DPC logo

Data protection audit and avice

Homepage About us Your risk Our services News Contact us Call Data Protection Consultancy
Data Protection Consultancy brings you the latest news on data security risks, requirements and breaches of the law.  

How we can help

Your organisation could benefit from our expertise in the following broad areas:

  • Audits, health-checks & risk analysis
  • Compliance support
  • Policy-checking & authoring
  • Advice & support
  • Development & training.

Of course, there are other benefits, too:

  • You can breathe a big sigh of relief
  • You may not need to employ your own people to look after data protection
  • There are genuine business benefits in getting your data protection right.

This page contains data protection news relevant to everyone. For details on specific sectors, please visit:

Data protection for legal firms Data protection in housing Data protection for health organisations Data protection in the private sector and business
Data protection in education Data protection in finance & banking Data protection and local authorities and councils  

ICO warns about the use of personal equipment for work

The Information Commissioner’s Office (ICO) is warning organisations that they must make sure that their data protection policies reflect how the modern workforce uses personal devices for work. A YouGov survey earlier this year showed that 47% of all UK employees now use their smartphone, tablet PC or other portable device for work purposes, and many organisations are failing to update their data-protection policies to account for this growing trend.

The warning comes after the Royal Veterinary College breached the Data Protection Act when a member of staff lost their camera, which included a memory card containing the passport images of six job applicants. The incident occurred in December last year and the organisation had no guidance in place explaining how personal information stored for work should be looked after on personal devices. Earlier this year, Aberdeen City Council was fined £100,000 when an employee breached council data when using their home PC.

Data Protection Consultancy comments: “If your organisation permits employees to use their own IT equipment at work, it is essential that you have a policy in place to manage this. As a minimum the policy should address the security measures the employee has in place to protect company data on their device. It should also describe the procedures in place to ensure that all data is deleted should the employee leave the company. The policy should take the form of a contract and be signed by all employees who wish to use their own devices for company business.”

MoJ fined £140k for sending details of prison inmates to 3 families

22 October 2013—The Ministry of Justice (MoJ) has been fined £140,000 by the ICO after the details of all prisoners serving at HMP Cardiff were emailed to three of the inmates’ families. An attached spreadsheet contained sensitive information including the names, ethnicity, addresses, sentence length, release dates and coded details of the offences carried out by all of the prison’s 1,182 inmates. The same error was found to have occurred on 2 previous occasions within the previous month, with details sent to different inmates’ families. The ICO found that there was a clear lack of management oversight at the prison and a lack of audit trails. Unencrypted floppy disks were also regularly used to transfer large volumes of data between the prison’s two separate networks. Read full story...

TV cold-calling company fined £225,000 after thousands of nuisance calls

18 June 2013—Two companies at the centre of the BBC’s The Call Centre programme have been fined £225,000, including the first penalty linked to nuisance calls relating to Payment Protection Insurance (PPI). Nationwide Energy Services was fined £125,000 and We Claim You Gain was fined £100,000 — both companies are part of Save Britain Money Ltd, based in Swansea. The companies were responsible for over 2,700 complaints to the Telephone Preference Service (TPS) or reports to the ICO using its online survey. Neither company carried out adequate checks to see whether the people they were calling had registered with the TPS. Read full story...

Bar owner prosecuted over CCTV equipment

2 August 2012—A Lancashire bar owner has been prosecuted for failing to register his premises’ use of CCTV equipment. Mohammed Ali Enayet, owner of The Lime Lounge in Cleveleys, failed to notify with the ICO despite operating CCTV equipment which regularly collected images of people visiting his restaurant. He also ignored three letters from the ICO informing him he needed to register, and failed to attend a hearing. Mr Enayet was fined and ordered to pay prosecution costs by Blackpool Magistrates, and will also pay an additional victim surcharge. Read full story...

Police are 'nicked' for the first time for data offenses

14 March 2012—The ICO has fined Lancashire Constabulary £70,000 after papers containing sensitive information about a 15-year-old girl were found on a street in Blackpool. This is the first penalty the ICO has served to a police force. Read full story...

Too many consumers are denied access to their information

27 January 2012—Too many consumers are being denied the right to access the information that companies or public bodies hold about them, according to the Information Commissioner. he said that complaints about mishandled subject access requests in the last financial year accounted for over a third (38%) of the ICO’s total data protection specific casework. Therefore the ICO has launched an awareness-raising campaign called Access Aware. Read full story...

Handing data protection over to the EU would be disastrous

7 December 2011—The ITPro website suggests that if the UK hands over data-protection duties to the EU, it will scare off future foreign investment. If and when the Data Protection Act goes, it won't just radically alter how information is processed and protected in the UK, and bring even more red tape—it will also have serious, pejorative consequences for the economy, too. Read full story…

Compulsory audits are on the cards

13 October 2011—The ICO has said powers are needed to conduct compulsory data protection audits in local government, the health service and the private sector, because the ICO is being blocked from auditing organisations in sectors which are causing concern over their handling of personal information. At present, only central government departments are subject to compulsory data protection audits. Read full story…

One year to comply with new cookies law

25 May 2011—Organisations with websites aimed at UK consumers have up to 12 months to ‘get their house in order’ before enforcement of the new EU cookies law begins. The government has revised the Privacy and Electronic Communications Regulations, which come into force in the UK on 26 May, to address new EU requirements. The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers. Read full story...


© Data Protection Consultancy Ltd, 29 Shadwell Lane, Leeds LS17 6DP