On September 26, 2013, the UK Information Commissioner’s Office (“ICO”) published new breach notification guidance (the “Guidance”), applicable to telecom operators, Internet service providers (“ISPs”) and other public electronic communications service (“ECS”) providers.
Continue Reading UK ICO Publishes New Breach Notification Guidance for Telecom Operators and ISPs

On September 10, 2013, the UK Information Commissioner’s Office (“ICO”) published new guidance on direct marketing (the “Guidance”). The Guidance explains the application of the two principal legislative instruments that affect direct marketing in the UK: (1) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), which relates specifically to direct marketing; and (2) the Data Protection Act 1998 (the “DPA”), which governs data protection issues generally. The Guidance is not legally binding, but it reflects the ICO’s interpretation of the requirements and indicates how the ICO is likely to enforce them.
Continue Reading UK ICO Publishes New Guidance on Direct Marketing

On August 28, 2013, on the UK Information Commissioner’s Office’s (“ICO’s”) blog, Simon Rice, Technology Group Manager for the ICO, discussed the importance of encryption as a data security measure. He stated that storing any personal information is “inherently risky” but encryption can be a “simple and effective means” to safeguard personal information and reduce the risk of security breaches.
Continue Reading ICO Stresses Importance of Encryption for Data Security

On August 9, 2013 the UK Information Commissioner’s Office (“ICO”) published a new code of practice providing guidance to organizations on how to respond to subject access requests (the “Code”). The Code follows a public consultation on a draft code during 2012 and 2013.
Continue Reading UK ICO Opens Public Consultation on Draft Subject Access Code of Practice

The UK Information Commissioner’s Office has published guidance on the application of Data Protection Act requirements to social networking sites and online forums. The guidance emphasizes that organizations and individuals that process data for business purposes must comply with DPA requirements in their use of social networking sites and online forums just as they would in any other context.
Continue Reading UK ICO Publishes Social Networking and Online Forums Guidance

On May 13, 2013, London Economics published the results of an independent survey commissioned by the UK Information Commissioner’s Office to help understand the challenges that the European Commission’s proposed General Data Protection Regulation may present to UK businesses.
Continue Reading UK ICO Report Highlights Uncertainty on Cost of Data Protection Reform