Tag Archives: ICO

Loose Data Affecting Student Career Prospects

Students are not facing the most prosperous times with regards to career prospects but recent data suggests that many are concerned about data they post online affecting their chances of getting a job.

In fact of the 500 students surveyed in a study conducted by ICO, 42% expressed concern that personal data hanging around online may affect whether companies would take them on.

Christopher Graham, Information Commissioner stated “In touch times, young people are clearly less relaxed about privacy, particularly in relation to information that they post online – but many may not know what they can do about it.”

The study revealed that for one reason or another students are failing to take steps to maintain privacy. One in three (33%) of students have not got around to re-directing their post from a previous residence.

A shocking 75% have not checked their credit rating in the past year with 66% admitting they have never checked it.  This leaves them wide open to suspicious credit applications.

The ICO have conducted this survey as part of their 2011 Student Brand Ambassador Campaign. Graham comments “The Student Brand Ambassador campaign is about arming students with the advice they need to protect themselves from obvious dangers such as identity theft and keeping their social lives private.”

At Backup Technology we always look to take on graduates who have extra-curricular interests and who have had fun throughout conducting their studies. However undesirable data encountered online could severely impede students being granted an interview.

ACS Law owner escapes with just £1000 fine following data breach

A law firm which gained notoriety in 2009 and 2010 for sending hundreds of letters to alleged illegal file sharers claiming they owed money for copyright infringement, has been fined by the Information Commissioner’s Office (ICO).

Andrew Crossley, owner of law firm ACS:Law, was hit with the fine following a data breach to the company’s website in September 2010. The site was successfully hacked and the personal details of approximately 6000 people were exposed. People’s names, addresses and credit card details were all obtainable following the hack.
An investigation by the ICO said it found seriously flaws in the firms security systems around it’s IT infrastructure. Christopher Graham speaking on behalf of the ICO said

“Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress. The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”

The law firm ceased trading in February this year. This has meant the fine received by Crossley is a drop in the ocean compared to the £200,000 fine ACS:Law could have received, as he is now a sole trader, the ICO confirmed.

In January this year the firm dropped its cases against the alleged file sharers mainly due to their being a lack of evidence presented to the court, at the time Judge Birss criticising the firm calling the case ‘mind boggling’. Crossley himself released a statement through the court citing criminal attacks and bomb threats as reason for ACS:Law dropping the cases against the accused.

ICO Launches UK Code of Practice on Data Sharing

A new statutory code has been published recently by the ICO. The new release hopes to help businesses and public sector bodies share information appropriately.

The code aims to produce a better understanding of when, where and how personal information should be shared and details how to keep data secure. It will also produce a better relationship between organisations wishing to share their data. Furthermore there will be less chance of breaking the law and consequent enforcement action by the ICO and other regulators.

The ICO’s data sharing code of practice covers both routine in addition to one-off instances of data sharing. The release incudes advice for organisations which wish to share personal information. An example scenario would be when a local authority wishes to share data with a health service.

Such codes of conduct are relevant in such instances as when local authorities wish to share data with health authorities. Furthermore it gives advice on how the data protection act applies to data sharing.

Information commissioner Christopher Graham commented:

“Few would argue that sharing data can play an important role in providing an efficient service to consumers in both the public and private sector. More and more transactions are done online – from shopping and banking to managing tax and health records. People now have an expectation that, where appropriate and necessary, their personal details may be shared. However, this does not mean that companies or public bodies can do this just as they see fit. The public rightly want to remain in control of who is using their information and why, and they need to feel confident that it is being kept safe.”

In a further statement Graham said:
“The code of practice we’ve issued today offers a best practice approach that can be applied in all sectors. It reflects the constructive comments we received during the consultation period, meaning that we can be confident that it not only makes sense on paper but will also work in the real world too. I’d encourage all businesses and public bodies that share personal data to get to grips with the code without delay so they can be sure they are getting it right.”

University of York publishes personal records of 148 students online

The University of York could face legal action following the publication of personal records relating to a number of students. A full investigation to how the details were made available is underway and the Information Commissioners Office (ICO) has also been informed about the leak.

A statement on the University of York website fully details the breach and offers support to those affected. According to the website, this week 148 student records were made available to anyone without the need for any authorisation though a web page off the site itself.

The students effected had their personal information published which included name, date of birth, gender, home and emergency contact – including addresses. Also available were the student’s course details, department, course tutor, year of study and their entrance qualifications.

The university has contacted all those affected, offering a full apology, support and has acknowledged a review of its data management, stating: “We are investigating all procedures and data management systems and will undertake a thorough review of our data security arrangements. Results of this investigation, and recommendations from our Internal Auditors, will be used to make any necessary improvements to how we handle data in the future”.

Following an investigation by the ICO, if it is found to have been in breach of the Data Protection Act 1998, the University could face legal action and fine. Serious breaches of the Act can lead to the ICO handing fines of up to £500,000.

Wolverhampton Data Dump

Wolverhampton City Council has proven its surprisingly complacent approach to disposing of sensitive data, as well as its apparent disregard for the privacy of the inhabitants within the area.

Documents containing medical records, employment statuses and bank details were fly tipped after being disposed around the back of a leisure centre, in a skip! The skip was later stolen and perhaps luckily the documents it contained discarded.

A subsequent investigation by the ICO revealed no surprises then by finding that the council was in breach of the Data Protection Act.

A relatively large understatement was released by the Chief of Operations for Wolverhampton, Simon Entwisle “The breach demonstrated how important it is that staff who handle data have a good understanding of the need to keep it safe at all times.”

It is appalling that data is still treated in such as haphazard way after there have been so many mistakes in the past. Previously for example the records of 25 million people were lost in the post. It is good that the ICO is efficient at recognising such data breaches – but there should be much harsher punishment for those in breach.

However since, Chief Executive Simon Warren has been made to sign a disclosure stating that he will ensure staff are properly trained in the future, in how to dispose of sensitive public data.

“The thought of people’s data being dumped on the street is worrying enough, not to mention what could have happened if it had fallen into the wrong hands. I am pleased that the council has taken the necessary steps to ensure that this type of breach does not happen again.”

ICO warns UK businesses: New EU cookies law must be followed

Monday night saw a warning to all business from the Information Commissioner’s Office that they must “wake up” and take action to a new law, which will be enforced on the 25th May 2011. This law changes the EU’s Privacy and Electronic Communications Directive. The change will require business to obtain website visitors permission to store and retrieve usage information from users’ computers.

A cookie is a piece of text stored on a users computer by their web browser. It is generated by the websites that the user visits and usually stores information that can be users to save user preferences, shopping carts and authentication.

Information Commissioner, Christopher Graham, said:

“While the roll out of this new law will be a challenge, it will have positive benefits as it will give people more choice and control over what, information businesses and other organisations can store on and access from consumers’ own computers.

“The Directive will come into force in less than two months time and businesses and organizations running websites in the UK must wake up to the fact that this is happening. We are proactively working with the government, businesses and the public sector to find a workable solution. We recognize that the internet as we know it today depends on the widespread use of cookies and there are of course legitimate business reasons for using them. So we are clear that these changes must not have a detrimental impact on consumers nor cause an unnecessary burden on UK businesses. One option being considered is to allow consent to the use of cookies to be given via browser settings.

“Once the new regulations are published there will be a major job of education and guidance to be undertaken. In the meantime, both the business community and public sector organizations need to start thinking clearly about how they will meet the requirements of the new Directive.”

The law change is being lead by the Department for Culture, Media and Sport. With Ed Vaizey commenting. “Businesses need to be working to address the way they use cookies. We recognize that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out.”

Justice Minister Lord McNally said:
“A strong and independent Information Commissioner is vital to ensuring our personal data is kept safe, as well as keeping public bodies open to scrutiny. The government recently announced measures to enhance the ICO’s independence even further, by giving it more freedom to make corporate and operation decisions..

“As technology advances it brings new opportunities, but also new ways our data can be misused, which is why we have been gathering evidence on how the current data protection laws are working and considering ideas on how the current data protection regime can be improved.”

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal