winter 2016 information compliance newsletter winter 2016 information compliance newsletter

This is the last information compliance newsletter of 2016. Privacy is the focus of this issue, but there are also updates on FOI, Security, Privacy and Electronic Communications Technology, Records Management and training.

We hope you find this useful. If you'd like to let us know what you think, conduct

privacy in the news privacy in the news

  • TalkTalk given a record £400,000 fine after 2015 data breach. The Information Commissioner noted TalkTalk's 'failure to implement the most basic cyber security measures'. They were using outdated and unsupported software and had no knowledge of the bug affecting the software, or the fix which would have prevented the hack from occurring. The fine relates to their breach of the 7th principle of the Data Protection Act, and a criminal investigation is ongoing. 
  • Tim Turner, an information law blogger, gives advice on how to write a privacy notice.
  • ICO has published a new code of practice on privacy notices. The new code directly addresses the GDPR and shows what information is mandated under the GDPR for inclusion in a privacy notice.
  • A legal challenge has been made against the EU-US Privacy Shield putting into question its suitability as a tool to facilitate data transfer to the US.
  • A reflection on the use of personal data by companies to their own benefit (data capital), without any reciprocal dividend enjoyed by the subjects of that personal data. 
  • A recent ruling by the information rights tribunal suggests that organisations should be prepared to make multiple notifications to the ICO as the investigation into a data breach progresses.
  • A worldwide study of devices connected to the internet (IOT) found that 60% did not properly tell users how their personal data would be used.
  • The majority of US students think the supply of personal information will transform college experience in 10 years.
  • The government's digital minister Matt Hancock has confirmed that the General Data Protection Regulation (GDPR) will come into force in the UK in May 2018.
  •  The new Information Commissioner Elizabeth Denham gave a speech at the annual conference of NADPO. In it she outlined preparations for the GDPR.
  • The Investigatory Powers Bill currently passing through Parliament had its last outstanding issues resolved on 16 November 2016 and is expected to be shortly passed into law. Andrew Cormack from Janet comments on the impact on universities. The Verge comments on what the new legislation will mean.
  • Chartered Institute of Marketing blog about their recent research report 'Whose data is it anyway?'. Their research found that 92% of consumers do not fully understand how organisations are using their personal data. Although the report highlights respondents' significant concerns about data use, it also found that 67% would share more personal information if organisations were more open about how they will use it. UEA needs to take into account both the DPA and Privacy & Electronic Communications Regulations when sending marketing communications. 

Privacy and electronic communications regulations in the news Privacy and electronic communications regulations in the news

  • The Information Rights and Wrongs blog explains why retailers are increasingly keen to provide electronic receipts. An interesting insight into how companies can justify marketing communications under the 'soft opt-in'. This option isn't open to the University as we're not a commercial organisation.

freedom of information in the news freedom of information in the news

  • Outlaw and the Campaign for Freedom of Information comment on the implications of a recent ECHR ruling that denying access to information can breach freedom of expression rights. CFFOI report 'Article 10 [of the European Convention on Human Rights] guarantees the right to freedom of expression, including the right to 'receive and impart information'. Traditionally, this has been interpreted as preventing governments from censoring what one person wanted to communicate to another. However, recent Strasbourg decisions have found that it also includes the right to obtain information from government.     

information security in the news information security in the news

Records management in the news Records management in the news

  • Scotland Yard has lost the case files of thirteen unsolved murders. According to the blog 'Londonlowlife', 'A 2014 memo marked "restricted" stated: "The MPS [Metropolitan Police Service] does not know what information it holds, where is is stored or how to retrieve it". Another found last year: "54% of files were missing".

Training training

Online and face to face training is available for all UEA staff. For those who prefer online training, you can choose from:

Each module takes around 30 minutes to complete, and includes activities to ensure you've mastered the key points.

Face to face training can be booked via CSED, or contact us to find out more about bespoke training for your department.

information compliance news on twitter information compliance news on twitter

Follow ISDTN on Twitter to get this and a lot more daily news of interest covering HE, information security, education, research, and information compliance.