Archive for Legislation

Scale of Police Computer Misuse Uncovered

A Freedom of Information (FoI) request made by think tank Parliament Street has revealed that 237 serving officers and members of staff have been disciplined for computer misuse in the last two financial years.

Sackings and Resignations

The FOI request, which was responded to by 23 forces also revealed that 6 employees resigned and 11 were sacked over failures in adhering to IT best practices e.g. for disclosing personal information.

Took Photos of Screen and Shared

In Hertfordshire, two incidents out of 16 disciplinary cases involved employees taking photographs of the screen of a (confidential) police computer system and sharing those photos via social media.

Most Cases

The most individual computer misuse incidents were recorded by Surrey Police with 50. Second in the misuse ranking was the Metropolitan police where 18 people were disciplined (4 were accused of misusing social media) and one staff member was sacked for misusing the Crime Reporting Information System.

Greater Manchester Police managed to take the third position in the incidents rankings with 17 for misuse of force systems.

Other Incidents

Other incidents uncovered by the FoI request included 3 officers getting sacked from Gwent Police (for researching the crime database for a named person, disclosing confidential information, and for unlawful access to information) and 3 getting sacked form Wiltshire Police force for using the police databases without lawful access to the information. Also, one member of Nottinghamshire Police was disciplined for using the police computer system to search for information about a civil dispute they were involved in.

Case In July

These incidents were reminiscent of the case from July this year whereby a serving Metropolitan police officer was given 150 hours of community service and ordered to pay £540 after pleading guilty to crimes under the UK’s Computer Misuse Act, which included using a police database to monitor a criminal investigation into his own conduct.

What Does This Mean For Your Business?

We all must adhere to data protection laws (GDPR) and best practices to ensure that company computer systems are used responsibly and legally.  The irony of the information uncovered with the FoI request is that hundreds of those persons who are entrusted to uphold and enforce the law appear to be prepared to risk their jobs, break the law and betray public trust.  The fact that hundreds of police have been caught (there may be many more who haven’t) misusing police systems which contain large amounts of sensitive personal data raises serious questions about privacy and security.

This may indicate that police forces need to offer more education and training to employees about data protection and the correct (and legal) use of police computer systems as well as tightening up on monitoring, access control and validation/authorisation.

BBC Puts News On ‘Dark Web Browser’ To Avoid Censorship

The BBC has announced that it is making its International news website available via the ‘Tor’ browser (usually associated with the ‘dark web’), in order to get around censorship in other countries.

Blocking by Some Countries

The BBC is concerned that countries including China, Iran and Vietnam have tried to block access to its website or programmes in the past.

With this in mind, and with the BBC wanting to compete in the world broadcasting market and widen its audience, as well as wanting to maintain and extend the perception of its World Service as a trusted news source, the BBC has turned to the Tor browser as a way of stopping states from blocking/censoring its content.

Why Tor?

The ‘Tor’ browser, an acronym for ‘The Onion Router’ because of its many layers of encryption, is most well known as the browser that’s used to access the dark web. In these days of worries about privacy and the prying eyes of and rules imposed by states and their agencies, plus worries about cybercriminals and fraudsters, end-to-end encrypted communications channels have become more valuable and more widely available.

The Tor browser, which came out of a US Naval Research Laboratory (and which is partly funded by the US State Department) can hide a user’s location and identity due to its routing process through multiple node encryption points. Tor can, therefore, be used to browse the web (and dark web) anonymously, and to host hidden websites (with a .onion suffix).

International Edition On Tor

The BBC plans, therefore, to host a version of its international news website within Tor thereby evading restrictions imposed by others states and protecting the identity and quite possibly the safety of any viewers of that news who reside within a state where the BBC news online faces restrictions.

This version of the BBC’s international news website will not feature the BBC iPlayer service but will include foreign language services e.g. BBC Arabic, Persian and Russian.

Soft Power

The BBC’s World Service has been described by many as being part of the UK’s ‘soft power’ i.e. part of the UK’s ability to portray a certain image of itself overseas and to influence the thinking and action of others using the power of attraction as opposed to the power of coercion and threats.

What Does This Mean For Your Business?

In western democracies and capitalist countries where certain freedoms of consumption are seen as good and necessary to maintain the market-based system, there is an interest in wishing to promote these values and beliefs around the world. This can lead to the widening of markets for goods, services and lifestyles as people in less open countries see them online or television, and this can be good news for businesses who are able to export.  Stable, open countries, with good diplomatic and trading relationships and freedom for communications, are good news for businesses who want to export or set up operations in those countries to gain access to bigger markets.

Sates that are seen to perhaps be more oppressive and authoritarian and which use censorship to maintain a certain power balance and message/perception of the outside world are likely to fear news reports and views which conflict with their own.  The BBC has found itself to be a global market media player as well as a national broadcaster with UK state interests and this, coupled with wider use of encrypted message and  web services have turned a browser that once had a dubious reputation (by association with the dark web) into a handy tool for accessing for expanding the corporation’s, the UK’s, and the democratised West’s reach into untapped market areas.  The hope would be that this would benefit the interests of all, including those citizens of censored states that are able to access a ‘trusted’ external news source for the first time in years.

Businesses Not Prepared For IR35 Tax Reforms

A poll by recruitment firm Hays appears to show a lack of awareness about preparedness for next year’s new IR35 tax reforms for medium-to-larger private sector organisations.

What Is IR35?

The IR35 tax reform legislation, set to be introduced in April 2020 is designed to stop tax avoidance from ‘disguised employment’, which occurs when self-employed contractors set up their own limited company to pay themselves through dividends (which are not subject to National Insurance).  IR35 will essentially mean that, from April 2020, medium-to-larger private sector organisations could become responsible for determining the tax status of any non-permanent contractors and freelancers their organisation hires. Also, the tax liability will transfer from the contractor to the fee-paying party i.e. the recruiter or the company that directly engages the contractor.

The idea for the introduction of the legislation dates back to 1999 with Chancellor Gordon Brown and Chancellor Philip Hammond introduced IR35 for public bodies using contractors from April 2017.

Not Ready

The Poll by Hays, involving the views of 31,598 UK-based individual employees and employers showed that only 43% of respondents in organisations to which the new legislation would apply said they have begun preparations, and one fifth said they have not.

A study by the Association of Professional Staffing Companies (APSCo) in the summer also showed that only 39% of agencies polled believed that most of their business clients were even aware of the incoming changes and that only 12% thought that their clients are actively preparing for IR35.

Concerns

The main worries expressed about the introduction of IR35 by the 24% who were aware of its imminent introduction are that it could bring more costs and responsibility (68%) and could mean that they lose key talent from their organisation because of its introduction (56%).

Many organisations also fear the complexity and potential administrative burden of IR35.

Man Wins £240,000 In IR35 Appeal

IR35 was first introduced in the public sector, and there was news this week that a former Department for Work and Pensions (DWP) worker (from 2010 to 2015), Richard Alcock, won a £240,000 appeal against HMRC after an IR35 tribunal.  It had been alleged by HMRC that Mr Alcock, who had used his limited company RALC Consulting Ltd to engage in contracts with the DWP, owed more than £200,000 in unpaid taxes because he was working on an equivalent basis to full-time staff, and should pay the same rates of tax and national insurance (under IR35). Mr Alcock was, however, able to show that because (in his case) there had been no minimum obligation to provide work and no ability to charge for just making himself available for work, he couldn’t be an employee.

What Does This Mean For Your Business?

There does appear to be some complexity in IR35, and businesses may be right to fear that this could lead to more costs and admin and could cause complications in an organisation’s relationship with trusted contractors who may work very effectively within that organisation.

Many business owners may also feel that not enough has been done by the government to raise awareness of the changes and to educate businesses and contractors about the implications and responsibilities of IR35.

Nevertheless, the clock is ticking on the introduction of IR35 for medium-to-larger private sector organisations, and these organisations now need to make sure that they progress as quickly as possible with IR35 preparations.

ICO Warns Police on Facial Recognition

In a recent blog post, Elizabeth Denham, the UK’s Information Commissioner, has said that the police need to slow down and justify their use of live facial recognition technology (LFR) in order to maintain the right balance in reducing our privacy in order to keep us safe.

Serious Concerns Raised

The ICO cited how the results of an investigation into trials of live facial recognition (LFR) by the Metropolitan Police Service (MPS) and South Wales Police (SWP) led to the raising of serious concerns about the use of a technology that relies on a large amount of sensitive personal information.

Examples

In December last year, Elizabeth Denham launched the formal investigation into how police forces used FRT after high failure rates, misidentifications and worries about legality, bias, and privacy.  For example, the trial of ‘real-time’ facial recognition technology on Champions League final day June 2017 in Cardiff, by South Wales and Gwent Police forces was criticised for costing £177,000 and yet only resulting in one arrest of a local man whose arrest was unconnected.

Also, after trials of FRT at the 2016 and 2017 Notting Hill Carnivals, the Police faced criticism that FRT was ineffective, racially discriminatory, and confused men with women.

MPs Also Called To Stop Police Facial Recognition

Back in July this year, following criticism of the Police usage of facial recognition technology in terms of privacy, accuracy, bias, and management of the image database, the House of Commons Science and Technology Committee called for a temporary halt in the use of the facial recognition system.

Stop and Take a Breath

In her blog post, Elizabeth Denham urged police not to move too quickly with FRT but to work within the model of policing by consent. She makes the point that “technology moves quickly” and that “it is right that our police forces should explore how new techniques can help keep us safe. But from a regulator’s perspective, I must ensure that everyone working in this developing area stops to take a breath and works to satisfy the full rigour of UK data protection law.”

Commissioners Opinion Document Published

The ICO’s investigations have now led her to produce and publish an Opinion document on the subject, as is allowed by The Data Protection Act 2018 (DPA 2018), s116 (2) in conjunction with Schedule 13 (2)(d).  The opinion document has been prepared primarily for police forces or other law enforcement agencies that are using live facial recognition technology (LFR) in public spaces and offers guidance on how to comply with the provisions of the DPA 2018.

The key conclusions of the Opinion Document (which you can find here: https://ico.org.uk/media/about-the-ico/documents/2616184/live-frt-law-enforcement-opinion-20191031.pdf) are that the police need to recognise the strict necessity threshold for LFR use, there needs to be more learning within the policing sector about the technology, public debate about LFR needs to be encouraged, and that a statutory binding code of practice needs to be introduced by government at the earliest possibility.

What Does This Mean For Your Business?

Businesses, individuals and the government are all aware of the positive contribution that camera-based monitoring technologies and equipment can make in terms of deterring criminal activity, locating and catching perpetrators (in what should be a faster and more cost-effective way with live FRT), and in providing evidence for arrests and trials.  The UK’s Home Office has also noted that there is general public support for live FRT in order to (for example) identify potential terrorists and people wanted for serious violent crimes.  However, the ICO’s apparently reasonable point is that moving too quickly in using FRT without enough knowledge or a Code of Practice and not respecting the fact that there should be a strict necessity threshold for the use of FRT could reduce public trust in the police and in FRT technology.  Greater public debate about the subject, which the ICO seeks to encourage, could also help in raising awareness about FRT, how a balanced approach to its use can be achieved and could help clarify matters relating to the extent to which FRT could impact upon our privacy and data protection rights.

Tough Questions About Libra Cryptocurrency

Facebook’s CEO, Mark Zuckerberg faced a grilling from the US Congress last week over his company’s ‘Libra’ cryptocurrency plans.

Libra

‘Libra’ is Facebook’s new cryptocurrency and global payment system that’s due to be launched in 2020.  Unlike other cryptocurrencies, Libra is backed by a reserve of cash and other liquid assets.  The idea of Libra is that spending the new currency could be as easy and fast as texting as payments can be made by a special phone app and by messaging services such as WhatsApp.  Also, Libra is intended to be of particular value to the one billion+ people around the world (including 14 million in the US) with no access to a bank account, but who could use a mobile phone-based payment system.

Management of the currency, units of which can be purchased via Libra’s platforms and stored it in a digital wallet called “Calibra” will be the responsibility of an independent group of 21 companies and non-profit organisations called the Libra Association, of which Facebook’s subsidiary ‘Calibra’ is a member.

Problems and Criticism

Facebook has, however, found itself coming in for some tough criticism over its involvement with Libra. This includes:

  • Worries about whether Facebook can be trusted with peoples’ financial details in the light of its part in the personal data-sharing scandal with Cambridge Analytica.
  • Concerns from ‘Group of Seven’ democracies finance chiefs about whether Libra could address “serious regulatory and systemic concerns”.
  • President Trump Tweeting that he’s not a fan of Libra, and bank chiefs like Mark Carney also expressing concerns about Libra.
  • Worries that Libra could be used as a means to bypass rules relating to money laundering and tax evasion (which is believed to have led to PayPal leaving the Libra Association recently).
  • Warnings that Libra could be blocked in Europe (especially in France) unless concerns over risks to consumers and to the monetary systems of countries can be addressed.

Congress Grilling

The grilling of Mark Zuckerberg at the US Congress last week at the top of the House Financial Service Committee’s hearing focused on many of the key concerns.  For example:

  • Republican Nydia Velázquez asked Mark Zuckerberg why Facebook should be trusted after the recent privacy scandals and data breaches/data sharing relating to the Cambridge Analytica affair.
  • Republican Joyce Beatty criticised Mark Zuckerberg over an apparent lack of knowledge of diversity and housing advertisement issues and alleged that Zuckerberg hadn’t read her reports.
  • Republican Patrick McHenry criticised the technology industry and highlighted the current anger towards it.

Prepared Statement Covered Many Concerns

Mark Zuckerberg’s prepared statement for the hearing appears have anticipated and answered the main concerns.  For example, as well as stressing how Facebook is committed to strong consumer protections for the financial information they receive, Mark Zuckerberg addressed three main concerns, saying that:

  1. Where people are concerned that Facebook is moving too fast on the Libra project, Facebook is committed to taking the time to get this right.
  2. Where it has been suggested that Facebook could circumvent regulators and regulations with Libra, Facebook won’t actually be a part of launching the Libra payments system anywhere in the world unless all US regulators approve it.
  3. Libra is not an attempt to create a sovereign currency but, like existing online payment systems, it’s simply intended to be a way for people to transfer money.

So What?

Despite the grilling, many commentators have pointed out that the House Financial Service Committee and Congress don’t actually have the power to do much about the introduction of Libra.  Some commentators have also suggested that the hearing was as much about political grandstanding as it was about Libra and that politicians are finding it hard to stay up to speed with information about cryptocurrencies.

No Regulatory Approval = Facebook Leaves the Association

Mr Zuckerberg stressed just how much he intends to play by the rules with Libra by saying that if the Libra Association moved forward without regulatory approval, Facebook “would be forced to leave the Association.”

What Does This Mean For Your Business?

Banks and governments are unlikely to adopt a favourable attitude to a new type of currency that could potentially unbalance monetary systems, and could potentially get around regulations, scrutiny and control, and could even be used for money laundering and tax evasion. That said, the blockchain-anchored Libra is unlikely to suffer many of the huge fluctuations and problems that other cryptocurrencies like bitcoin have because Libra is backed by real assets.  Also, many of the big financial players are part of the Libra Association e.g. Mastercard and Visa, although it’s clear that Facebook needs to make sure that Libra can meet all regulatory requirements and is squeaky clean if the Association wants to keep these important members.

If, as Mr Zuckerberg says, Libra is simply and innocently another way of paying for things that could lead to a more inclusive society e.g. by helping those without bank accounts, this could benefit not just society but whole economies too.  It looks as though Facebook still has some way to go, however, to convince governments, finance chiefs and other critics that it is the right company to be trusted with a new currency and the financial data of those who use it.

Digital ‘Pressure’ For Accountants

A report by IT company Prism Solutions has highlighted how traditional accountancy firms are having to change rapidly to meet challenges such as Cloud computing, GDPR and HMRC pressing quickly ahead with ‘Making Tax Digital’ (MTD).

MTD

According to the report, the whole accountancy profession is now on the verge of an evolutionary change and accountancy firms will need to develop into digital practices in order to compete and survive.

One of the key change drivers and challenges for accountancy firms is HMRC’s ongoing ‘Making Tax Digital’(MTD) initiative which has been designed to eradicate paper from the tax filing process and to make the UK tax system more effective, efficient and easier for taxpayers to use.

The fact that an estimated 1.2 million businesses are subject to the MTD VAT rules (for VAT periods starting on or after 1 April 2019 or 1 October 2019 for organisations which are more complex), must now keep VAT records in a digital format and submit their VAT returns to HMRC using MTD compatible software (yet can’t do so using HMRC’s website) means that they are turning to accountancy firms to submit the returns on their behalf.  This leaves accountancy firms with new challenges such as having to adapt quickly to a different type of interaction with their clients who are looking for accountants to be experts on the digital process and to provide instant service and issue resolution. Accountancy firms are also facing possible problems if HMRC doesn’t do enough to communicate MTD to relevant businesses.

Always On

The Prism Solutions report highlights how accountancy clients now expect technology to be ‘always on’ 24/7 and that the ability of an accountancy firms’ productivity to be able to connect with their clients in real-time, and offer access to real-time data that’s always on is an important way in which they can deliver an exceptional client experience.

Other Challenges

The Prism report also notes that, just as Cloud computing, GDPR, and MTD are already having an impact on accountancy, other emerging challenges to the profession include the development of AI technologies, blockchain and crypto-currencies.

What Does This Mean For Your Business?

Having to digitise accounts is providing challenges to both businesses and accountancy firms and looks set to change aspects of the relationship between the two.  Accountancy firms are realising that embracing all forms of ‘digital’ is a key enabler to enhancing productivity, and that becoming part of the digital revolution with their clients will enable them to not just offer a better service, but also to grow as they take advantage of new revenue-generating opportunities and position themselves as the go-to adviser for their clients.

As well as expecting ‘always-on’ service and digital expertise from accountancy firms, business customers will still want to use their accountants as a source of business advice for business planning, strategy, and market development (for example), and getting better at using digitisation to do this could be another way in which accountants could keep delivering value to businesses.

Email Signature Legally Binding For Lawyer

A recent ruling by the High Court that an email containing an automated signature is legally binding proved costly to the lawyer who sent such an email on behalf of his client that included the wrong price for a land sale.

£25,000 Below

The unfortunate lawyer, Daniel Tear, who sent an email to another lawyer setting out the terms for an owner’s land/property sale (but with the sale price listed as £25,000 lower than the asking price) the ruling about his email signature at the County Court in Manchester proved to be very costly.

In the case, which related to a dispute over the sale of land near Lake Windermere listed as a “jetty/boat landing plot/mooring”, it has been reported that the land should have been offered for sale at the asking price of £200,000 but (according to published court documents) but Mr Tear’s email to the lawyer of those wishing to purchase the land specified a price of “ £175,000 (one hundred and seventy-five thousand pounds”.

The lawyer acting for the buyer accepted the deal, and despite Mr Tear later emailing all the parties to say the deal had not been finalised by email, the court ruling went against him and his client.

Why?

According to the published court documents which refer to matters related to certain sections of the Law of Property Act of 1989, Mr Tear’s auto-signature (using Microsoft Outlook) which appeared at the bottom of his email, accompanied by the words “Many Thanks” (which link the email’s contents to the signature) were enough to make the contents of the email’s agreement binding.

In a hearing which considered the many difficulties around an email footer possibly being treated as a sufficient act of signing the judge stated that he was “satisfied that Mr Tear signed the relevant email on behalf of the Defendant” and that “the Claimants are entitled to the order for specific performance that is sought”.

Mr Tear’s argument that the case fell under Section 2 (1) of the Law of Property Act of 1989 i.e. “The document incorporating the terms or, where contracts are exchanged, one of the documents incorporating them (but not necessarily the same one) must be signed by or on behalf of each party to the contract” was, therefore, not accepted by the court.

What Does This Mean For Your Business?

As with most legal matters, if you read the court documents (here: https://www.bailii.org/ew/cases/EWHC/Ch/2019/2462.html) there were many different considerations based around the case. One thing that businesses can take away from this case, however, is that if you create and add an email signature section to the footer of your Outlook emails, even though it is automatically added to each of your emails, it may still prove to be enough to legally bind you to the contents of the email, even though you may have made a mistake. It goes without saying, therefore, that businesses need to be very careful to check that prices and quotes emails to clients (where an email signature is included) are correct and that any terms are clearly stated.  This ruling could now and in future have implications for many businesses in disputes relating to the contents of business emails.

Less Than Half of Small Businesses Ready For No-Deal Brexit

Research from techUK shows that less than half of small UK businesses consider themselves to be ready to face a no-deal Brexit on 31 October, whereas 87% of larger businesses think they are prepared.

Small and Medium

The techUK research shows that only 43% of UK small businesses think they are ready for the prospect of a no-deal Brexit, which is not too different to the mere 50% of medium-sized companies that expressed readiness.

Not Up To Date With Government Guidance

The survey revealed that although most enterprises are aware that the government has given guidance on getting ready for a no-deal Brexit, only 30% of small businesses and 33% of medium-sized businesses regard themselves as being up to date with that guidance.

Popular Concerns

In addition to the impact on the UK economy, some of the popular concerns that many businesses have about a no-deal Brexit include how they stand in terms of regulatory and any extra regulatory barriers that may hinder trade compliance, and difficulty in finding staff after an end to freedom of movement (there is already a tech skills shortage and tech ‘brain drain’).  Also, businesses are clearly worried about post-Brexit relationships with suppliers, whether contracts will need to be updated, and whether they will have enough of the right raw materials and parts to keep production running smoothly and meet their customer demands while keeping their costs and prices down.

Data Protection Guidance For Brexit

As far as being prepared to stay compliant with data protection laws, the ICO has recently stated that if a UK business or organisation already complies with the GDPR and has no contacts or customers in the EEA, that business or organisation doesn’t need to do much more to prepare for data protection compliance after Brexit.

The latest guidance for businesses facing a no-deal Brexit can be found on the website here: https://ico.org.uk/for-organisations/data-protection-and-brexit/data-protection-and-brexit-for-small-organisations/

What Does This Mean For Your Business?

It doesn’t take a study to find out that there is still a great deal of uncertainty about trading post-Brexit, particularly after the impact of a no-deal Brexit. As the businesses in the study indicated, many are aware that there is guidance available from government sources and that SMEs don’t appear to be up to date with that guidance.  It is good, at least, that the ICO has issued clear, easily accessible guidance on its website to help companies prepare to remain GDPR compliant after Brexit. Other Brexit guidance for small businesses can be found on the FSB website here https://www.fsb.org.uk/standing-up-for-you/brexit/resources  and on the main UK government website here https://www.gov.uk/find-eu-exit-guidance-business.

France Says ‘Non’ To Facebook’s Libra Cryptocurrency

France’s finance minister, Bruno Le Maire has said that the development of Facebook’s new Libra cryptocurrency will be blocked in Europe unless concerns over risks to consumers and to the monetary systems of countries can be addressed.

Libra – Announced in June

Announced in June this year and due to be launched in 2020, Libra is Facebook’s cryptocurrency which will enable payments to be made by a special phone app and by messaging services such as WhatsApp so that spending the new currency could be as easy and fast as texting.  Management of the currency, units of which can be purchased via Libra’s platforms and stored it in a digital wallet called “Calibra”.

In addition to Facebook, the Association has 27 other members/partners, all of whom will most likely have to accept Libra, including Mastercard, PayPal, eBay, Spotify, Uber, Vodafone, and a variety of charities such as Women’s World Banking.

For Use By The ‘Unbanked’

Facebook has promoted Libra as being targeted mainly at the 1.7 billion adults worldwide who do not have a bank account, and who use services such as payday loans although 1 million plus of these already have a smartphone, thereby enabling them to use the apps through which Libra can be operated.  This “unbanked” segment of the potential market contains mainly people from developing countries, a large proportion of which are women.

Why Does France Object?

In Bruno Le Maire’s speech at the OECD Global Blockchain Policy Forum 2019 he identified several reasons why France would consider blocking Libra in Europe, the main one being that monetary sovereignty of countries may be at stake from a possible privatisation of money e.g. because Facebook is a sole actor (company) with more than 2 billion users on the planet. Mr Le Maire also expressed concern that Libra’s digital credits could facilitate money laundering and terrorism.

Other concerns about Libra’s introduction include:

  • Possible risks to consumers (their personal data) in the light of Facebook’s sharing of user data with Cambridge Analytica.
  • Consumers may turn to cryptocurrencies like Libra during a time of national crisis, which could make it more difficult for governments to stabilise their economies, thereby making matters worse.
  • The need for Libra to meet regulations for consumer protection, money laundering and financing terrorism.
  • Libra uses blockchain, which many banks still consider to be an emerging technology that should be approached with caution.

Highlights The Need To Work Together

According to the head of policy and communications at the Libra Association, the concerns expressed by Bruno Le Maire highlight the need for the project’s backers to work together with regulators to make the implementation of the Libra project safe, transparent and consumer focused.

What Does This Mean For Your Business?

For Facebook, Libra is an opportunity to monetise another of its services, and an opportunity to diversify.  Even though Facebook has promoted Libra as a currency for use by the 1.7 billion people without bank accounts, it is more likely that Libra will gain more users with bank accounts in developed countries more quickly.  Also, some more sceptical commentators have noted that Libra may be less about money and blockchain but more about gathering more information about the identity of clients.

Even though Libra users are not intended to be businesses, if Libra does help the ‘unbanked’ this could have a knock-on effect in helping that segment of society to buy more goods and services, thereby helping businesses and the economy.

Libra looks set to face more scrutiny and attempts to make sure that it meets the regulation of countries that are worried by the possible shift in control from governments and central banks to big business that Libra could bring. This shift in control could have a number of effects on the business environment and the economies of countries if Libra proves to be popular.

Leaving Your Job? Don’t Take Personal Data With You Warns ICO

The Information Commissioner’s Office (ICO) has warned those retiring or taking a new job that under the Data Protection Act 2018, employees can face regulatory action if they are found to have retained information collected as part of their previous employment.

Old Investigation

The renewed warning was issued following the regulator concluding its dealings in an old investigation of two (former) police officers interviewed (by the media) about an historic case they’d worked on as serving officers involving an MP, and had been accused of disclosing details about the case to the media.

In this case, the investigation appears to have related to police handling of personal data such as notebooks and the fact that measures need to be put in place to ensure that these are not retained when officers leave the service.

The ICO investigation, brought about under the previous Data Protection Act 1998 legislation (because the alleged disclosure occurred before the DPA 2018 and GDPR’s introduction) may have resulted in no enforcement action being taken against the two officers, but prompted the ICO to issue a reminder that data protection laws have been toughened in this area.

“Knowingly or Recklessly Retaining Personal Data”

The warning in the ICO’s recent statement is that the Data Protection Act 1998 has since been strengthened through the Data Protection Act 2018, to include a new element of knowingly or recklessly retaining personal data without the consent of the data controller (see section 170 of the DPA 2018).

The only exceptions to this new part of the new Act are when it is necessary for the purposes of preventing or detecting crime, is required or authorised by an enactment, by a rule of law or by the order of a court or tribunal, or whether it is justified as being in the public interest.

Retiring or Taking a New Job

The ICO has warned that anyone who deals with the personal details of others in the course of their work, private or public sector, should take note of this update to the law, especially when employees are retiring or taking on a new job. Those leaving or retiring should also take note that they will be held responsible if the breach of personal data from their previous employer can be traced to their individual actions.

Examples

Examples of where the ICO has prosecuted for this type of breach of the law include a charity worker who, without the knowledge of the data controller, Rochdale Connections Trust, sent emails from his work email account (in February 2017) containing sensitive personal information of 183 people.  Also, a former Council schools admission department apprentice was found guilty of screen-shotting a spreadsheet that contained information about children and eligibility for free school meals and then sending it to a parent via Snapchat.

What Does This Mean For Your Business?

This latest statement from the ICO should remind all businesses and organisations, whether in the private or public sectors, that reasonable measures or procedures need to be put in place to ensure that anyone retiring or leaving for another job cannot take personal details with them that should be under the care of the data controller i.e. you and your company/organisation.

Failure to take this facet of current data law into account could result in fines from the regulator for those individuals responsible, potential legal action from the victims of any breach against your organisation, some bad and potentially damaging publicity, and costly and long-lasting damage to reputation.