A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 1 January 2016
To view any of the Monetary Penalty notices discussed below, please click here.
H3G received a £1,000 fixed penalty notice in October (subsequently reported by the ICO) after the ICO found that the company had breached data breach reporting requirements under PECR to the statutory prescribed timescales on three occassions in July 2015. As a telecommunication provider H3G has compulsory security breach reporting obligations.
H3G reported the three data breach incidents to which the penalty relates, to the ICO in August. The breaches were logged by H3G as follows:
The reports fell outside the 24 hour time limit required for ICO notification and the ICO did not entertain H3G's argument that the delay was as a result of limited resourcing.
The ICO issued a fine of £30,000 to the Telegraph for breaches of the marketing provisions in PECR.
The Telegraph sent "hundreds of thousands of emails on the day of the general election urging readers to vote Conservative." The act constituted a breach of the provisions under the PECR, which prohibits unsolicited communications by email for the purposes of direct marketing. Subscribers had signed up to receive a daily e-bulletin, but the ICO ruled that consent did not cover political campaigning.
BPN was fined £250 for a breach of security under the DPA after it inadvertently disclosed the email addresses of 200 HIV patients through an electronic mailing error. The nature of email addresses meant that the full and partial names of at least 56 people were revealed in the mailing, which should have been sent with the patient names in the 'bcc' field but instead saw the names set out in the 'to' field.
Whilst the findings detailed in the monetary penalty notice described the incident as having a "cumulative impact" which "would clearly pass the threshold of substantial”, the ICO considered mitigating factors when determining the size of the penalty, which included BPN's cooperation with the ICO, its apology to those affected and substantial remedial action taken.
Telecom companies and information service providers currently subject to compulsory breach notification should take note of the fine against H3G. This is also a sign of things to come for all organisations when compulsory breach notification comes in under the GDPR. Organisations should review and ensure their data breach reporting policies and procedures are robust and followed practice.
London - Walbrook
+44 (0)20 7894 6577
Shehana Cameron Perera, Lorraine Ekong, Jade Kowalski, Rhiannon Webster, Ceri Fuller, Khurram Shamsee, Christopher Air, Sophie Devlin
Shehana Cameron Perera, Michael McMillen, Lorraine Ekong
Jade Kowalski, Shehana Cameron Perera, Zoe Lockton, Rhiannon Webster
Aleksandar Dimitrov, Neal Pal
Rhiannon Webster, Charlie Christie
Michael McMillen, Rhiannon Webster, Ben Savery
Ceri Fuller, Khurram Shamsee, Christopher Air, Jade Kowalski, Sophie Devlin
Hans Allnutt, Patrick Hill, Laura Stewart, Lorraine Ekong
Lorraine Ekong, Hans Allnutt
Hans Allnutt, Camilla Elliot
Hans Allnutt, Patrick Hill
Hans Allnutt, Rhiannon Webster, Patrick Hill
Hans Allnutt, Rhiannon Webster