ICO enforcement notices
Published 1 February 2016
What does this cover?
To view any of the enforcement notices discussed below, please click here.
The Alzheimer’s Society (ASoc) – On 7 January 2016 the ICO reported on enforcement action taken against the charity ASoc for numerous breaches of data protection protocol with regards to the staff handling of sensitive personal data.
In a press release, the ICO reported that "volunteers were using personal email addresses to receive and share information about people who used the charity, storing unencrypted data on their home computers and failing to keep paper records locked away."
The ICO have further reported that 300,000 email addresses and personal details comprising birth dates, home addresses and contact numbers, were put at risk when ASoc's website was hacked in 2015.
The ICO identified to ASoc in 2014 its areas of concern but after a more recent investigation the ICO remain concerned that much more still needs to be done to address the issues.
ASoc are now required to comply with the recommendations under the enforcement notice otherwise the charity may face prosecution.
The Mint Condition Media Ltd t/a Hot Leads Factory (HLF) - on 29 January the ICO reported on an enforcement notice taken against HLF. The action was prompted by HLF's failure to respond to a subject access request despite being required to do so under section 7 of the DPA.
Martyn F Arthur Forensic Accountant Ltd (M F Arthur) – on 29 January the ICO reported on an enforcement notice taken against M F Arthur for its failure to respond to a subject access request despite its obligations to respond under section 7 of the DPA.
What action could be taken to manage risks that may arise from this development?
Organisations companies should take note that:
(i) staff training; and
(ii) responses to subject access requests
remain an area of priority and enforcement, and should therefore ensure policies and procedures in place are fit for purpose.