FOI requests in COVID-19 recovery period

The Information Commissioner’s Office (ICO) has launched an online toolkit to help public authorities respond to Freedom of Information (FOI) requests as organisations prepare to recover from the coronavirus pandemic.

  FEATURES AND ANALYSIS

October 01, 2020

Data protection challenges of remote working

Samantha Smith looks at how organisations can handle the data protection challenges of remote working.
September 09, 2020

Data Protection and FOI/EIR requests – coming out of lockdown

Following the ICO's call for councils to make plans for returning to pre-covid levels of FOI work, Damien Welfare, Estelle Dehon, Isabella Buono and Rowan Clapp look ahead to the time when the regulatory environment returns to normal, and requesters are likely to expect their outstanding requests to be answered quickly.
August 20, 2020

Child, mother, journalist – whose rights win out?

Matthew White analyses the first recorded High Court judgment concerning journalistic access to the court file in public law family proceedings.
August 20, 2020

ICO publishes Artificial Intelligence guidance

The Information Commissioner’s Office (ICO) has published the final version of its guidance on Artificial Intelligence and Data Protection. James Cassidy looks at the key points.
July 23, 2020

Data Protection Officers and conflicts of interest

Samantha Smith examines a recent Belgian case where a data protection officer was found to have had a conflict of interest.
July 16, 2020

Disclosure of staff names in FOI requests

Ibrahim Hasan sets out the key considerations for public authorities when an FOI request calls for the disclosure of staff names.
July 16, 2020

FOIA appeals and enforcement: who has the power?

When the First-tier Tribunal decides an information rights appeal and finds in favour of the requestor, who has the responsibility for enforcing any non-compliance with that judgment? Is it the FTT, or is it the Information Commissioner? Christopher Knight examines an interesting judgment.
June 29, 2020

Private registered providers and the EIRs

The Upper Tribunal has confirmed private registered providers are not subject to the Environmental Information Regulations. Kate Dimes Letters and Andrew Latham look at the key points of the ruling.

  MORE NEWS

Jul 20, 2020

Government admits failure to carry out Data Protection Impact Assessment for ‘Test and Trace’ programme

The Government has admitted, following a legal challenge from a privacy campaigning organisation, that it deployed the COVID-19 'Test and Trace' programme without carrying out a Data Protection Impact Assessment (DPIA) beforehand.
Jul 02, 2020

Council persuades High Court judge to quash judgment in default in data breach claim after papers posted to empty office during lockdown

The High Court has quashed a judgment in default awarded against the London Borough of Tower Hamlets because pandemic restrictions had made it impossible to the council to receive the claim concerned.
May 22, 2020

Data watchdog relaxes regulatory function to prioritise guidance on complying with law during coronavirus public health emergency

The Information Commissioner’s Office (ICO) will stand down audit work, issue fewer fines and generally use fewer formal powers against organisations that are struggling to meet data protection standards as a result of the COVID-19 pandemic.
May 18, 2020

School breached data protection and human rights, unlawfully misused personal information of Down's Syndrome pupil and mother: High Court

A primary school breached the Data Protection Act 1988 and Human Rights Act 1998 and unlawfully misused the personal information of a child with Down’s Syndrome and her mother, the High Court has ruled.
Apr 20, 2020

Judge orders fresh hearing in dispute over disclosure of advice to council on tactics in negotiations with supermarket giant

An Upper Tribunal judge has set aside a decision by a First-tier Tribunal (FTT) that upheld – after a freedom of information request – the withholding of an agent’s advice to a local authority on the tactics it should apply in negotiations with Tesco over a proposed development.
Apr 16, 2020

Information watchdog sets out its regulatory approach during COVID-19

The Information Commissioner's Office has issued a statement setting out its regulatory approach during the coronavirus pandemic, saying it will focus on those areas likely to cause the greatest public harm.
Apr 03, 2020

Tribunal stays information rights cases for 28 days

The First-Tier Tribunal General Regulatory Chamber (Information Rights) has – with immediate effect – stayed for a period of 28 days all proceedings under section 48 of the Data Protection Act 1998, section 162 of the Data Protection Act 2018 and section 57 of the Freedom of Information Act 2000.
Apr 02, 2020

Supreme Court rules on vicarious liability for data breach

The Supreme Court has ruled unanimously that supermarket chain Morrisons was not liable for the actions of employee who published staff salary data.
Mar 23, 2020

LGA issues briefing on Coronavirus Bill, calls for temporary relaxation of FOI and GDPR requirements

The Local Government Association has called for additional powers to be given to local government as it published a briefing on the measures contained in the Coronavirus Bill.
Mar 17, 2020

Town clerk fined for blocking records with intent to prevent disclosure after FOI request

A town clerk has been fined £400 and ordered to pay costs of £1,493 after being prosecuted by the Information Commissioner’s Office for intentionally blocking records with the intent to prevent disclosure.
Mar 17, 2020

Government to consider allowing virtual committee meetings on temporary basis: Jenrick

The government is to consider bringing forward legislation to legislation to allow council committee meetings to be held virtually for a temporary period during the coronavirus outbreak, the Local Government Secretary has said.
Mar 11, 2020

Information watchdog warns of dangers of school photos and wrongful disclosure of personal data

The Information Commissioner’s Office has issued two reprimands, or legal warnings, to schools for wrongly disclosing the personal data of children.
Feb 06, 2020

More than two-thirds of council websites do not adhere to GDPR on consent, investigation finds

A BBC investigation into 400 council websites across the UK has found that more than two-thirds did not appear to ask for the correct form of consent under GDPR.
Jan 30, 2020

University pays out more than £142,000 to affected students after data breach

The University of East Anglia has paid out £142,512 to students after their personal details were mistakenly sent to hundreds by email.
Jan 07, 2020

Council officer ordered to pay £900+ after accessing social care records without authorisation

A former Reablement Officer at Walsall Metropolitan Borough Council has been prosecuted by the Information Commissioner’s Officer for accessing social care records without authorisation.
Dec 18, 2019

Councillor from neighbouring authority fails in bid to obtain legal advice on planning application after Tribunal upholds privilege

The First-tier Tribunal (General Regulatory Chamber) has rejected an appeal lodged against the Information Commissioner by a member of Leeds City Council concerning a planning application for a field adjacent to his ward but in Harrogate Borough Council’s area.
Dec 09, 2019

Former council worker sentenced for unlawfully obtaining personal data

A former social services support officer at Dorset County Council has been prosecuted for accessing social care records without authorisation.
Dec 04, 2019

ICO consults on new draft guidance on Subject Access Requests under GDPR

The Information Commissioner has launched a consultation on new draft guidance for organisations on how to handle Subject Access Requests (SARs) under the GDPR.
Dec 04, 2019

ICO regulatory enforcement lawyer moves to St John’s Buildings

A regulatory enforcement lawyer at the Information Commissioner’s Office, Aaminah Khan, has joined St John’s Buildings.
Dec 02, 2019

Information Commissioner consults on draft guidance for explaining use of AI in decision-making about individuals

The Information Commissioner’s Office has launched a consultation on new draft guidance for organisations using, or thinking about using, artificial intelligence (AI) to support or make decisions about individuals.
Nov 28, 2019

Met Police agrees to delete information after referral of primary school age child under Prevent programme

The Metropolitan Police has agreed to delete information relating to a referral of a primary school age child under the government’s Prevent programme, and other referring authorities have also agreed to correct and delete the relevant records.
Nov 15, 2019

Information watchdog updates guidance for data controllers on protecting ‘special category data’

The ICO has issued updated guidance on special category data, to which data controllers must give extra protection under the GDPR.
Nov 13, 2019

Information watchdog consults on being granted investigation and other powers under POCA

The Information Commissioner has launched a consultation on her office being granted access to investigation and other associated powers under the Proceeds of Crime Act 2002 (POCA).
Nov 01, 2019

Tribunal orders council to disclose instructions sent to QC over motion for ‘call-in’ of planning applications

The First-tier Tribunal has ordered Ryedale District Council to disclose the briefing question it sent to a Queen’s Counsel seeking advice on a motion in which councillors sought for competing retail planning applications to be ‘called in’.
Oct 31, 2019

Information Commissioner issues first ‘Opinion’ under Data Protection Act

The Information Commissioner, Elizabeth Denham, has issued her first Commissioner’s Opinion under the Data Protection Act 2018, setting out her advice and recommendations on the police’s use of ‘live facial recognition’ (LFR).

  MORE FEATURES

June 05, 2020

The public interest test under EIR and FOI: weighting the arguments

A recent decision of the Upper Tribunal, under the Freedom of Information Act 2000 (FOI), provides a useful reminder of what a public authority needs to do when applying the public interest test, writes Ibrahim Hasan.
April 09, 2020

Data breaches and vicarious liability: employers breathe a sigh of relief

In an important judgment, the Supreme Court has ruled that an employer was not vicariously liable for the actions of an employee who stole and then posted payroll details of his colleagues online. Ibrahim Hasan examines the ruling.
April 03, 2020

Coronavirus and Police use of drones

Ibrahim Hasan looks at the significant issues arising out of the police's use of drones during the coronavirus outbreak.
March 26, 2020

Data protection and coronavirus

The Information Commissioner's Office has issued guidance for data controllers on their data protection compliance obligations during the coronavirus outbreak. Euros Jones, Alexander Gorst and Natasha Jordan look at the key points.
January 24, 2020

Legal privilege and the EIRs

A local authority was recently ordered to disclose legally privileged material under the Environmental Information Regulations 2004. Natasha Stay considers the ruling.
November 29, 2019

Facing the future

Rowan Clapp looks at the key points from the Information Commissioner’s opinion on live facial recognition technology, law enforcement and privacy.
November 15, 2019

When is an FOI request not an FOI request?

Susan Wolf sets what organisations should bear in mind when considering whether something is 'business as usual' or an FOI request.
November 08, 2019

Google v CNIL and the Right to be Forgotten

A recent ruling from the Court of Justice of the European Union makes it clear that the ‘Right to be Forgotten’ in the context of Google searches has its limits, writes Ibrahim Hasan.
November 01, 2019

GDPR, class actions and the right to compensation

The Court of Appeal recently overturned a High Court ruling and found that a claimant could serve an out of jurisdiction application against Google as part of a class action. Ibrahim Hasan examines the judgment.
September 13, 2019

Digital duties

Monitoring Officers must ensure good governance over data and social media, writes David Kitson.
September 13, 2019

Brexit and data protection

Damien Welfare sets out what you need to know when it comes to Brexit and data protection.
September 06, 2019

Automated facial recognition, privacy and data protection law

The Divisional Court has found that police use of automated facial recognition was a justified privacy intrusion. Robin Hopkins sets out the key findings in a landmark case.
July 05, 2019

GDPR: one year on

What have we learned from the 12 months that the General Data Protection Regulation has been in force? Ibrahim Hasan reports.
June 28, 2019

GDPR and enforcement notices

Ibrahim Hasan examines the lessons to be learned from the first two GDPR enforcement notices.
Data inspection iStock 000008204804XSmall 146x219
June 07, 2019

Data protection and wider complaints or disputes

Andrew Gallie looks at how issues may arise in practice when data protection is used as part of a wider complaint, and suggests some pointers on how to respond.
Police photo iStockphoto standard 146x219
May 31, 2019

Sharing data and law enforcement

The High Court has issued an important ruling on sharing data for law enforcement purposes. Alessandra Gettins, Hugh Giles and Andrew Latham look at the lessons for police forces and their partner agencies.
Environment 146x219
April 05, 2019

Housing associations and the EIR

Peter Coe and Eeshma Qazi examine whether or not housing associations should comply with the environmental information regulations.
Internet New 47833064 s 146x219
March 28, 2019

Social work spies? (Yes, you over there I’m talking to you…)

Lucy Reed examines the lawfulness of social workers using Facebook and employing other techniques to gather evidence in child protection cases.
Predictive Analytics 77163075 s
March 01, 2019

Predictive analysis – an introduction and considerations

Paul Feild examines the legal and other issues raised by the use by local authorities of predictive analysis, 'Big Data' and machine learning.
Data protection iStock 000011177922XSmall 146X219
January 11, 2019

Making GDPR British

New regulations set out the UK’s post Brexit data protection landscape. Ibrahim Hasan sets out the key points.