Tag: ICO

ICO demands transparency for government outsourcing

parliamentThe Information Commissioner’s Office (ICO) said today that when the government outsources technology it’s often very opaque.

Head of Policy at the ICO Steve Wood said freedom of information laws haven’t always been able to follow the public pound.

“We’re calling on public authorities and contractors to consider transparency from an early stage, before a contract is even signed. And we’re asking whether the government might need to step in to make sure the public can access the information they should be entitled to from big government funded contractors,” he said.

Expenditure on outsourced public services represents half of the £187 billion the government spends on goods and services. Sometimes, the ICO said, it is hard for people to negotiate their way through outsourcing contractors’ deals.

The ICO conducted a survey and 75 percent of people said that private companies acting on behalf of public authorities should be subject to the Freedom of Information Act.


UK makes Google change privacy policy

OgleThe Information Commissioner’s Office (ICO) has made Google sign an undertaking to improve information about how it collects personal data in the UK.
The ICO said that following an investigation it found that Google’s search engine was “too vague” in describing how it used personal data it had collected.
The ICO said Google has signed a formal undertaking to make changes to its privacy policy so that it meets the needs of the UK Data Protection Act.
The ICO worked with other European data protection authorities, it said.
The enforcement officer at the ICO, Steve Eckersley, said: “This investigation has identified some important learning points not only for Google, but also for all organisations operating online, particularly when they seek to combine and use data across services.”
Google will have to make agreed changes by the 30th of June this year, and take even more steps over the next two years.
Google’s undertaking can be found here.


Office warned over data hack

wargames-hackerThe Information Commissioner’s Office (ICO) has warned high street retailer Office after a hacker gained access to over a million customer records.
The ICO said the hacker accessed contact details by cracking open an unencrypted database that was due to be phased out.
The information went undetected and the ICO has had Office sign an undertaking to ensure problems associated with the hack are resolved.
In that undertaking, Office CEO Brian McCluskey said that the firm made no reference to retention of data and didn’t give formal data protection training.  Both these are now being addressed.
The ICO said that there was no suggestion that the breach went further and no bank details were stored.


Human error causes most data breaches

Detail showing fleeing Persians (King Darius centre) from an AncA request to the Information Commissioner’s Office (ICO) under the Freedom of Information Act has revealed that most data breaches are caused by human error.

Egress Software made the FOI request and the ICO revealed that only seven percent of breaches in the first three months of this year were because of technical glitches.

That means the fast majority were down to human error and carelessness by people.  And fines levied because of technical errors amounted to zero, while the ICO levied £5.1 million for companies that made the mistakes.

The data breaches are across many different sectors. The public sector showed healthcare organisations are top of the disgrace league, followed by local government and educational organisations.

The private sector also showed a rise in data breaches with the financial industry, the housing sector, telecoms and recruitment all showing big rises.

Tony Pepper, CEO of encryption company Egress Software, said: “It is concerning that such a high number of data breaches occur as a result of human error and poor processes. Confusion can often put confidential data at risk, with users unsure of when and how to encrypt.”

Facebook falls foul of ICO

George OrwellYesterday Facebook announced the results of a psychological experiment into human behaviour to find if Facebook could alter the emotional state of its users and prompt them to post either more positive or negative content.

It was all fairly tame stuff, but it did raise the eyebrows of the UK Information Commissioner’s Office (ICO).

It is concerned that Facebook might have broken data protection laws when it allowed researchers to conduct a psychological experiment on 700,000 unwitting users in 2012 users of the social network.

The ICO monitors how personal data is used and has the power to force organizations to change their policies and levy fines of up to £500,000 pounds ($839,500).

Facebook said that it could do what it liked with the 700,000 because they had signed an terms of use agreement when they joined.  Of course they had not read it, but they had signed it.
It is not clear what part of UK data protection laws Facebook might have broken, but it does seem that if there is not a clause which says you cannot submit the personal data of your customers to scientific experimentation, there should be.

Private eyes nicked for stealing data

Clink Prison MuseumTwo private detectives that routinely extracted personal information from organisations and individuals have been found guilty of breaching the Data Protection Art.

Barry Spencer (41) and Adrian Stanton (40) ran a company called ICU Investigations Ltd, based in Feltham. The company as an individual entity was also found guilty of breaking the law.

Five other people had already pleaded guilty – Robert Sparling (38), Joel Jones (43), Michael Sparling (41), Neil Sturton (43) and Lee Humphreys (41). Sentencing will take place on the 24th of January next year.

The court heard that the company worked on behalf of a number of clients including Allianz, Leeds Building Society and Dee Valley Water to trick GPs, TV Licensing, and utility companies for the purpose of debt collection.

There were nearly separate offences committed between the 1st of April 2009 and the 12th of May 2010. There was no evidence that the company’s clients were aware information was being illegally obtained.

The offence carries a fine – up to £5,000 in a magistrates court or an unlimited amount in a Crown Court.  The Information Commissioners Office, which instigated the investigation, is pressing for more stringent sentences including prison.

Information Commissioner Christopher Graham said: “The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that. I spoke with the Home Secretary, Teresa May, on this matter earlier this week to urge her to introduce more effective sentences for these kinds of offences, and she has agreed to meet me to discuss the matter. That conversation needs to result in action.”

There is provision for prison for the offences as part of the Criminal Justice and Immigration Act 2008, but those measures haven’t yet been implemented.