* Posts by Cynical Pie

34 posts • joined 25 Jan 2018

Housing biz made to pay £1.5k for sticking fingers in its ears when served a subject access request

Cynical Pie

Actually not true, simply containing the name doesn=t make it personal data, the Durant ruling makes it quite clear that the information has to be biographical about the individual and the as snagging is about the house not the person, wouldn't make it the person's PD. The person's name would be PD but the stuff about the house wouldn't.

Your example of 'Fred' would be PD - its about him but just mention of a person in an email/document etc. doesn't make that their PD and to say it does is frankly nonsense but since you're playing on the experience and 'I know better than you card' here I guess my 15+ years as a DP Officer in the public sector doing SARs on a daily basis and with DP and FOI qualifications mean less than your experience doing IT in schools.

Mines the one with well thumbed and annotated copies of the DPA98, FOI, DPA2018 and GDPR in the pockets

Cynical Pie

RTFA, the ICO didn't set the fines, the courts do in this instance.

In many ways the ICO isn't fit for purpose but blaming it for the failings of someone else is a bit much

Cynical Pie

Re: example?

Snagging wouldn't be personal data so wouldn't be captured by a subject access request.

Only plebs use Office 2019 over Office 365, says Microsoft's weird new ad campaign

Cynical Pie

What is wrong with the old adage if it ain't broke don't fix it?

Yes Office can be frustrating at times but I much prefer the 'out of the box' versions such as 2019 (still happily using 2010 at home) rather than the constantly updated (read as 'oh FFS where have the developers moved (insert function of choice) to now?' version that is 365.

There is also the fact that some users (ie the Boss AKA Mrs Cynical Pie) struggle to use 365 due to the lack of block colours for the tool bars etc. Office 365 may look all clean and modern and shiny but sometimes old school works.

German competition watchdog tells Facebook to stop combining user data without consent

Cynical Pie

But But but....

we are doing this for the benefit of our product... I mean users... users, yes definitely users, not a product no, not at all ***phew think I got away with that and no one noticed***

Romford Station, smile! You're in London cops' final facial recog 'trial'

Cynical Pie

I'm surprised no one in authority has trotted out the classic nothing to hide nothing to fear etc etc

Struggling with GDPR compliance? Don't waste money on legal advice: Buy a shredder

Cynical Pie

Re: I come fully GDPR compliant..

Your home CCTV is only an issue if the cameras cover something other than your property - for example they also capture the neighbours garden or the pavement outside your front garden.

Cynical Pie

Re: Just use GSuite

As a local government DP person I'm calling bullsh!t on this.

The DP person wouldn't have said it, their boss or a Director would have said it then expected the DP Person to make it happen - trust me I know as I was once that person who had to make it happen. I also made sure I retained all of the emails about it where I told the Director what we were doing was non-compliant but as I wasn't far enough up the food chain I was ignored and told to do it anyway.

Fortunately I was never told to destroy docs after I explained doing that to avoid disclosure was a criminal offence!

As an aside the keeping some emails for years claim is also unlikely to be an FOI issue as in local government the majority of information with long term retention requirements are safeguarding/social care related so are personal data and can be withheld from an FOI anyway.

Um, I'm not that Gary, American man tells Ryanair after being sent other Gary's flight itinerary

Cynical Pie

Re: It'll never happen...

A thumbs down... Michael, is that you lurking?

Cynical Pie

It'll never happen...

.... but I'd love to see Ryanair on the receiving end of a hefty ICO fine.

Failing to correct information you know to be incorrect is a contravention of the DP Principles, particularly repeated refusals to remedy the situation. GDPR and The DPA 18 are agnostic as to who can tell you if the data is wrong and the assumption is once you know you know, regardless of the source of the data.

Apple blew my mind – literally, says woman: MagSafe plug sparked face-torching blaze, lawsuit claims

Cynical Pie

Reminds me of a tale from my time in the Fire Service..

... (as an Admin Monkey, not a water squirter) of a passenger in a car who got incinerated when she dropped her ciggie into the footwell next to her Oxygen cylinder.

No matter how dumb you think people can be civilisation always has a way to plumb new depths of stupid

New Horizons probe reveals Ultima Thule is huge, spinning... chicken drumstick?

Cynical Pie

Re: "some four billion miles from the Sun"

(Insert ISP Name of choice) will still claim you can get superfast broadband*

*Except when there is a Y in the day and a vowel in the month and certainly not during the hours of 00:01 to 23:59

Other T&Cs apply, please see our website for our full gamut of weasel words to avoid providing you with what you thought that you were buying...

2018 ain't done yet... Amazon sent Alexa recordings of man and girlfriend to stranger

Cynical Pie

Re: Future analysis anyone?

Wrong, defence of legal claims is an exemption under Schedule 2(1)(5) of the DPA 2018 in the UK and there will be similar ones in other EU nations.

Its what was S35 under the old DPA which implemented the old EU DP directive

Mine's the one with a copy of the GDPR and the DPA 2018 in the pockets

Cynical Pie


To be a pedantic Information Governance type breach reporting isn't mandatory under GDPR for all incidents, it is mandatory in certain circumstances based upon volume of data/persons, sensitivity of data and the risk of prejudice among other things.

A school teacher losing the list of pupils who attended a swimming lesson would be a breach but not reportable whereas a teacher losing the list of pupils on a three day residential trip which included health data (which is common due to allergies and the no of kids with other medical conditions attending mainstream school) would be a breach and it would be reportable.

Former headteacher fined £700 after dumping old pupil data on server at new school

Cynical Pie

The truth is this processing would have been inappropriate under the old DPA let alone GDPR.

The data was originally processed for the purposes of the children's education at their schools of which the parents were notified. Any new processing would be in breach as it wasn't specified at the outset and you couldn't even argue this new use would have been a 'reasonable expectation'.

That said you'd be astounded (actually this is El Reg so I expect many of you learned colleagues wouldn't be) at how many people I dealt with in my past life at the ICO that didn't consider it a reasonable expectation that if they didn't pay their loan/credit card/mortgage then the lender would share data with bailiffs to get their money back!!

The British Home Office was warned about its crappy data management – then Windrush happened

Cynical Pie

Not a cat in hells chance..

The UK was always going to be urinating into the prevailing breeze when it came to gaining adequacy post Brexit but this has put any hope of that safely to rest.

Still at least we have our Blue passports back and that extra £350m per week for the NHS... wait... what ... that isn't true?

Blighty: We spent £1bn on Galileo and all we got was this lousy T-shirt

Cynical Pie

Ahhhh but Blue Passports and all that...

Remember that lost memory stick from Heathrow Airport? The terrorist's wet dream? So does the ICO

Cynical Pie

Re: a national newspaper, which recorded the data

Certainly from a DP Perspective there is a specific exemption for journalism that would allow them to process the data but can't speak for the other categories of data

Civil rights group Liberty walks out on British cops' database consultation

Cynical Pie

A large scale governement ICT project...

What could possibly go wrong...

Laser-sharp research sees three top boffins win the Nobel Prize in physics

Cynical Pie

Didn't understand a damn word...

The techie stuff means bugger all to me but what I really want to know is how easy can these be attached to Sharks?

First it was hashtags – now Amber Rudd gives us Brits knowledge on national ID cards

Cynical Pie


I wonder which tech company is lobbying for this work and if they have Crudd on their books as a NED?

A fiver says Crapita has an involvement somewhere along the line!!

None too chuffed with your A levels? Hey, why not bludgeon the exam boards with GDPR?

Cynical Pie

Re: FOI...

@peter galbavy - the problem with your suggestion is very little of what we are asked to produce under FOI is 'expected'.

The majority is either people touting for business or people with specific local issues/grudges so I am not sure how we would be expected to routinely publish this without actually knowing what people want.

Ticketmaster breach 'part of massive bank card slurping campaign'

Cynical Pie

From my hazy memory of the CCA S75 only applies above a certain value - a couple of hundred quid I think - but with Ticketmaster surcharges most purchase should be covered anyway!!

Brit MPs chide UK.gov: You're acting like EU data adequacy prep is easy

Cynical Pie

Brexit = struggle for adequacy...

In other news water wet and sun a touch on the warm side...

Its not like us folks in the DP business haven't been saying this since before the bloody referendum!

That said those of use who do DP as a job are obviously experts so therefore we know nothing and are not to be trusted.

Still on the plus side at least it guarantees me a gig as people try to unpick the adequacy shit-storm!!

UK.gov told: Draw up code of practice for cops bulk-slurping car plates

Cynical Pie

Except it doesnt really

as there is specific provision in the DP Bill to bring law enforcement activities 'into the fold'.

As an aside just what we need, more clauses to a bill that already runs to 260+ pages.

Mines the one with the highlighter and post it tabs in the pocket

Info Commissioner tears into Google's 'call us journalists' trial defence

Cynical Pie

Mountain View we have a problem...

The problem being Google claim not be journalists when they are asked to monitor/control the output of fake news so they are playing both sides.

UK data watchdog's inaugural tech strategy was written with... *drumroll* Word 2010

Cynical Pie

Re: Really?

All money from MPNs (they aren't fines) goes to the Treasury Consolidated fund so it doesn't matter a jot to the ICO budget whether its collected or not as they don't see the money.

if they did I suspect you might see a more enthusiastic and rigorous enforcement structure.

Also bear in mind that the ICO now is far more aggressive than it was in the early 2000s when I was there which is a story in itself!!

RIP... almost: Brit high street gadget shack Maplin Electronics

Cynical Pie

Re: Well at least

With Amazon though their delivery estimates usually add a day or two.

You pre-order albums and they often arrive before the release date. Similarly even when ordering some cheap tat for the kid that's coming from China its the exception that arrives on or after the estimated delivery date. If anything it usually arrives well before.

I suspect its an element of excellent stock control (for Amazon held stuff), tight delivery requirements for partners and the odd little white lie built into the software - we will tell them 5 days when we actually reckon it'll only take 3

UK data controllers to pay ICO up to £2.4k more a year when GDPR kicks in

Cynical Pie


So my local authority will be paying in the region of £6000 (£2900 plus 75 x £40 for elected members)

Cynical Pie

That's because a) they don't get fine income and b) its not their job to collect it. Income from MPNs go to the Treasury.

This is in comparison to the notification income that actually keeps the DP side of the ICO operating which is collected directly and which they are quite efficient at collecting.

Stop calling, stop calling... ICO goes gaga after home improvement biz ignores warnings

Cynical Pie

Re: Why would the show up for just £400

Not strictly true, fines are capped at €20m or 4% of turnover, whichever is greater.

As this is a private company they could use the % and so in theory fine them way north of €20m if their turnover allowed it.

Its also worth noting that while the ICO currently has the power to issue MPNs (not fines) up to £500k at present the fine here was imposed by the courts and beyond the ICO's control.

EU bods up GDPR ante: Threatens legislative laggards with ‘infringement procedure’

Cynical Pie

No arguably about it, your processing is illegal if you don't comply with the law and are processing the data of EU Citizens plus the new DP Bill currently going through parliament will implement the Regulation in full so the same principles will apply for the processing of UK only personal data.

What's GDPR? Survey suggests smaller firms living under rocks as EU privacy regs loom

Cynical Pie

Re: Reminds me of PCI Compliance

Spoken like someone who clearly a) hasn't bothered to look at the Regulation or the DP Bill currently passing through parliament and b) hasn't bothered to look for the wealth of advice from the ICO and other European DP regulators.

Had you bothered you would know GDPR is quite prescriptive in its requirements unlike the old DP Directive.

That said nothing UK wise is definitive until the DP Bill gets Royal assent in March/April

Biting the hand that feeds IT © 1998–2019