By Jess Pembroke, Director of Information Law Services We’ve already had a busy start to the year delivering our CPD UK accredited training courses. After more than 15 years of training staff in data protection, I’ve noticed a welcome shift, people now have a broader awareness of what privacy means, why it matters, and how it […]
By Jess Pembroke, Director of Information Law Services It’s the time of year when many of us set New Year’s resolutions and perhaps a few have already slipped. As for me, I’m looking forward to continuing to help organisations meet their goals while balancing the risks and responsibilities of using data securely, ethically, and effectively (oh […]
By Jess Pembroke, Director of Information Law Services “People should plan for potential cyber-attacks by going back to pen and paper, according to the latest advice. The UK government has written to chief executives across the country, strongly recommending that organisations keep physical copies of their cyber incident response plans as a precaution”. [1] This follows […]
By Jess Pembroke, Director of Information Law Services Recently, I came across a troubling post on social media. A parent was calling for support after discovering that their children, along with all other pupils from nursery age upwards, had been added to a social app by their Academy Trust. This app included discussion forums, direct messaging, […]
By Jess Pembroke, Director of Information Law Services As the modern workplace has evolved, so too have the boundaries of security. Historically, data breaches often stemmed from physical access – someone walking out with a USB stick or leaving a file on a train. Today, however, threats have adapted to the digital environment with the rising […]
By Jess Pembroke, Director of Information Law Services The recent BBC report on Weleda’s investigation into its alleged links to Nazi-era human experimentation reminded me of the vital role archives play in confronting uncomfortable truths. A key area archives ask for our support on is how to balance the need to preserve historical records with modern […]
By Jess Pembroke, Director of Information Law Services A Data Subject Access Request (DSAR) is a key part of the General Data Protection Regulation (GDPR). It empowers individuals to access their personal data. The aims of a DSAR are to rebalance the power between individuals and organisations giving people greater control over their information and the […]
Opening a Can of Worms in Higher Education By Sue White, Information Governance Manager ‘Research students process substantial amounts of personal data (often special category data) during their studies. Who is the data controller? Is it the university or is it the student themselves?’ Years ago, I was asked the above question and, as with […]
By Jess Pembroke, Director of Information Law Services Background Ransomware is a severe cybersecurity threat in the UK, classified as the most significant form of organised cybercrime. It involves malicious software that locks IT systems or data, often alongside data theft, and demands a cryptocurrency ransom for restoration or to prevent public release of information. Cyber-attacks […]
By Jess Pembroke, Director of Information Law Services In June 2021, Sony Music Entertainment uncovered a breach in a cloud account. The account had been compromised by Adrian Kwiatkowski (aka Dalziel), who illegally accessed multiple artists’ cloud storage to steal and sell unreleased music.[1] Kwiatkowski has been prosecuted under copyright law because he distributed copyrighted material […]
By Jess Pembroke, Director of Information Law Services After 15 years in the role of Data Protection Officer (DPO), I’m still surprised by how much I genuinely enjoy the work. Every day brings new challenges and questions. If you’ve ever considered a career in data protection, I wholeheartedly encourage you to explore it. It’s more rewarding […]
By Jess Pembroke, Director of Information Law Services The Data (Use and Access) Act 2025’s primary function is to amend existing legislation particularly the Data Protection Act 2018 (DPA 2018), Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). This means it does not replace these laws but modifies and […]
