Data Privacy & Cybersecurity

ICO Decision Notice: UWE must disclose construction expenditure

The UK's Information Commissioner's Office (ICO) issued a decision notice against the University of the West of England (UWE). UWE is required to disclose construction expenditure information within 30 days, as the ICO found their refusal to be unlawful under the Environmental Information Regulations (EIR).

Frimley Health NHS Trust FOI Request Upheld

The ICO has upheld a Freedom of Information (FOI) request against Frimley Health NHS Foundation Trust for failing to respond within the statutory 20 working days. The Trust is now required to respond to the complainant within 30 calendar days.

ICO Upholds Lambeth Council's Refusal on Information Request

The ICO has upheld Lambeth Council's refusal of one information request under the Environmental Information Regulations (EIR) 11(2) and 5(2). However, the Council breached EIR 5(2) by failing to respond within 20 working days and EIR 11(2) by not completing an internal review.

ICO Upholds Complaint Against Birmingham City Council for Delayed Planning Information

The UK's Information Commissioner's Office (ICO) has upheld a complaint against Birmingham City Council for failing to provide planning information within the statutory 20-working-day timeframe. The ICO found the council in breach of the Environmental Information Regulations (EIR).

ICO Updates UK GDPR International Transfer Guidance

The UK's Information Commissioner's Office (ICO) has updated its guidance on international personal data transfers under UK GDPR. The revised guidance aims to simplify compliance for businesses by introducing a 'three step test' and clarifying complex areas.

ICO Fines Two Companies £225,000 for Nuisance Marketing

The UK's Information Commissioner's Office (ICO) has fined Allay Claims Ltd and ZMLUK Limited a total of £225,000 for sending millions of unsolicited marketing messages. Allay Claims was fined £120,000 for unlawful text messages, and ZMLUK Limited received a £105,000 fine for unlawful marketing emails.

ICO Investigates Grok AI for Non-Consensual Imagery

The UK's Information Commissioner's Office (ICO) has opened a formal investigation into X Internet Unlimited Company and X.AI LLC regarding their Grok AI system. The investigation will assess compliance with data protection laws concerning the potential generation of non-consensual sexual imagery, including of children.

ICO Reprimands GP Surgery for Excessive Medical Data Disclosure

The UK's Information Commissioner's Office (ICO) has reprimanded Staines Health Group for sending 23 years of a terminally ill patient's medical records directly to an insurer, instead of the requested five years to the patient. The ICO cited a lack of written processes and inadequate training as contributing factors.

ICO Fines MediaLab £247,590 for Children's Privacy Failures

The UK's Information Commissioner's Office (ICO) has fined MediaLab, owner of Imgur, £247,590 for unlawfully processing children's personal data. The investigation found MediaLab failed to implement age checks and obtain parental consent, putting children at risk of exposure to harmful content.

FTC Warns Data Brokers on PADFAA Compliance

The FTC has warned 13 data brokers about their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). The letters remind companies that selling sensitive personal data to foreign adversaries is prohibited and violations could result in civil penalties of up to $53,088 per violation.