Personal data privacy risks
41 items
2 sources
Reputational and privacy risks associated with increased use of personal data for content personalisation.
Cross-Source Insight
Personal data privacy risks has been flagged across 2 independent accountability sources:
30 inquiry recs
11 PFD reports
This issue has been identified by multiple independent accountability bodies, suggesting it is a recurring systemic concern.
Inquiry Recommendations (30)
DM-10 — Custodial sentences for data protection offences
Recommendation: Given the potential seriousness of such offences, it is recommended that the Government take an early opportunity to amend the Data Protection Act 2018 to provide for sentences of imprisonment for offenders.
Gov response: The Data Protection Act 2018 has already, however, strengthened criminal sanctions. The offence of unlawfully obtaining data was widened to include the unlawful retention of data. The maximum penalty for a person convicted of that …
Not Accepted
L48 — Section 32 DPA Amendment
Recommendation: The exemption in section 32 of the Data Protection Act 1998 should be amended so as to make it available only where: (a) the processing of data is necessary for publication, rather than simply being in fact undertaken with a …
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L49 — Narrow Section 32 Exemption Scope
Recommendation: The exemption in section 32 of the Data Protection Act 1998 should be narrowed in scope, so that it no longer allows, by itself, for exemption from: (a) the requirement of the first data protection principle to process personal data …
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L51 — Repeal Procedural Provisions
Recommendation: The procedural provisions of the Data Protection Act 1998 with special application to journalism in: (a) section 32(4) and (5) (b) sections 44 to 46 inclusive should be repealed.
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L52 — ICO Balance of Public Interest
Recommendation: In conjunction with the repeal of those procedural provisions, consideration should be given to the desirability of including in the Data Protection Act 1998 a provision to the effect that, in considering the exercise of any powers in relation to …
Gov response: The Prime Minister stated on 29 November 2012 that data protection proposals required careful consideration. The Data Protection Act 2018 included some provisions implementing Leveson recommendations on data protection and journalism. Source: https://www.gov.uk/government/speeches/david-cameron-statement-in-response-to-the-leveson-inquiry-report
Accepted in Part
L53 — ICO Regard for Regulatory Membership
Recommendation: Specific provision should be made to the effect that, in considering the exercise of any of its powers in relation to the media or other publishers, the Information Commissioner's Office must have regard to the application to a data controller …
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L54 — Bring into Force Section 55 Penalties
Recommendation: The necessary steps should be taken to bring into force the amendments made to section 55 of the Data Protection Act 1998 by section 77 of the Criminal Justice and Immigration Act 2008 (increase of sentence maxima) to the extent …
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L55 — ICO Prosecution Powers Extension
Recommendation: The prosecution powers of the Information Commissioner should be extended to include any offence which also constitutes a breach of the data protection principles.
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L56 — ICO Consult with CPS
Recommendation: A new duty should be introduced (whether formal or informal) for the Information Commissioner's Office to consult with the Crown Prosecution Service in relation to the exercise of its powers to undertake criminal proceedings.
Gov response: The Prime Minister stated on 29 November 2012 that data protection proposals required careful consideration. The Data Protection Act 2018 included some provisions implementing Leveson recommendations on data protection and journalism. Source: https://www.gov.uk/government/speeches/david-cameron-statement-in-response-to-the-leveson-inquiry-report
Accepted in Part
L57 — Reconstitute ICO as Commission
Recommendation: The opportunity should be taken to consider amending the Data Protection Act 1998 formally to reconstitute the Information Commissioner's Office as an Information Commission, led by a Board of Commissioners with suitable expertise drawn from the worlds of regulation, public …
Gov response: The Prime Minister stated on 29 November 2012: "I am instinctively concerned about this proposal. There is a real danger of this recommendation being used to curb freedom of the press. We need to consider …
Not Accepted
L58 — ICO Policy on Press Regulation
Recommendation: The Information Commissioner's Office should take immediate steps to prepare, adopt and publish a policy on the exercise of its formal regulatory functions in order to ensure that the press complies with the legal requirements of the data protection regime.
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L59 — ICO Good Practice Guidelines
Recommendation: In discharge of its functions and duties to promote good practice in areas of public concern, the Information Commissioner's Office should take immediate steps, in consultation with the industry, to prepare and issue comprehensive good practice guidelines and advice on …
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L60 — ICO Public Guidance
Recommendation: The Information Commissioner's Office should take steps to prepare and issue guidance to the public on their individual rights in relation to the obtaining and use by the press of their personal data, and how to exercise those rights.
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L61 — ICO Advice for Data Subjects
Recommendation: In particular, the Information Commissioner's Office should take immediate steps to publish advice aimed at individuals (data subjects) concerned that their data have or may have been processed by the press unlawfully or otherwise than in accordance with good practice.
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L62 — ICO Annual Report on Press
Recommendation: The Information Commissioner's Office, in the Annual Report to Parliament which it is required to make by virtue of section 52(1) of the Act, should include regular updates on the effectiveness of the foregoing measures, and on the culture, practices …
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L63 — ICO Adopt DPP Guidelines
Recommendation: The Information Commissioner's Office should immediately adopt the Guidelines for Prosecutors on assessing the public interest in cases affecting the media, issued by the Director of Public Prosecutions in September 2012.
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L64 — ICO Engage with Metropolitan Police
Recommendation: The Information Commissioner's Office should take immediate steps to engage with the Metropolitan Police on the preparation of a long-term strategy in relation to alleged media crime with a view to ensuring that the Office is well placed to fulfil …
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L65 — ICO Specialist Knowledge Review
Recommendation: The Information Commissioner's Office should take the opportunity to review the availability to it of specialist legal and practical knowledge of the application of the data protection regime to the press, and to any extent necessary address it.
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L66 — ICO Organisation Review
Recommendation: The Information Commissioner's Office should take the opportunity to review its organisation and decision-making processes to ensure that large-scale issues, with both strategic and operational dimensions (including the relationship between the culture, practices and ethics of the press in relation …
Gov response: The Prime Minister did not specifically address ICO operational recommendations in his 29 November 2012 statement. The Data Protection Act 2018 (Section 124) required the ICO to produce a data protection and journalism code of …
Accepted in Part
L67 — Sentencing Guidelines for Data Offences
Recommendation: On the basis that the provisions of s77-78 of the Criminal Justice and Immigration Act 2008 are brought into effect, so that increased sentencing powers are available for breaches of s55 of the Data Protection Act 1998, the Secretary of …
Gov response: This recommendation was not implemented. The government did not formally respond to civil justice recommendations in the Prime Minister's statement of 29 November 2012. Section 40 of the Crime and Courts Act 2013, which would …
Not Accepted
L68 — PACE Amendments Consideration
Recommendation: The Home Office should consider and, if necessary, consult upon: (a) whether paragraph 2(b) of Schedule 1 to the Police and Criminal Evidence Act 1984 (PACE) should be repealed; (b) whether PACE should be amended to provide a definition of …
Gov response: This recommendation was not implemented. The government did not formally respond to civil justice recommendations in the Prime Minister's statement of 29 November 2012. Section 40 of the Crime and Courts Act 2013, which would …
Not Accepted
L69 — Review of Damages for Media Torts
Recommendation: There should be a review of damages generally available for breach of data protection, privacy, breach of confidence or any other media-related torts, to ensure proportionate compensation including for non-pecuniary loss (all referable to the duration, extent and gravity of …
Gov response: Court awards for privacy and data protection breaches have increased through case law since Leveson (notably Gulati v MGN 2015). However, the formal review of damages that Leveson recommended was not conducted. No specific government …
Accepted in Part
L70 — Civil Justice Council Damages Review
Recommendation: The Civil Justice Council should consider the level of damages in privacy, breach of confidence and data protection cases, being prepared to take evidence (from the Information Commissioner, the media and others) and thereafter to make recommendations on the appropriate …
Gov response: This recommendation was not implemented. The government did not formally respond to civil justice recommendations in the Prime Minister's statement of 29 November 2012. Section 40 of the Crime and Courts Act 2013, which would …
Not Accepted
L71 — Aggravated and Exemplary Damages
Recommendation: The Report of the Law Commission on Aggravated, Exemplary and Restitutionary Damages should be adopted in relation to its recommendations that legislation should provide that: (a) aggravated damages should only be awarded to compensate for mental distress and should have …
Gov response: This recommendation was not implemented. The government did not formally respond to civil justice recommendations in the Prime Minister's statement of 29 November 2012. Section 40 of the Crime and Courts Act 2013, which would …
Not Accepted
L72 — Exemplary Damages for Media Torts
Recommendation: Exemplary damages (whether so described or renamed as punitive damages) should be available for actions for breach of privacy, breach of confidence and similar media torts, as well as for libel and slander. The application to a defendant of any …
Gov response: Sections 34-42 of the Crime and Courts Act 2013 were commenced on 3 November 2015, providing for exemplary damages against publishers not belonging to a recognised regulatory body. However, the practical effect is limited because …
Accepted
L73 — Civil Procedure Rules on Costs
Recommendation: The Civil Procedure Rules should be amended to require the court, when considering the appropriate order for costs at the conclusion of proceedings, to take into account the availability of an arbitral system set up by an independent regulator itself …
Gov response: This recommendation was not implemented. The government did not formally respond to civil justice recommendations in the Prime Minister's statement of 29 November 2012. Section 40 of the Crime and Courts Act 2013, which would …
Not Accepted
L74 — Qualified One Way Costs Shifting
Recommendation: In the absence of the provision of an approved mechanism for dispute resolution, available through an independent regulator without cost to the complainant, together with an adjustment to the Civil Procedure Rules to require or permit the court take account …
Gov response: This recommendation was not implemented. The government did not formally respond to civil justice recommendations in the Prime Minister's statement of 29 November 2012. Section 40 of the Crime and Courts Act 2013, which would …
Not Accepted
L78 — PNC Access Auditing
Recommendation: The Police Service should re-examine the rigour of the auditing process and the frequency of the conduct of audits in relation to access to the Police National Computer (PNC). Additional consideration should also be given to the number of people …
Gov response: The Prime Minister stated on 29 November 2012: "Lord Justice Leveson makes a number of recommendations that are designed to break the perception of an excessively cosy relationship between the press and the police and …
Accepted
F244 — Common information practices shared data and electronic records
Recommendation: There is a need for all to accept common information practices, and to feed performance information into shared databases for monitoring purposes. The following principles should be applied in considering the introduction of electronic patient information systems: Patients need to …
Gov response: The government published "Hard Truths: the Journey to Putting Patients First" (Cm 8777) on 19 November 2013, responding to all 290 recommendations of the Francis Report. This followed an initial response "Patients First and Foremost" …
Accepted
TAYL-F39 — Clubs maintain computer records of ticket purchasers' names and addresses
Recommendation: Clubs should consider maintaining a record on computer of ticket sales before the day of the match, for season tickets and tickets for all-ticket matches for seated areas, containing the names and addresses of those purchasing tickets.
Unknown
PFD Reports (11)
Callum Wong
Concerns: Exceptions to patient confidentiality in mental health cases should be considered when informing third parties could provide crucial non-medical support.
Overdue
Donna Constantine
Concerns: Police encouraging vulnerable individuals to use unmonitored work mobile phones creates risks due to a lack of off-duty response, clear escalation procedures, and proper audit trails for communication.
Overdue
Angela Frost
Concerns: The Trust lacks formal guidance for seeking second psychiatric opinions and consultants demonstrate poor understanding of confidentiality when communicating with family members regarding patient care and risk planning.
Responded
Rebecca Henry
Concerns: Strict patient confidentiality rules frequently impede crucial communication between medical staff and relatives of mental health patients, potentially preventing timely interventions and explanations that could save lives.
Responded
Sam Grant
Concerns: Lack of early intervention mental health support for young people not meeting CAMHS thresholds, coupled with poor information sharing between health agencies and the removal of medically qualified staff in schools, hindered comprehensive care.
Overdue
Lindsey Bailey
Concerns: Despite the patient's consent and capacity, there was a significant failure to share relevant information with her parents, potentially hindering her treatment and care.
Responded
Joseph Dune
Concerns: Significant breaches in Information Governance allow clinicians to alter patient records under incorrect logins, making these critical changes invisible to treating clinicians and compromising data integrity.
Overdue
Chentoori Chanthirakumar
Concerns: Communication failures, including an email rather than a face-to-face meeting about academic re-take, and mental health staff misinterpreting confidentiality, prevented effective support for a distressed student.
Overdue
Alun Sheppard
Concerns: The Health Board struggles to balance patient confidentiality with the crucial need for familial support to optimize recovery, potentially hindering patient well-being.
Responded
William Dowling & Victoria Rose
Concerns: There's no national system allowing doctors to proactively share concerns about a patient's ongoing suitability for a firearms license, with patient confidentiality potentially overriding public safety.
Overdue
Roshan Abbas Ladak-Ebrahim
Concerns: Inadequate guidance on assessing self-harm risk, confusion regarding safeguarding responsibilities, and insufficient patient consultation when prescribing high-risk medication contributed to safety concerns.
Response: The Department of Health reports that NHS England has published a new Consensus Statement on Information Sharing, providing clear advice on sharing information for individuals at risk of self-harm. They …
Pending