Data Protection News Roundup – 13th August 2019

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.



The Ministry of Justice has announced that there are going to be changes to the Civil Procedure Rules from 1st October regarding privacy and data protection claims. Court Rules dealing with defamation cases (CPR Part 53 and the related pre-action protocol) will be amended such that they will also become applicable to any case that includes a claim for misuse of private information, data protection or harassment by publication. Read more here.


Who’s getting it wrong?

Half a million customers of Monzo, one of the UK’s digital challenger banks, have been advised to change their PINs after they were left in a vulnerable file accessible by the company’s engineers for more than 6 months. Read more here.


Other News

Oyster cardholders have had their online payment accounts hacked and so TfL has temporarily suspended online contactless and Oyster accounts. No customer details have been breached but TfL is taking precautions. Read more here.

The developer behind a 67-acre site in Kings Cross has defended its use of facial recognition technology. They said the tool will be used to “ensure public safety” but the developer has not confirmed how long the technology has been in operation or what the legal basis was for its use. Read more here.

Microsoft has deleted a database of 10 million images which was being used to train facial recognition systems. Read more here.

A security expert contacted dozens of UK and US-based firms to test how they would handle a “right of access” request made in someone else’s name. In each case, he posed as his finance and requested the information they held on her, citing the GDPR. One in four of the companies he contacted responded with her personal information without having carried out proper ID checks, including credit card information, travel details, account logins and passwords, social security number and the results of a criminal activity check. When presenting the results of his test he also said that large companies tended to do well in not revealing information to him, small companies tended to ignore his request altogether but that it was the mid-sized businesses that knew about GDPR, but probably didn’t have proper processes in place that failed and gave him the information. Read more here.

The ICO is consulting on a new framework code of practice for the use of personal data in political campaigning. You can respond to the consultation here.


Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.