The Lords Communications Committee has taken evidence from the Information Commissioner Elizabeth Denham as part of its inquiry into internet regulation. Read more here.
The Department for Digital, Culture, Media and Sport has issued guidance for how the collection and use of personal data would change if the UK leaves the EU with no deal. It says that there would be no immediate change because of the Data Protection Act 2018 which aligns with the GDPR and the EU Withdrawal Act would incorporate the GDPR into UK law to sit alongside it. However, the legal framework governing transfers of personal data from organisations (or subsidiaries) established in the EU to organisations established in the UK would change on exit. As set out below, you would need to take action to ensure EU organisations were able to continue to send you personal data. Read more here.
Digital minister Margot James responded to a question from Labour MP Madeleine Moon on steps being taken to ensure that insurance companies request medical records under the provisions of the Access to Medical Reports Act 1988 instead of Subject Access Requests under the GDPR. Ms James said that if a solicitor is acting on behalf of an insurer and is seeking health information about a prospective customer there are not SARs under the GDPR. She said the ICO is responsible for regulating compliance with data protection legislation and may consider taking action against insurance companies which fail to comply with the relevant legislation. Read more here.
The ICO Deputy Commissioner for Operations James Dipple-Johnson gave a speech to the CBI Cyber Security Business Insight Conference. Among other topics he talked about the ICO’s commitment to making technology the backbone of the organisation. Read the full speech here.