News...
UK Commissioner clarifies transfers of employee data
The ICO has published guidance to help organisations that provide information about their employees under the Transfer of Undertakings (Protection of Employment) Regulations. TUPE ensures that employees' terms and conditions of employment are preserved when a business or undertaking is transferred to a new employer. In the guidance, the ICO confirms that the Data Protection Act does not prevent the transfer of most employee data, as it is a requirement of law. However, both parties must comply with the Act when handling the information, for example ensuring it is accurate, up-to-date and secure.
Phil Jones, Assistant Commissioner, said, "Organisations should consider their data protection obligations early in the transfer process and only transfer the information required by the new employer. Additionally, if not prevented by insider trading restrictions, employees should be told that their information is going to be passed on". The guidance also states that transfers of personally identifying information before TUPE applies (e.g. at the stage where there are several potential purchasers of a business) are generally not permitted. A copy of the guidance can be downloaded from the ICO website (PDF).
The effect of TUPE and guidance on pre-transfer disclosures is covered in PDP's training course: Data Protection in Employment.
US study into effects of data breach notifications
A study into the thoughts of consumers following notification of a data breach reveals a high level of dissatisfaction. 63% of respondents to the Ponemon Institute's survey said that the letter they received gave them no guidance as to the steps that they should take to protect themselves against further loss as a result of their data going missing. 31% said that they terminated their relationship with the organisation. "Data breach notifications are a failure if individuals do not have a clear understanding of their level of risk, available support, and the steps they need to take to respond to the loss or theft of their personal information", said the study.
70% of data unprotected in testing environments
A survey carried out by UK analyst group Freeform Dynamics has highlighted an area of data privacy that has so far been overlooked by many organisations. The use of personally identifiable data in test and development environments is widespread and presents a clear and present danger to businesses from the 'insider threat'. Separately, IT analyst firm Gartner has published a paper stating that 'organisations should avoid using personal data for test purposes' as it contravenes European Data Protection Law. Download a copy of PDP's Briefing Note (PDF) on using personal data in test and development environments. Further information is available at website.
Report on the surveillance society
The House of Commons Home Affairs Committee has released the results of a public consultation on the growth of surveillance and personal data gathering in the UK. The report finds many benefits in data gathering but says that "the Government should move to curb the drive to collect more personal information and establish larger databases". Richard Thomas, Information Commissioner, said, "I welcome the Home Affairs Committee's call for the Government to adopt the principle of data minimisation and curb unnecessary surveillance. It is essential that positive action is taken to ensure the potential risks of a surveillance society never manifest themselves in this country. I am pleased that the Committee has recognised the work of my Office in raising awareness of the issue and supports our call for the introduction of privacy impact assessments". The report is available to download from the Parliament's website (PDF).
_________________________________________
|
PDP Training Courses
PDP's professional and practical training courses enable delegates to understand the legal requirements in key areas of compliance.
Training staff in data protection
How does your organisation train its staff? Do you have responsibility for that training? Does your organisation include data protection on its induction programme? Do you select staff for different levels of training? Have you received training in how to train staff in data protection?
Attend this unique training session to learn how to go about training your staff in what they need to know. This invaluable session takes place on the following dates:
Manchester Tuesday, 23rd September 2008
London Tuesday, 4th November 2008
For further details, visit the website or call 0845-226 5723.
Handling Subject Access Requests
Participants in this 'Handling Subject Access Requests' Workshop will acquire the knowledge necessary to effectively manage the Subject Access Request process in their organisation and to instigate a process for dealing with such requests.
This Workshop is conducted by Leonie Power of Pinsent Masons, one of the country's leading experts on data protection law.
There will be plenty of opportunity for questions, and delegates are encouraged to bring their queries to the session.
London Wednesday, 25th June 2008
Manchester Thursday, 11th September 2008
Belfast Friday, 17th October 2008
To view more information about the course, or to make a booking please visit the website or call 0845-226 5723.
Data Protection Compliance for Law Firms
This half-day course covers the major data protection issues involved in running a modern law firm. Essential for all law firm office managers, compliance officers and practice managers, this session provides delegates with all the information they need to ensure that the major data protection risks are removed from the practice.
 This unique course is run by Peter Carey, Solicitor and Consultant to Charles Russell. Peter is the author of 'Data Protection - a practical guide to UK and EU law'.
Online booking for the final 2008 date is now available:
London Tuesday, 2nd December 2008
For further details, visit the website or call 0845-226 5723.
______________________________
| |
|
Privacy & Data Protection Journal
Europe's leading and best-selling data privacy journal is dedicated to informing subscribers about topical news items from the world of data protection, privacy and information security.
Published in eight editions per year, Privacy & Data Protection journal is a reliable source of news, practical articles and expert guidance. The Editorial Board comprises the world's leading experts in fields of data protection and privacy.
Privacy & Data Protection is widely regarded as the most practical journal in its field.
Sincerely,
Cindy Frances
Tel: +44 (0)845-226 5723
Privacy & Data Protection / PDP | |
|
|
|
|
Book your place today! |
|
7th Annual Data Protection Compliance Conference
2nd & 3rd October 2008
The Annual Data Protection Compliance Conference brings together the world's leading data protection and privacy experts to provide delegates with a lively 2-day learning and networking event.
The keynote speaker at this annual event is Richard Thomas, the Information Commissioner.
On the first day, the leading data protection experts present talks on the new issues that are coming into focus, and delegates have plenty of opportunity to ask questions.
On the second day, delegates can choose up to two of six practical Workshops which allow them to expand their knowledge of data protection compliance in an interactive environment.
The Workshops are:
Training staff in data protection compliance
Security issues for data protection officers
Monitoring, testing and investigating staff
Creating data protection policies for your organisation
How to conduct a data protection compliance review
Data breaches - what to do when they happen
Last year this event sold out, so early booking is recommended. To book your place, please visit the website.
Workshop leader highlight
 Andrew Dyson will be leading a workshop on Data breaches - what to do when they happen.
It's no longer a question of 'if' but 'when' any organisation will experience a data breach.
Using case studies of recent enforcement actions, as well as the direct experience of the tutor, delegates will work through the practical implications of a breach.
Andrew Dyson is a Partner in the Technology Media and Commerce group at DLA Piper. He advises clients on IT contracts and information law issues, with specialist expertise in data protection and freedom of information. Andrew works closely with significant public and private sector organisations, developing effective strategies for compliance.
Our past Conference delegates say it best:
"I have attended many DP conferences over the years - this is the best! Well done!"
Paul Leadbeater,
Head of Internal Security, GSL UK
"The quality and profile of the speakers was excellent"
Paul Taylor, Information Policy Manager, The Information Tribunal
"As usual, an excellent Conference, speakers, programme and organisation"
Teresa Gudge, Data Protection Officer, Airbus UK
"Thank you for an excellent conference. It was very well put together with plenty of opportunity for questions to be put to the experts present"
Yvonne Freeman, Data Protection Officer, National Federation of Retail Newsagents
"Very good session!"
Jean-Guy Mahaud, European Data Privacy Law Coordinator, Exxon-Mobil
7th Annual Data Protection Compliance Conference
2nd & 3rd October 2008, London, UK
| |
|
