Recent measures include reducing accounting requirements for micro businesses, publishing new procedures which could halve the time for medicines to be reclassified from prescription- only to over-the-counter status and reviewing the Air Travel Organisers’ Licensing scheme to ensure that it provides more effective protection for holidaymakers.
A full list of reforms which came into effect on Saturday is contained in the Fifth Statement of New Regulation .
Data Protection
OUTSOURCING PERSONAL EMPLOYEE DATA COST COUNCIL £250,000 IN PENALTIES
13 September 2012
A Council whose former employees’ pension records were found in an over-filled paper recycle bank in a supermarket car park has been fined £250,000 for the data breach.
Scottish Borders Council employed an outside company to digitise the records, but failed to seek appropriate guarantees on how the personal data would be kept secure. That prompted the Information Commissioner to use his powers under the Data Protection Act to impose a Civil Monetary Penalty of £250,000 on the Council. The Data Protection Act requires that, if you decide to use another organisation to process personal data for you, you remain legally responsible for the security of the data and for protecting the rights of the individuals whose data is being processed. But Scottish Borders Council put no contract in place with the third party processor, sought no guarantees on the technical and organisational security protecting the records and did not make sufficient attempts to monitor how the data was being handled. It is believed more than 600 files were deposited at the recycle bins, containing confidential information and, in a significant number of cases, salary and bank account details. The files were spotted by a member of the public who called police, prompting the recovery of 676 files. A further 172 files deposited on the same day but at a different paper recycling bank are thought to have been destroyed in the recycling process.
Read the full story from the Information Commissioner’s Office (ICO)
For practical advice on this topic, read the ICO's guidance ' Outsourcing: A guide for small and medium-sized businesses '
REMINDER TO BUSINESSES OF DATA PROTECTION RESPONSIBILITIES IF MOVING TO CLOUD COMPUTING
10 October 2012
The Information Commissioner’s Office (ICO) has published guidelines to businesses to underline that companies remain responsible for how personal data is looked after, even if they pass it to cloud network providers. More and more businesses are looking to use cloud computing, with the economies of scale they offer giving access to a range of computer technologies and expertise that would be difficult to afford in-house.
CIPP Policy News Journal
12/04/2013, Page 335 of 362
Made with FlippingBook - Online magazine maker