Data Protection Act

12 February 2016 at 9:29am
The Article 29 Working Party of European data protection supervisors had hoped to make a full statement on the EU/US Safe Harbor agreement at the end of January. However this has now been postponed, probably until mid-April. The European Court of Justice declared last October that the original Safe Harbor did not guarantee adequate protection when personal data were transferred from Europe to the USA.
29 October 2015 at 4:13pm
The Information Commissioner's Office has published a new article on how they are responding to the European Court's Safe Harbor judgment. The overall message is that data controllers should take stock and not panic. While noting that the judgment does remove some of the former legal certainty, the ICO is "certainly not rushing to use our enforcement powers".
19 October 2015 at 4:56pm
The Article 29 Working Party of European Data Protection supervisors has now published its response to the European Court's ruling that the US-EU Safe Harbor agreement can no longer be relied upon when exporting personal data from the European Economic Area.
14 October 2015 at 1:45pm
The European Court's declaration today that the European Commission's fifteen year old decision on the US Safe Harbor scheme is no longer reliable is another recognition that Data Protection requires continuing assessment, rather than one-off decisions. European regulators have been recommending for years that neither data controllers nor companies to which they export data should rely on Safe Harbor certification alone. The U.K.
27 August 2015 at 4:36pm
The Information Commissioner has published updated and extended guidance on the use of the Data Protection Act's "section 29" exemption, based on cases and wider experience. This exemption is often used to release personal information (such as computer or network logs) to the police or other authorities investigating crimes, so sections 33-52 in particular are worth reading as a refresher. The points I'm most often asked about are:
11 February 2015 at 12:08pm
The undertaking that Google has recently made to the UK Information Commissioner's Office (ICO) provides some idea of the complexity of negotiations that have been going on between the company and various European data protection regulators over the past couple of years.
4 July 2014 at 3:46pm
Andrew Cormack has been asked a few times recently how to decide which data or services it's appropriate to place in the cloud. The answer, rather boringly, is the same as for almost any other security question:
1 July 2014 at 3:25pm
I've been asked a few times recently how to decide which data or services it's appropriate to place in the cloud. The answer, rather boringly, is the same as for almost any other security question:
25 June 2014 at 4:45pm
There's no doubt that some parts of the UK Data Protection Act and the EU Data Protection Directive are badly out of date and need revising. The world they were drafted for in the early 1990s has changed.
11 February 2014 at 8:03pm
Most portable devices – laptops, smartphones and memory sticks – should be encrypted so that the information they contain is protected if the device is lost or stolen. Many countries (including the UK) give their immigration and other authorities legal powers to demand that you decrypt an encrypted device though given the number of laptops that cross borders every day only a tiny minority seem to be subject to such demands.
Subscribe to Data Protection Act