Tag: ICO

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK

Stuart Mitchell

ICO have fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users.  They found that LastPass failed to implement sufficiently robust technical and security measures, which ultimately enabled a hacker to gain unauthorised access to its backup database. There is no evidence that hackers were able to unencrypt customer passwords as these are stored locally on customer devices and not by LastPass.  The incidents occurred in August 2022 when a hacker gained…

Read More

Jointly Prepared Statement from the Information Commissioner’s Office (ICO) and Financial Conduct Authority (FCA) on Targeted Support and Direct Marketing

Stuart Mitchell

Introduction It is important for your customers to receive timely and relevant information to support decisions about their finances, while having their direct marketing preferences and data protection rights respected. This is crucial in order for customers to trust the information they receive, helping them to make informed decisions and pursue their financial goals. Under the framework set out in the FCA’s policy statement (PS25/22), authorised firms would be able to offer a new type of help called ‘targeted support’ and make suggestions to an individual based on them being…

Read More

ICO action secures increased cookie compliance, giving millions stronger control over their personal information online

Stuart Mitchell

The Information Commissioner’s Office (ICO) has provided an update on its action to tackle cookie compliance, which has brought the vast majority of the UK’s most used websites into compliance with rules on the use of advertising cookies.   This has given an estimated 80% of UK internet users over the age of 14 – equating to around 40 million people – greater control over how they are tracked for personalised advertising. Our assessment focused on three key areas of compliance:   Whether non-essential advertising cookies were stored on users’…

Read More

ICO launches consultations for Data (Use and Access) Act 2025 amendments

Stuart Mitchell

In response to the Data (Use and Access) Act 2025 (DUAA) coming into force, the Information Commissioner’s Office (ICO) has launched public consultations to help shape final guidance.   The ICO has produced and is consulting on draft guidance to support organisations in understanding and applying upcoming amendments. These include:  ‘recognised legitimate interest’ which is a new lawful basis, separate from the legitimate interests lawful basis; and  ‘data protection complaints’ which is a new requirement for all organisations to have a process in place for handling data protection complaints.   These guidance…

Read More

ICO release new guidance on disclosing documents to the public

Stuart Mitchell

The ICO have released published new guidance to help organisations disclose documents securely.   Their website states: From public authorities handling Freedom of Information requests to organisations responding to Subject Access Requests, many need to regularly disclose documents containing large amounts of information to the public.   Personal information can be hidden or not immediately visible in documents. If they are not checked properly, it may be disclosed by accident – sometimes with serious consequences.   Our guidance includes practical steps and how-to videos to help organisations understand how to…

Read More