Labour Party "in breach of UK privacy law"
People who joined the UK's Labour Party to vote in its upcoming leadership election were forced to sign up to marketing communications in breach of privacy laws passed by the party when it was in power, according to a data protection blogger. Writing in his 2040 Information law blog this week, Tim Turner said that under the Privacy and Electronic Communication Regulations 2003 (PECR), it was unlawful to require agreement to receive marketing emails and texts as a condition of signing up, even if members were later offered the chance to unsubscribe from communications sent by the individual candidates. He said: "Labour is arrogantly and cynically ignoring legislation that it passed when in government in order to hassle its most active supporters."
Regulator to carry out cyber health-check on UK insurers
UK insurers have been asked to provide information on their cyber-security capabilities as part of a review being carried out by the Prudential Regulation Authority (PRA). The financial watchdog wrote to insurers this week seeking the details together with information on the risk insurers may be exposed to through providing insurance against cyber attacks. The PRA intends to use the data from its survey to gauge the resilience of the UK financial system to cyber attacks.
German data watchdog fines companies over data sale
The Bavarian Data Protection Authority (DPA) has fined two companies involved in an asset sale for arranging to transfer data as part of the transaction. Both the buyer and the seller were ordered to pay undisclosed five-figure sums for breaching German data protection law by failing to seek the consent of customers or informing them of their right to object before transferring email addresses. The DPA also confirmed that the decision, issued late last month, is not appealable.
US Medical records breach spawns two class action law suits
Medical Infomatics Engineering Inc., a company which provides electronic medical records services, is facing two class action suits in the United States. The latest was brought in the Californian Federal Courts last week, alleging among other things that the claimants suffered losses and identity theft following a data breach in May. It follows group litigation brought on behalf of patients in Indiana, who allege the company delayed in notifying the authorities of the data...