By Jess Pembroke, Director of Information Law Services When the ICO fined Police Scotland £66,000 in December 2025, it was easy to focus on the public sector penalty. However, the notice reveals organisations often overlook the real-world effects of poor data handling these decisions affect actual people in deeply personal ways. The victim chose to speak […]
By Jess Pembroke, Director of Information Law Services In February 2026, the Information Commissioners Office (ICO) issued a £14.47 million monetary penalty to Reddit for serious UK GDPR failings relating to children’s personal data. There are lots of issues highlighted in the Monetary Penalty Notice (now the ICO have published it!) these include that Reddit: But […]
By Cleo Everett, Information Services Coordinator Now I am two months in to being an Information Services Coordinator at Naomi Korn Associates, I work every day with Data Subject Access Requests (DSARs), and am more confident in data protection than I thought I would be capable. As a history graduate, I had never thought about […]
In May 2025, following the introduction of the Data (Use and Access) Bill into the UK Parliament, the Archives and Records Association UK & Ireland (ARA) noted the requirement to agree “generally recognised standards” relating to the data protection purpose “archiving purposes in the public interest”. Together with other sector bodies ARA agreed to commission […]
By Jess Pembroke, Director of Information Law Services Data Subject Access Requests (DSARs) are a fundamental right. When I deliver training, I often explain DSARs in the context of democracy: data protection laws are designed to rebalance power between individuals and large data‑processing organisations. Historically this meant the state government departments but in 2026, the biggest […]
By Jess Pembroke, Director of Information Law Services Like many in the sector, I read the news of a ransomware attack on Salford City College Group with a heavy heart[1]. My first thoughts are with the staff, students, families and wider community who will probably be struggling to deliver services against a backdrop of limited access […]
By Jess Pembroke, Director of Information Law Services The ICO has recently published that it has been “Cracking down on FOI failures”[1]. Given that this legislation (The Freedom of Information Act 2000) has been in force for more than two decades, it’s surprising that local authorities struggle to comply, although I expect the combination of staff […]
Reflecting on This Week’s Information Sharing, Data Processors and Contracts Session By Jess Pembroke, Director of Information Law Services I recently had the pleasure of delivering our Information Sharing, Data Processors and Contracts course. From the outset, the delegates brought thoughtful questions and curiosity about how to get information sharing and contracting with third parties right […]
By Jess Pembroke, Director of Information Law Services The ICO has just published a summary of the feedback it has received on its proposed transformation about how it handles data protection complaints. And while the regulator’s goal is to create a more strategic, risk-based model, organisations may feel the impact just as strongly as the public[1]. […]
What the 2025 Act means and how it can (and can’t) be used By Sue White, Head of Information Law Services The Data Use and Access Act (2025) introduced a significant, and long-awaited, shift for charities by extending the use of the ‘soft opt-in’ to the non-profit sector. This part of the Act came into force on 5 February 2026 opening new doors for supporter engagement. But what does this mean in practice? When can charities rely […]
Come along to the free online Business Bites webinar on 25 February, titled Strengthening Data Protection in Cultural Collections: The London Library’s Audit with Naomi Korn Associates, hosted by Business Archives Council and Business Archives Council Scotland. We are thrilled to be speaking in partnership with The London Library reflecting on how we undertook a […]
By Jess Pembroke, Director of Information Law Services After another energetic season of delivering our CPD UK accredited training, I’m delighted to share details of our Data Protection Intermediate Certificate, a programme designed for individuals who already have a grounding in data protection but want to deepen their confidence and practical capability in specific areas. One […]
Page 1 of 12
