News

With the ICO’s Children’s Code being  brought into effect last year, it is now a legal requirement that organisations that deal with children’s data uphold their rights as a priority, according to Article 1 of the Code. As a part of this, the ICO have published their ‘Best Interests of the Child Self Assessment’ tool, which provides guidance and information on how to ensure that if you are collecting children’s data, or plan to do so, that you are acting in the best interests of the children whose data you are collecting, as well as in accordance with the United Nations Convention on the Rights of the Child (UNCRC).

In this edition of cyber news roundup, we’ll be looking at the continuing cyber threat to health and education sectors, the risks that app stores pose to users, and 2021’s most exploited vulnerabilities.

There has been a new report published on the use of biometric data in schools. The report is entitled ‘The State of Biometrics 2022: A Review of Policy and Practice in UK Education’, and you can find the full report by clicking here. 

Amazon’s latest entry into the smart home device technology is their Astro bot, which they describe as:

“The household robot for home monitoring, with Alexa. When you're away, use the Astro app to see a live view of your home, check in on specific rooms and viewpoints, and get activity alerts. When you're home, Astro can follow you from room to room playing your favorite music, podcasts or shows, and find you to deliver calls, reminders, alarms, and timers set with Alexa.”

The Record of Processing can often seem like a daunting process to undertake- but it’s important to view it as exactly that- a process. Documenting the processes your organisation carries out is an ongoing process that you continue to evolve and develop as those processes change. The value you can get out of spending some time and care by completing various ones shouldn’t be underestimated. We’ve spoken to some of the people who have used the RoP tool on the Knowledge Bank, and what they found challenging, and what they found the most useful parts of the tool, in the hope that it will help some of you who may feel like carrying out the Record of Processing is a daunting task.

In April's Cyber News Update, we take a look at breaches that have impacted Funky Pigeon and WhatsApp, as well security updates and cyber threat advice.

The Department for Digital, Culture, Media and Sport have recently published their annual report from their Cyber Security Breaches Survey. As part of this, they have also published a report which looks at educational institutions in particular.

2022 Security Breach Report Published

The Cyber Security Breaches Survey for 2022 has recently been published by The Department for Digital, Culture, Media and Sport- the full version of which you can find by clicking here.

VPN’s have become commonplace over the past couple of years, with every content creator out there having at some point been sponsored by Nord VPN (other VPN providers are available). VPN's are mostly used so that we can watch content on streaming platforms that would otherwise be blocked in the UK. However, as well as allowing you to watch Pulp Fiction on Canadian Netflix, VPN’s have excellent security benefits that can help prevent data breaches and cyber attacks. 

Organisations in Ukraine are the target of Destructive Malware

Agencies in the US and Australia have published alerts in response to a recent increase in cyber threats to organisations in Ukraine, stating that organisations should take steps to mitigate the threat that currently exists from destructive malware.

Data Protection Education are leading specialists in Data Protection for Schools and Trusts, with the key service that offer being a Data Protection Officer (DPO) service. But what does a DPO do? What value do they bring to an organisation, and how do we help you stay data protection compliant?

Under UK GDPR, Public Authorities or Bodies, as well as businesses carrying out certain processes are required to appoint a Data Protection Officer (DPO). This article will explain why you need a DPO and what a DPO does for your organisation.

Recently there has been an annual study published by Ponemon Institute (sponsored by Experian) entitled “Is Your Company Ready for a Big Data Breach?”. The study looks at the state of breach preparedness across organisations over a period of a year,

When we talk about information security and cybersecurity, those that write about this area can often use complex and technical terms, assuming that the reader has the required knowledge to fully understand what those terms mean.

Microsoft Azure Breach Leads to Student Data Exposure 

Researchers and Clario published a report which outlined how an open Microsoft Azure repository indexed by a public search engine which needed no authentication had been found.

It’s been far too long since we’ve checked in with Facebook (now Meta), and their ongoing mission to make as much money as possible from our data, so we thought we would discuss the Metaverse, with Mark Zuckerberg’s company being at the forefront

The NCSC has provided some insight and guidance changes on Security practices in the past week which will be the topic of this week’s cyber update. Below is a summary of their guidance, with some additional resources.

The 1st of January, the 25th of December, and the 28th of January- the three biggest dates in the calendar each year for being New Years Day, Christmas Day and of course, Data Privacy Day.

With cyber threats increasing every month, we’ll be looking to provide weekly updates on the different cyber security threats that have taken place recently to highlight all the different ways in which our data can be accessed by those wishing to do harm.

For most organisations, a lot of thought and care goes into ensuring that when you’re collecting data, you are complying with the relevant data protection legislation- that it’s being collected with consent where required, that you have a lawful basis etc. However,

A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector since 2020, the highest increase of any sector. 

Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that same period

Our news story this week is from TechCrunch, who have an article regarding The European Data Protection Board (EDPB), who have called for the EU to phase out, and eventually prohibit the use of targeted advertising

This year, and in particular since the start of this academic year, we’ve been adding new areas to the already extensive functionalities that the Knowledge Bank offers your organisation.

On the 10th of November 2021, The Supreme Court announced their long awaited decision regarding a lawsuit between Mr Lloyd and Google. The court found unanimously in favour of Google, and dismissed the Court of Appeal’s previous decision.

With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion.

You may be aware that the UK government is currently holding a consultation "Data: A new direction" on the future of data protection law and regulation in the UK.

Here are some thoughts on our opinion.

Another week, another Facebook story. Don’t worry, we're not slowly becoming a Facebook news outlet, they just keep making headlines in the world of data protection, and this time seemingly for a positive reason.

On September 9th, the UK Government published their Consultation Paper on Reforms to the UK Data Protection Regime-'Data: A New Direction', where they outlined proposed changes to GDPR since leaving the EU.

How to share this year’s Nativity play online safety

Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to the latest data protection regulations? Below is some guidance which will support you in this task.

Over the past few years, there has been a positive drive towards imposing greater regulations on organisations and how and when they collect user data. Users now have more control than ever on being able to consent to the collection of different types of data by apps.

As we’ve spoken about before in past articles, since the pandemic there has been a worrying increase in cyber attacks, with the education sector seeing the highest increase and total number of attacks. Our article on this can be read on our news page.

Judge rules that Amazon Ring doorbells breach GDPR:

A judge in Oxford County Court has ruled that audio recordings from an Amazon Ring doorbell have breached data protection laws. The case involved an individual taking their neighbour to court, stating that the numerous recordings they had from their various cameras they had set up outside their house amounted to harassment and a breach of the Data Protection Act 2018.

The ICO has published a new code of practice entitled the ‘Data Sharing Code’. The code came into force on October 5th 2021, after being published on September 14th 2021. DLA Piper provides a good overview of the new code of practice, a summary of which can be found below, however if you wish to read their article on the code, you can find it here.

Under UK GDPR, organisations that hold personal information/data about people have a responsibility to ensure that that data is being dealt with in line with the relevant legislation.

Apps targeted at Children removed from the App Store for failing to have a privacy policy

At Data Protection Education, we are currently working on contacting all school suppliers with the aim of receiving all of their privacy policies and data agreements to ensure they are being GDPR compliant.

The Children’s Code

The first update from the ICO is that the transition year for the introduction of The Children’s Code (also known as The Age Appropriate Design Code) has passed, with the code having come into effect on September 2nd.

The National Cyber Security Centre has today upgraded it's advice to schools relating to the prevalence of cybers attacks in the sector:

We've looked at the importance of an adequacy decision to allow the free-flow of data between the United Kingdom and Europe in our earlier articles on Brexit. Finally, although in reality quite quickly, we have a decision - with draft adequacy decisions from the European Commission.

Purely from a data protection perspective!

There are various provisions around data in the UK-EU Trade and Cooperation Agreement.

As we all know, on 31 December 2020, the Transition Period (sometimes also referred to as the “Implementation Period”) under the EU-UK Withdrawal Agreement will come to an end. And one of the areas still in the mix is data protection, so what is the status now and what changes?

Download our latest flyer:

We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive.

Is it a month? Or 30 days? Are those working days?

So here's a little chart to simplify everything:

The National Cyber Security Centre, a part of GCHQ, is supporting educational establishments to keep criminals out of their networks after a spike in ransomware attacks. The rise in attacks was recorded in August as cybercriminals turn their attention to a sector focused on the return of students.

Some of you may have seen in the press the long-running legal dispute of Various Claimants vs Morrisons,  which after starting in the High Court in 2017 has finally seen a ruling issued by the Supreme Court.