This is the last information compliance newsletter of 2015. See below for a round-up of recent Data Protection,Freedom of Information and Copyright news, as well as updates on security and training links.
We hope you find this useful. If you'd like to let us know what you think, contact firstname.lastname@example.org
- The ICO gave schools advice on use of Dropbox following Safe Habour being declared invalid. [BBC] This also applies to UEA where Dropbox is being used for University business.
- A researcher set out to find out what happens when you ask to see your own personal data in CCTV footage.[Guardian]
- Talk Talk claimed they didn't breach the DPA, following data theft.[Guardian]
- Microsoft is fighting a court case against the DoJ who are asking it to disclose the contents of emails held on a Dublin server. Here they are arguing for a modernisation of the law.[The Register]
- The CPS were fined £200,000 by the ICO after laptops containing videos of police interviews were stolen from a flat. This case shows the care that must be taken when contracting third parties for processing personal data.
- The ICO has fined a company for selling details of their customers to marketing companies in contravention of first data protection principle.
- The University student newspaper, Concrete, draws on the result of an FOIA request in an article about school funding
- UEA students protest the University's investment in fossil fuel companies based on information obtained by FOIA requests
- From the local press, another case for the defence of the FOIA, and a list of 40 things you would not have known without it
- As well as journalists, students use FOIA to investigate their institutions [Guardian]
- The government's green paper on university reforms points towards removing universities from the FOIA [Guardian]
- MP Chris Grayling thinks journalists misuse FOIA to generate stories. The Guardian attempts to prove him wrong - 103 times
- A lengthy but interesting read on another of the PACE trial FOI requests. Some confirmation that we can't apply the 'future publication' exemption retrospectively, and that for the personal data exemption to apply someone else other than the data subject themselves needs to be able to identify the data subject
- Following the suggestion that universities may be removed from the FOIA, an argument supporting the case that they should stay [THE]
- A BBC Panorama programme on how hackers go about stealing your personal data
- BBC article on 6 things companies can do to improve security
- ICO data incident trends report for Q1 2015. It describes the sorts of Principle 7 incidents which have come to their attention by: self-reports, media, whistle-blowers, and data subjects. The health sector reported the most incidents, and the most common problem is loss of paperwork. It is a reminder that good security practices must be applied to both paper documents as well as computer systems