Tag Archives: Data Protection Act 1998

Independent Inquiry into Childhood Sexual Abuse fined £200,000 for email data leak

The Information Commissioner’s Office (the ICO) has fined the Independent Inquiry into Childhood Sexual Abuse (IICSA) £200,000 following a data leak on 27 February 2018.  The leak occurred  when a member of staff sent a ’round-robin’ email, but mistakenly used the ‘to’ field instead of the ‘bcc’ field, inadvertently disclosing the email addresses of 90 individuals (known as ‘Participants’) who had anonymously submitted evidence to the inquiry about their childhood sexual abuse.  The security breach was exacerbated because 39 ‘reply to all’ emails were sent by 22 of the recipients.

Read more

Facebook faces record £500,000 fine for Cambridge Analytica data breaches

The Information Commissioner’s Office (‘the ICO’) has published a progress report on its investigation into the “invisible processing” of individuals’ personal data and the “micro-targeting” of political adverts during the EU referendum campaign.  The investigation is principally concerned with the Facebook-Cambridge Analytica scandal in which third party developers used apps (for example, a personality test) to “scrape” users’ personal data and that of their [Facebook] friends.  This was ostensibly done under the guise of academic research, but the demographic information gathered is said to have been used in political campaigns in the UK and overseas. Up to 87 million Facebook users are believed to have been affected, including one million in the UK.

Read more

Court orders Facebook to disclose information behind deletion of deceased person’s Facebook account

In Sabados v Facebook Ireland Ltd (2018; unreported) His Honour Judge Parkes QC (sitting as a Judge of the High Court) ordered Facebook Ireland to disclose information pertaining to a request which it had received (and acted upon) to delete the account of a deceased person.

Read more

Unnamed family members entitled to damages for Home Office immigration data leak

In The Secretary of State for the Home Department & Anor v TLU & Anor [2018] EWCA Civ 2217 the Court of Appeal, was asked to review one aspect of Mr Justice Mitting’s decision in TLT & Ors v The Secretary of State for the Home Department & Anor [2016] EWHC 2217 (QB). The first instance decision (discussed at our blog here) considered a number of important issues relating largely to the assessment of quantum in “data leak” cases, including whether damages for accidental leaks should be assessed in the same way as deliberate privacy breaches (no), whether there was a de minimis principle in such cases (yes) and whether regard had to paid to the objective “rationality” of the level of distress pleaded (yes). However, the appeal (brought by the Defendant Home Office) was restricted to the issue of any liability owed to individuals affected by a data leak, but not specifically named in a leaked electronic document.

Read more

NT1 and NT2 v Google Inc: How to seek the delisting of search engine results following the first English decision on the “right to be forgotten”

The much-anticipated decision in NT 1 & NT 2 v Google LLC [2018] EWHC 799 (QB) was handed down on 13 April 2018.  The joint judgment in two separate claims against Google, is the first time the English courts have had to rule on the application of the ‘right to be forgotten’ principle following the decision in Google Spain SL, Google Inc. v Agencia Espanola de Proteccion de Datos (AEPD) and Mario Costeja Gonzalez (Case C-131/12).

Read more

The misreporting of Max Mosley’s DPA claim against the press

It was reported last month in various newspapers that Max Mosley, the Former Formula One boss, has threatened to issue legal proceedings against The Daily Mail, The Times, The Sun and The Daily Mirror in respect of articles that he claims breach the Data Protection Act 1998 (“DPA”).  He also apparently seeks the destruction of specified personal data retained by the papers.

Read more

Data Breach : Compensation claims for mass data breaches

In January 2014, Andrew Skelton, an apparently disgruntled employee of Morrisons Supermarket posted a file containing the personal data (including salaries, bank details, and National Insurance numbers) of 99,998 Morrisons’ employees on a file-sharing website.  It seems his intention was to cause mass-scale damage to the supermarket.  In March 2014, a CD containing the data was sent to three UK newspapers, one of whom alerted Morrisons.  Chief among the company’s concerns was the possibility of the data being used to aid theft or identity theft from the staff concerned.  They acted quickly to get the file removed from the Internet within a few hours.

Read more

Claims farmer fined for blagging personalised number plate information from DVLA

Miles Savory, the director of Accident Claims Handlers Ltd, has been convicted of breaching the Data Protection Act 1998 following a prosecution brought by the Information Commissioner’s Office (‘ICO’) for unlawfully obtaining the name and address of the owner of personalised number plates that he was seeking to purchase.

Read more

Hackers steal cache of photographs from prestigious London cosmetic surgery

A London cosmetic surgery clinic’s website is the latest victim of a cyber-attack after hackers have threatened to release customer data after breaching its IT systems on 24 October 2017.

Read more

Contact us

Your Name (required)

Your Email (required)

Subject

Your Message