3 November 2015
A bitter pill: Hard lessons learnt by online pharmacy fined for selling customer data
The Information Commissioner has issued a monetary penalty notice (MPN) of £130,000 to Pharmacy2U, the UK's largest NHS approved online pharmacy, after it sold the details of 21,500 customers to third-parties through an online marketing company. The Commissioner’s enforcement activity to date has focussed predominantly upon data security breaches. This is the first MPN for a breach of the first data protection principle under the Data Protection Act 1998 (DPA) which concerns the fair and lawful processing of data. It provides both a reminder of the importance of the first principle and a lesson to all organisations about clear customer communication and consent.
2 November 2015
Judicial review reform: False assumptions replaced by objective research
Contrary to the Government’s repeated claims, judicial review offers value for money and assists in ensuring clarity and development of the law. Research published on 16 October by the Public Law Project, University of Essex and LSE illustrates that negative assumptions justifying the Government reform of judicial review are simply not borne out by the evidence. The report concludes that such claims are “at best misleading and at worst false”.
21 August 2015
Google Spain redux – removing search engine links to stories about removing search engine links
Following the Court of Justice of the European Union decision in the now notorious “Google Spain” case, Google, and other search engine operators, have set up processes to deal with request by individuals to have URL links removed from search results against the individual’s name. Individuals are entitled to have URL links removed where, in summary, the link has an unwarranted and negative impact on an individual’s privacy – and this is judged by reference to information contained on the website which the link leads to.
20 August 2015
Effective data security: The time to act is now
The recent hacking of the customer details of 2.4 million customers of Carphone Warehouse provides a stark remainder of the risks of data breaches and the importance of effective data security.
13 August 2015
Information law update: Subject access requests and the dilemma for data controllers
The ability of an individual to require a data controller to provide full details of any personal data held about her is one of the central features of the Data Protection Act 19998 (DPA) – it is regarded by the Information Commissioner as a “fundamental right”.
The DPA sets out a number of exemptions to the right of access and the conventional view has been that, unless one of the exemptions is engaged, the data controller simply has to comply with any subject access request