On Monday 30th October the Data Protection Bill began the Committee Stage in the House of Lords. See the passage of the Bill here. During day one of the Committee Stage, Labour’s Lord Stevenson of Balmacara raised concerns about how the EU Charter of Fundamental Rights omission from the EU withdrawal Bill will affect the Data Protection Bill. He said that all parties agree it is essential that immediately after Brexit, the Government should obtain an adequacy agreement from the Commission so that UK businesses can continue to exchange personal data with EU countries and vice versa. Read more here and here.
Baroness Neville-Rolfe moved to add Amendment 7 to Clause 3: “This Act does not apply to any organisation employing five employees of fewer.” She said this amendment would aid small organisations in the business and charity sectors and for parish councils, whom she fears the Bill imposes disproportionate burdens on. Lord Knight of Weymouth warned that such an amendment opens a huge loophole as there are plenty of digital businesses “that can achieve an awful lot with very few staff”. Discussions moved on to other criterion that could be used to ensure the Amendment only exempted very small organisations. Ultimately, The Baroness withdrew Amendment 7. Read more here.
Who’s getting it wrong?
The ICO has issued an £80,000 fine to Verso Group (UK) Limited, a lead generation provider, for trading people’s personal information without being clear with people about what it was doing with their personal information. This is the first fine issued by the ICO following its wider investigation into the data broking industry. Verso had been gathering personal data from what telephone operators described as surveys, but were in fact lead generation calls. Other practices included buying data from various firms to be packaged up to sell on to companies to use in direct marketing without the correct consent required. ICO Deputy Commissioner James Dipple-Johnstone said “this type of unlawful data trading directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens. Businesses need to understand they don’t own personal data – people do and those people have the right to know what is happening to it and who is likely to be contacting them for marketing”. Read more here.
Heathrow officials are investigating after a USB stick containing confidential data – including the exact route the Queen takes to the airport – was reportedly found in the street. None of the 76 folders on the stick were encrypted or password protected. Read more here.
Almost 700,000 British victims of the Equifax hack are receiving letters offering a free fraud protection service from Equifax but to get it they need to hand over their personal details. Read more here.
This week the ICO launched its dedicated telephone service aimed at helping small organisations prepare for the new data protection laws. The service received its first call within 10 minutes of opening and by the end of the day it had received over 100. Read more here.
The ICO is inviting Data Protection Practitioners to register their interest in attending the Data Protection Practitioner Conference on 9 April 2018. Registration closes on 8 December with places allocated in January. Usually, one place will be offered to each organisation and if accepted, a £50 fee would be required.