Data Protection News Roundup – 20th August 2019

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.


Who’s getting it wrong?

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company, Suprema, used by the UK Metropolitan police, defence contractors and banks. Read more here.

Highly sensitive personal data, including banking details of more than 1,600 Natwest customers, has been left in a former employee’s home for more than a decade because the bank has been unable to reach an agreement on the safe return of the information. Read more here.


Other News

Manchester City has been considering introducing facial recognition technology allowing fans to get into the Etihad Stadium more quickly by showing their faces instead of showing tickets.  However civil rights campaigners says this move would risk normalising a mass surveillance tool. Read more here.

According to a report from Risk Based Security the number of data breaches reported and records exposed both increased by more than 50% during the first half of 2019 compared to the same period in 2018. Read more here.

Commenting on the use of live facial recognition technology in King’s Cross Elizabeth Denham has released a statement in which she says:

“Scanning people’s faces as they lawfully go about their daily lives, in order to identify them, is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding.

I remain deeply concerned about the growing use of facial recognition technology in public spaces, not only by law enforcement agencies but also increasingly by the private sector. My office and the judiciary are both independently considering the legal issues and whether the current framework has kept pace with emerging technologies and people’s expectations about how their most sensitive personal data is used.”

Read the full statement here.

Based on its conversations with town and parish councils the ICO has identified their top three GDPR compliance challenges which are: (1) holding personal data on personal devices and use of non-council email addresses by councillors, (2) the retention of data ‘just in case’ and (3) knowing the proper procedures for sharing data. Read more here.


Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.