Data Protection News Roundup – 11th February 2020

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.



The Labour party has formally reported members of Sir Keir Starmer’s leadership campaign team to the Information Commissioner, accusing them of hacking into the party’s membership database. Sir Keir and his team have said the claims were “utter nonsense”. Read more here.


Who’s getting it wrong?

The details of more than 4,500 people were published on the website of a new Belfast parking app, JustPark. Names, email addresses, mobile numbers, car makes and registrations from across the UK were all made available. JustPark has since amended the glitch and have apologised. Read more here.

A data breach at UK-based recruitment agency, Crew and Concierge Limited, has exposed the personal data of 17,379 people of 50 different nationalities working in the yachting industry. The data breach has now been fixed and the company said it has not seen any evidence that its files have been maliciously accessed. Read more here.

A Telegraph report claims that Facebook knew about a security flaw that let hackers steal personal data from millions of its users almost one year before the crime, yet failed to fix it. Legal documents show that the company was repeatedly warned by its own employees as well as outsiders about a dangerous loophole that eventually led to the massive data breach in September 2018. Read more here.


Other News

Human error caused 90% of cyber data breaches in 2019, according to a CybSafe analysis of data from the ICO. 9/10 of the 2376 cyber-breaches reported to the ICO last year were caused by mistakes made by end-users. This marked an increase from the previous two years, when respectively, 61% and 87% of cyber-breaches were ascribed to user error. Read more here.

A study by pro-privacy browser, Brave, has found that nearly all UK Councils permit at least one company to learn about the behaviour of people visiting their sites, finding that 409 Councils exposed some visitor data to private companies. Read more here.

A BBC investigation has found more than 950 advertising cookies – small text files that track people on the internet – embedded in council benefits pages. Examples of targeted adverts on benefits pages seen by the BBC included high-interest credit cards, Black Friday deals, sports cars with features for disabled people and private funeral care plans. Read more here.

A new study by Kaspersky claims that the majority of businesses in the UK are complacent when it comes to safeguarding customer data. 57% of survey respondents lacked a cybersecurity policy and 59% didn’t have robust endpoint security. Most IT decision makers are aware of these deficiencies, yet they decided not to do much about it. Read more here.

According to the Observer, The Department of Health and Social Care has been selling the medical data of millions of NHS patients to American and other international drugs companies having misled the public into believing the information would be “anonymous”. Senior NHS figures told the Observer that patient data compiled from GP surgeries and hospitals – and then sold for huge sums for research – can routinely be linked back to individual patients’ medical records via their GP surgeries. Read more here.

The ICO, Financial Conduct Authority (FCA) and Financial Services Compensation Scheme (FSCS) have released a joint statement warning FCA-authorised firms and insolvency practitioners to be responsible when dealing with personal data. It says:

“We are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully. This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS. The terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may not be lawful.’

Read more here.


Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.