The UK Government has just announced plans to introduce laws from Spring 2017 to hold directors of organisations personally liable for breach of electronic direct marketing laws contained within the Privacy and Electronic Communications Regulations (PECR). The Information Commissioner’s Office (ICO) commented that the new law will stop directors “leaving by the back door as the regulator comes through the front door”. What’s changing? At the moment, only organisations are subject to ICO fines, and some organisations have avoided paying fines by going into liquidation while subject to ICO enforcement action. It has been reported that since April 2015, the ICO has issued twenty-seven fines a
The Information Commissioner’s Office (“ICO”) has issued a code of practice on privacy notices containing valuable guidance on how to comply with the fair processing requirements of the Data Protection Act 1998 (“DPA”) when collecting personal data. The code has been issued following an ICO survey, highlighting that only one in four adults trust organisations with their personal data. Where does the code come from? The DPA gives the ICO the power to issue codes of practice containing good practice guidance on DPA compliance. The latest code is one of several produced by the ICO on areas as diverse as employment practices, privacy impact assessments, CCTV and data sharing. The focus of the
The Freedom of Information (Scotland) Act 2002 (“FOISA”) has been extended to grant-aided schools, independent special schools, private prison contractors, children’s secure accommodation providers and Scottish Health Innovations Limited. The “right to know” can now be exercised against these bodies. Who can FOISA be extended to? The Scottish Ministers can designate a body as a Scottish public authority for FOISA if the body carries out public functions or if it provides services under a contract with a Scottish public authority which are otherwise the authority’s functions. However, the right to know does not apply to all information held by the designated bodies. It only applies to infor
