The ICO, breach reporting under Reg 5A PECR, and muddy (muddier?) waters

- Posted in data protection by
Update: the ICO has simplified its statement (full text of which is at the end of this post), which now reads "The page you requested was removed.". The ICO has announced a "change to regulation Read more

ISPs, telcos, and responding to the ICO's "third party information notices"

- Posted in connectivity by
This blogpost introduces communications providers to the concept of a "third party information notice", a power afforded to the Information Commissioner's Office in the UK. What is a third party Read more

The UK's International Data Transfer Agreement: what it is and what it means for you

- Posted in data protection by
On 21 March 2022, the UK's International Data Transfer Agreement came into force, along with an Addendum. I've written about the International Data Transfer Agreement before and, bluntly, I wasn't Read more

Personal data breach reporting for service outages (such as when your CDN is down)

- Posted in data protection by
(CDN: content delivery network. Such as Akamai.) Even though it is not obviously within the scope of the definition of "personal data breach", guidance from both the UK's regulator and the European Read more

ICO: data sharing code of practice

- Posted in data protection by
The ICO has released its Code of Practice on Data Sharing, under the GDPR / Data Protection Act 2018. For ease of reference, here's the draft version of the Code, on which the ICO consulted. The Code Read more