Category Archives: DPA

Data Protection

How to send sensitive bulk emails

Chelsea and Westminster Hospital NHS Foundation Trust has been fined £180,000 after revealing the email addresses of more than 700 users of an HIV service. This was a classic case of putting all the email addresses of a large circulation … Continue reading

Posted in DPA | Leave a comment

Royal Free NHS Trust and Google UK

The murky world of Information Governance in the NHS has been further stirred by the story of the arrangements between the Royal Free Trust and Google UK. The BBC and others have reported a “data-sharing agreement” between the two. Google … Continue reading

Posted in DPA | Leave a comment

NHS Email Armageddon 2016

All intelligent people understand that email and the personal inbox is not a good place to store and manage corporate information. Many organisations will have formal policies which forbid, frown on, or discourage such practices. A small subset of those … Continue reading

Posted in DPA | Leave a comment

The appeal of Alzheimers

On 5th January 2016 the Information Commissioner (“ICO”) served an Enforcement Notice (“EN”) on the Alzheimer’s Society under s40 of the Data Protection Act 1998 (“the Act”). The background is set out in the EN and need not be repeated … Continue reading

Posted in DPA | Leave a comment

Do Children Have Rights (Part 2)

How far can we rely on Information Commissioner’s Office (ICO) Guidance? I recently commented on the issue of schools internally publicising the performance of pupils. But what about publishing to the world? The concerns expressed below may be more serious … Continue reading

Posted in DPA | Leave a comment

Do schoolchildren have rights?

My eye was caught recently by this article on the BBC News channel. It seems some, no doubt well-meaning,* Head thought it a good idea to create what was in effect a league table of pupils’ ability by displaying their … Continue reading

Posted in DPA | Tagged , | Leave a comment

Volunteers and Data Protection

The Information Commissioner recently published a report  following a series of visits to Victims’ Services Alliance Organisations. These are typically charities but the report is also aimed at non-charitable volutary organisations. One issue touched is the question of identifying who … Continue reading

Posted in DPA, FOI | Leave a comment

Defamation, Data Protection and Journalism

It has for some time been recognised that, with changes to the law of defamation, there might be increasing use of an alternative cause of action under section 13 of the Data Protection Act 1998 (“DPA”). This is not perhaps … Continue reading

Posted in DPA | Leave a comment

Images as Personal data

One of the less obvious consequences of the Ryneš decision which I discussed in a recent post is what it says about the nature of images. At paragraphs 21-22 of the judgement: The term ‘personal data’ …  covers, according to the definition … Continue reading

Posted in DPA | Leave a comment

Video Surveillance and the domestic purposes exemption

The recent EU case of Ryneš (http://tinyurl.com/mhs6btl ) raises some interesting issues for users of CCTV systems on domestic premises. The decision of the court is quite clear. If the CCTV is set up so as to also record people … Continue reading

Posted in DPA | Leave a comment