Re: About time
And even when they do you can go to any garage rather than being forced to go to a Toyota Dealership
161 publicly visible posts • joined 25 Jan 2018
Except it isnt always that simple is it but then you know that.
A primary school I work with suffered a ransomware attack that had sweet FA to do with users so the training element is meaningless and the school had implemented all reasonable and expected security measures. I assume that was their fault?
I assume you will happily lose your business and livelihood for the greater good?
GDPR isnt applicable here as data for law enforcement purposes is specifically outside of GDPR's remit.
It falls under the Law Enforcement directive. Same principles in essence but different piece of legislation.
That is why we have the DPA 2018 as it effectively implements both GDPR and the LED.
The ICO is not a government agency - its an independent regulator appointed by the Crown and secondly it does not issue fines, it issues Monetary Penalty Notices (MPNs).
Pedantic distinctions but important as to how the ICO operates and there is far more flexibility on the size of MPNs that can be issued compared to 'Fines' which operate within a specific structure set by the MoJ.
Given it isn't a marketing email there is no requirement for them to provide an unsubscribe link anyway.
Its a service email that in some countries they are obliged by law to provide so whether or not you want it is largely irrelevant.
Certainly in Italy companies were legally required to provide a receipt and I am not aware this has changed.
You also forget reporting of incidents is a mandatory part of the DSPT for NHS organisations and was for its previous iterations under the IG Toolkit.
That's one reason why the NHS has always looked bad from a data security standpoint, they were the only organisation (and I use that collectively for all parts of the NHS) that was required to report its breaches.
In terms of the 72 hr reporting requirement the ICO take quite a pragmatic view in my experience and are happy as long as a basic notification if filed within 72 hrs and you can then update it after the window with more details.
Complete Freedom of speech should be permitted, if it isn't 'complete' then it isn't truly freedom of speech is it.
What shouldn't be stopped is freedom from consequences as a result of that speech.
Case in point being the Donald who used his free speech and suffered the consequences when he incited violence.
See also Nick Griffin's appearance on Question Time several years back. The BBC got heavily criticised for giving him a platform but by doing so it exposed his total lack of credibility to the masses and saw him and his bunch of racist thugs, at least in the guise of the BNP fracture and disappear without a trace.
I did read somewhere after it happened that he was warned what would happen if he went on QT but he chose to believe his own hype and went on anyway.
We aren't subject to GDPR since we left for the sunlit uplands (still waiting to get there). We are now using the snappily titled 'UK GDPR' which has had all references to the EU and EU Institutions removed.
That includes any Europe wide remedies.
Mines the one with a copy of the Keeling Schedules for GDPR in the pocket.
It goes further than that - the Information Tribunal have been quite explicit in their rare DP involvements (most of their cases involve FOI) that a SAR should not be used as a substitute for discovery.
What seems to escape people making SARs for this purpose is discovery is likely to actually get them more information than a SAR!!
'Get Stuffed' How eloquent you are.
The fact is they have done what they are legally obliged to do but not in a way you find convenient is a you problem not a them problem.
Yes the downloads take time and yes it is no doubt a pain but the information is there so suck it up sunshine as they have met their obligations.
Just be glad its all electronic and not physical files as well as if you think 60 links is constructive obstruction Christ knows what you would make of the SARs of over 25k pages and 1000+ documents I have dealt with previously that have taken weeks to sort out due to the mix of media involved.
Could they do it differently? Almost certainly.
Do they have to ? No they dont. it really is that simple
They could have done what you suggested but all the law requires them to do is make the information available to you.
They've done that so they have complied with their legal obligations as far as can be seen so the fact you don't like the mechanism they have chosen is irrelevant.
Also if you were to challenge their approach through the courts the first thing you'd be asked is 'did you look at the stuff' and as it seems you cant be bothered to put in a little effort to do the downloads the courts will say bugger off and come back when you have.
I'm no fan of the Amazon's of this world but there is nothing in these laws that say they have to spoon feed people everything.
To be fair to Amazon court ruling normally gives details of the infractions and then explicit requirements as a result of those infractions.
However in this case this seems to have been more along the lines of 'you've been naughty so sort it' with no more meat on the bones.
No doubt there will be an out of court settlement at some point that keeps everyone happy, especially the lawyers
Given the CMA and their predecessor, the Monopolies and Mergers Commission are next to useless this will die down and nothing further will happen.
Case in point early 90s they looked into the ferries to the Isle of Wight after the 2 main providers collaborated to put a new company out of business despite it running a route neither operated.
The MMC agreed what had happened was effectively a monopoly (yes I know by definition a monopoly is usually 1 company but it isn't always the case) but as the new company was now defunct they said was no point them taking the matter further.
Since then ferry services have got far worse and it will come as no surprise that the decline in service is matched by an increase in price. In effect its more expensive to cross the Solent per mile than the Atlantic in the Queen Mary 2!
The ICO doesn't issue fines and it never has done. It issues Monetary Penalty Notices, essentially the same thing but legally different as there is no set banding of fines levels among other things
Its a pedantic thing not helped by the outgoing IC being fond of the term fine during her myriad of public appearances but now she has gone back to Canada hopefully the new incumbent will at least use the right language and be less fond of a public appearance
Well if they are spending 40 days answering a SAR they are screwed as it hasn't been 40 days for over 3 years.
Its a month from date of receipt under GDPR but this can be extended to 3 months for complex requests which I can't conceive this would be... if it is then their marketing blurb is a lie (I couldn't comment)
GDPR & DP - the minute it is for anything other than personal use, which is a specific exemption, it becomes subject to GPDR/DP.
So using a Ring doorbell to answer the door while you are in the garden or away from home is exempt processing. The minute any recorded footage is then passed to the Rozzers you are no longer processing for personal use and you need to satisfy Art 6 and potentially Art 9 of GDPR to allow the processing to be lawful.
Its a classic Information Governance 'it depends' situation,
That the Minister of State nominally responsible for Data Protection thinks that Cookies are covered by data protection law (they aren't, they fall under PECR) should be worrying but given the current crop of idiots in Whitehall its par for the course so I'm not surprised.
What is more worrying is the fact they don't seem to realise that any significant changes to UK GDPR increase the likelihood of the UK losing adequacy status and crippling any businesses that rely on any kind of personal data transfer to/from the EU.
Still as long as their donors make a few quid its all good
Many of these staffers would be working in MPs offices so the salaries paid would be declared through the accounts etc the MP submits to parliament when claiming their expenses to pay for the staffers.
Also if the job is advertised the salary is in the public domain via the advert.
People also need to realise the salary you are paid is not always personal to you, it goes with the job. What is personal to you is the take home pay after tax, NI and other deductions as this can vary between people on the same salary..
Its even more transparent as a public sector worker as your pay is based on nationally agreed pay-scales which can be found on the internet so if you know a person's job grade (google for their job advert) then you can get a ball park figure for their salary (I'm assuming a 3 or 4 spinal point pay range for a job grade) .
Same, thats why our family trip to LA next year is being done a) via Calgary and b) at increased cost just to avoid flying United.
As a bonus going the way we are we also get Premium Economy rather then bog standard... so better legroom and extra baggage allowance for all the tat my offspring will want to bring home