DPC logo

Data protection audit and avice

Homepage About us Your risk Our services News Contact us Call Data Protection Consultancy
The latest news on Data Protection Act breaches, data security risks, forthcoming legislation and requirements:


How we can help

Your organisation could benefit from our expertise in the following broad areas:

  • Audits, health-checks & risk analysis
  • Compliance support
  • Policy-checking & authoring
  • Advice & support
  • Development & training.

Of course, there are other benefits, too:

  • You can breathe a big sigh of relief
  • You may not need to employ your own people to look after data protection
  • There are genuine business benefits in getting your data protection right.

Cold-calling firm fined £90,000 with other firms in the ICO's sights

20 March 2013—Glasgow-based DM Design has been fined £90,000 after making thousands of unwanted sales calls, triggering 2,000 complaints to the ICO and the Telephone Preference Service (TPS). The company consistently failed to check whether individuals had opted out of receiving marketing calls — in clear breach of the law — and responded to just a handful of the complaints received. In one instance an employee refused to remove a complainant’s details from the company’s system and instead threatened to “continue to call at more inconvenient times like Sunday lunchtime”. The fine was issued by the ICO under the Privacy and Electronic Communications Regulations (PECR). 10 further companies are subject to ongoing investigation for cold-calling and sending spam text messages. Read full story...

Sony fined £250,000 for compromising millions of UK gamers’ details

24 January 2013—Sony Computer Entertainment Europe Limited has been fined £250,000 following a serious breach of the Data Protection Act. When the Sony PlayStation Network Platform was hacked in April 2011, the personal information of millions of customers (including their names, addresses, email addresses, dates of birth, account passwords and payment card details) were compromised. An ICO investigation found that the attack could have been prevented if the software had been up-to-date, while technical developments also meant that passwords were not secure.

Compulsory audits are on the cards

13 October 2011—The ICO has said powers are needed to conduct compulsory data protection audits in local government, the health service and the private sector, because the ICO is being blocked from auditing organisations in sectors which are causing concern over their handling of personal information. At present, only central government departments are subject to compulsory data protection audits. Read full story…

Cashier spied on sex attack victim’s bank records

13 September 2011—The ICO has said that custodial sentences need to be available to the courts to stop the unlawful use of personal information. The call came as a bank cashier pleaded guilty to using her position to illegally access the personal details of a sex-attack victim. The cashier’s husband had been convicted of carrying out the attack and was serving time in jail. Sarah Langridge, a former employee of Barclays Bank, claimed she accessed the victim’s accounts and banking records to try to build a picture of the woman who had accused her husband. Mrs Langridge was fined £800, made to pay £400 costs and a £15 victims’ surcharge in a hearing at Brighton Magistrates Court. Read full story…

Customer data thieves made to pay £73,700

10 June 2011—Two former employees of T-Mobile who stole and sold customer data in 2008 have been ordered to pay a total of £73,700 in fines and confiscation costs. T-Mobile had identified an issue and turned the matter over to the ICO to help investigate how names, addresses, telephone numbers and customer contract end dates were being unlawfully passed on to third parties. Read full story...

One year to comply with new cookies law

25 May 2011—Organisations with websites aimed at UK consumers have up to 12 months to ‘get their house in order’ before enforcement of the new EU cookies law begins. The government has revised the Privacy and Electronic Communications Regulations, which come into force in the UK on 26 May, to address new EU requirements. The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers. Read full story...

Former ACS Law boss fined for lax IT security

10 May 2011—The owner of former solicitors firm ACS Law has been served with a £1,000 fine for failing to keep sensitive personal information relating to around 6,000 people secure, but the amount would have been £200,000 if firm was still trading. The ICO said that sensitive personal details of thousands of people were made available for download to a worldwide audience, and the case proves that a company’s failure to keep information secure can have disastrous consequences. As Mr Crossley was a sole trader, it fell on the individual to pay the fine. Read full story...


© Data Protection Consultancy Ltd, 29 Shadwell Lane, Leeds LS17 6DP