UK Serious Fraud Office fined for data breach

The Serious Fraud Office (SFO) was this week fined GBP 180,000 by the UK Information Commissioner (ICO) for mistakenly sending evidence to a witness in a serious fraud, bribery and corruption investigation. The breach occurred after the investigation concluded, while the SFO was returning data collected from witnesses and participants. One of the witnesses contacted the SFO to report that he had received data that did not belong to him and it was found that he had received documents containing personal data relating to thousands of individuals.

Investigation launched into companies sharing health data

The UK's ICO confirmed it is looking into newspaper reports that companies are selling personal information regarding individuals' pensions and health to marketing companies. Undercover reporters from the Daily Mail found that information compiled from health insurance applications was being sold to direct marketing agencies, who would then use the information to target individuals with specific products such as mobility aids.

Prince of Wales memos cleared for public disclosure

The Supreme Court has ruled that letters sent by Prince Charles to UK government officials should not be withheld from publication. It follows a ten-year court battle by the Guardian newspaper to release details of the letters, in which the Prince is said to express his views about Government policy. Last week David Cameron, the Prime Minister, hinted at possible changes to freedom of information laws to protect the "confidential views" of members of the Royal Family.

EU gives Amazon's Cloud the green light

Customers using Amazon's Cloud service can be assured their data is as safe when it is being transferred across the world as it would be if it were being stored within the European Union, regulators said this week. This announcement was made by a the Article 29 Working Party consisting of officers from EU member state privacy watchdogs, which reviewed Amazon's contractual clauses in the wake of the release by Edward Snowden of thousands of classified intelligence files.

Dutch authority recommends data retention Bill should be dropped

The Dutch Data Protection Authority (DPA) produced a draft bill proposing that general powers to hold on to personal information gathered by communications companiesis an unwarranted infringement of citizens' privacy. The DPA recommended that the bill, which would require requests for historical data to pass a preliminary check by a judge, should not go before parliament. Other measures to limit the powers, such as distinguishing between the period of retention and the period in which the data is available for use by prosecutors, did not adequately protect the public, the DPA said.

Congress considers draft bill to protect students' data

A draft bill aimed at increasing protection for data collected by education companies has been introduced to the US Congress. The Student Digital Privacy and Parental Rights Act has already been criticised by pressure groups who argue there are loopholes through which sensitive information on children could be shared without parental consent. In January, President Obama proposed restrictions on the sharing of information by tech firms about schoolchildren.

First Australian company to commit to tighten data protection

Optus, a communications company, has become the first company to make a binding commitment to review its data protection measures under reforms to Australia's data protection laws. It has also promised to implement any recommendations arising from an investigation by the country's information commissioner (OAIC). This comes after three significant incidents in which the security of customer information was compromised. OAIC was recently given new powers to accept undertakings from organisations, which are enforceable in the federal courts.