Data Protection News Roundup – 20th November 2018


The Labour MP for Nottingham North, Alex Norris, tabled a question asking if an assessment has been made of the merits of exempting GPs from the regulation that data controllers can no longer charge to process subject access requests. Digital minister Margot James responded that allowing GPs to charge would weaken the rights of patients when the GDPR is designed to give individuals greater protection and control of their data. Read more here.


Who’s getting it wrong?

Following an investigation the ICO has found that the Metropolitan Police Service’s use of the Gangs Matrix led to multiple and serious breaches of data protection laws. The Gangs Matrix is a database that records intelligence related to alleged gang members. Issues found by the ICO included:

  • “An absence, over several years, of effective central governance, oversight or audit of data processed as part of the Gangs Matrix, resulting in risk of damage or distress to those on it.”
  • “Some boroughs operated informal lists of people who had been removed from the Gangs Matrix, meaning that the MPS continued to monitor people even when intelligence had shown that they were no longer active gang members.”

The ICO has issued an enforcement notice and given the MPS six months to make changes. Read more here.

Nearly 6,000 people may have had their data breached after a City of York Council app, One Planet York, was hacked. The council sent a letter to users of the app informing them of the breach but they are not yet sure what the hackers have done with the data. Read more here.

During a five-day attack between 3 and 8 November, hackers stole the personal information and credit card details (including CVV codes) from Vision Direct customers. It is not yet known whether the company had been storing CVV codes against PCI standards or whether the CVV codes were intercepted as customers made transactions. Read more here.

Two men have been jailed for their involvement in the hacking of TalkTalk in 2015 that cost the company £77 million in lost business and also led to death threats being made to the company’s CEO. Read more here.

A medical worker has been suspended from Crosshouse Hospital in Kilmarnock after he inappropriately accessed patient records before contacting some women using the information he took. Read more here.


Other News

The ICO has published the responses from a call for evidence on the age appropriate design code, which gives the design standards it expects providers of online services and apps used by children to meet when they process their data. Read more here.

A consultancy working on behalf of the Dutch Ministry of Justice has published a report claiming that Microsoft Office could be breaking data protection laws after collecting personal data including the content of private emails without informing users. Read more here.

Eight international parliaments have joined together to form a UK-led grand committee which is pressuring Facebook’s Mark Zuckerberg to answer questions in the wake of the data misuse and security scandals attached to his platform and the negative impacts his social network is having on democratic processes. Read more here.

Leave a reply

You must be logged in to post a comment.