Information Commissioner's Office

NEW: Eclipse Digital Solutions and Geutebruck (UK) have joined our Sandbox! The project’s aim is to create an AI driven platform called Visual Intelligence which uses sensory devices to predict and prevent people having falls in NHS sites and care home settings. By minimising falls they intend to reduce injuries and hospital admittances, as well as improve patient outcomes. During their time in the Sandbox, we will provide guidance on data protection themes such as roles and responsibilities, necessity and proportionality, and identifying and mitigating risks. Read more about the project here: https://lnkd.in/e_hHxsqC

NEW: We have worked with the @Financial Conduct Authority on joint research to help shine a light on consumer attitudes towards digital assets and how they interact with these products. https://lnkd.in/eyHJ9vHK Digital assets are uniquely identifiable, cryptographically secured assets, such as crypto assets and non-fungible tokens, that are often underpinned by distributed ledger technology. As digital assets could become increasingly popular in the UK, it's important for us as regulators to understand their benefits and challenges, to help promote innovation and protect the public from financial and data protection harm. Our research with the FCA highlighted: 👉 That many consumers recognise that purchasing digital assets can be high-risk, yet are motivated by the possibility of high-reward. 👉 Consumers often rely on word-of-mouth recommendations for advice prior to purchasing digital assets. 👉 That there is limited understanding of how distributed ledger technology functions and the risks this novel technology could pose to privacy and information rights. 👉 How financial services and data protection regulation provide important guardrails which promotes transparency and improves consumer trust. Read the full research report: https://lnkd.in/eyHJ9vHK As set out in the 2024/25 DRCF workplan, the FCA and ICO will be engaging on this research with interested stakeholders over the coming months: https://lnkd.in/eC9nHRrs We are keen to hear stakeholder views about the published research and regulatory insights. If you are interested in engaging with this work, please get in touch at [email protected]

Children’s personal information requires extra protection and must be handled with great care. NEW: We’ve issued a reprimand to Birmingham Children's Trust Community Interest Company after the personal information of a child was sent in error to a neighbouring family. https://lnkd.in/ghnqbHFB The child protection and review department at Birmingham Children's Trust Community Interest Company, was working with two neighbouring families when the data breach occurred. A child protection plan that contained personal information and criminal allegations was disclosed to the neighbouring family. This incident is an example of what can go wrong if you don’t have appropriate policies or sufficient practical guidance in place to ensure the security of personal information. We also have many resources on the things you need to consider with children’s information 👉 https://lnkd.in/gdUVg82d For advice on sharing information read here 👉 https://lnkd.in/gZptn7Pa

❓Where do I put my organisation's privacy notice when I've got it? The most important thing is that people can see it before they start sharing their personal information. Some ideas for where you could put it: 👉 You can put your privacy notice for customer and suppliers on your website. 👉 When you take enquiries from customers or suppliers by email, you could include a link to your privacy notice in your reply, perhaps as part of your email signature or in your web contact form. 👉 You could put your privacy notice for staff and volunteers in new starter packs, or save it in files they have easy access to. Our new privacy notice generator makes it so easy to get a bespoke privacy notice for your organisation in just 10-15 minutes. Try our new tool and let us know what you think: https://lnkd.in/eFTC3AzB #HereToHelpSMES

🆕 Our latest generative AI call for evidence is live! https://lnkd.in/eXjinMBD Under data protection law, people have rights over their information. When looking at these rights in relation to generative AI, there are four main areas of the lifecycle that apply: • the training data; • data used for fine-tuning; • the outputs of the generative AI model; and • user queries, for example when a data subject enters personal information via a prompt into the model. We want to hear your views on the ways in which developers and deployers can ensure people’s information rights are protected. Your responses will help us develop our final regulatory positions on generative AI which will be reflected in our upcoming AI guidance update. If you have an interest in AI – including developers and users of the technology, civil society groups and other invested public bodies – we want to hear from you!   You can respond to this call for evidence using the survey: https://lnkd.in/e8xYUs-u or by emailing us at [email protected] This fourth call for evidence closes on 10 June. Find out more about the consultation series: https://ico.org.uk/GenAI 

❓ What can we learn from Central YMCA’s BCC data breach? We fined Central YMCA £7,500 for illegally sharing the names of over a 100 people. Central YMCA sent emails intended for those on a HIV support programme to 264 email addresses using CC instead of BCC, revealing the email addresses to all recipients. This is a breach of Article 5(1)(f) and Article 32(1) and (2) of the UK GDPR. ❓ What could they have done differently and what lessons can you take? ✅ They could have avoided this mistake by using a bulk email service instead of the intended BCC option in Outlook. Staff training would have also reduced the risk of human error. 👓 Read more about our action: https://lnkd.in/eAHTBrxk 🔐 We also have guidance on email security as well as information on how to assess whether BCC is appropriate for your mass email: https://lnkd.in/e2uA5927

How you doin'? Could we BE any more depressed that Friends finished over TWENTY years ago? So, with a bit of a PIVOT!, do you remember the one where... 🤖 Chandler uses our Innovation Advice Service for his transponster (that’s not even a word!) / statistical analysis and data reconfiguration work: https://lnkd.in/eKW8WR75 🍼 Phoebe has her brother’s children (as a surrogate) and supports our Children’s code to keep children safe online: https://lnkd.in/ehg6DcgQ 💍 Ross couldn’t BE more embarrassed when he gets married (and divorced) for the third time – perhaps he should keep all the information about all his marriages, and divorces, in a safe place: https://lnkd.in/egfcDmz4 🍕 Joey doesn't share food, but does know all about sharing information in mental health emergencies at work: https://lnkd.in/enaCcrgW 🌧️ Monica’s hair gets all frizzy and big, and is glad that her workplace no longer uses facial recognition software to get into the office: https://lnkd.in/exD4iFTB ☝ Rachel knew they WERE on a break and wanted her personal information deleted: https://lnkd.in/edVZr996

❓What needs to go into my privacy notice to show my customers and suppliers or staff and volunteers how I care for their information? The information you need to provide in your privacy notice includes: 👉 why you’re using people’s personal information; 👉 how long you’ll be keeping it for; and 👉 who you’ll be sharing it with. But our tool will do all that for you. All you have to do is answer a few questions. Use our new privacy notice generator to create a bespoke privacy notice for your small organisation in just 10-15 minutes: https://lnkd.in/eFTC3AzB Don’t forget to let us know what you think by taking the short survey when you’ve used the tool. #HereToHelpSMEs

🍷 Is giving away free wine the only way to get people to read a privacy policy? A BBC report has claimed that it took the public three months to spot an offer for a free bottle of wine hidden in the Tax Policy Associates' privacy policy. A privacy policy is all about being clear, transparent and open with your customers. If you make it easy to understand and digest, your customers are more likely to read it and feel confident in your use of their information. If you're struggling, our Privacy Notice Generator is a good way to start. It's bespoke to your business and it only takes 10-15 minutes: https://lnkd.in/eFTC3AzB Free wine is one way to go about it - but this story has got us thinking - what's the best example of sharing privacy information that you've seen? https://lnkd.in/eJ3___QM

NEW: More organisations than ever are experiencing cyber security breaches and here are the five leading causes... https://lnkd.in/eQDqm8KD We’ve looked over the cyber data breach reports we received and have published the lessons that can be learned from common security mistakes and the five leading causes of cyber security breaches. Our “Learning from mistakes of others report” has simple steps organisations can take to improve your security and avoid future breaches. The five leading causes of cyber security breaches are: 🪝 Phishing – scam emails and messages that trick the recipient into sharing personal information or downloading malware. https://lnkd.in/eJYvh25T 💪 Brute force attacks – criminals use trial and error to guess username and password combinations, or encryption keys. https://lnkd.in/e7MNNd23 🚫 Denial of service – criminals aim to stop the normal functioning of a website or computer network by overloading it. https://lnkd.in/eD9_Enkw ⚠️ Errors – security settings are misconfigured, including being poorly implemented, not maintained and or left on default settings. https://lnkd.in/eSwqjdCk 🔗 Supply chain attacks – products, services, or technology you use are compromised and then used to infiltrate your own systems. https://lnkd.in/eJ2cs424 Read our Learning from mistakes of others report to learn about how to lessen the risks and prevent future cyber breaches https://lnkd.in/ef65A-Qg