Face Off

In the first Parliamentary debate on police use of live facial recognition technology, significant concerns were raised in relation to the latitude afforded to chief officers in deploying the biometric artificial intelligence (AI) tool. Handley Gill’s specialist consultants, whose advice on the deployment of LFR was acknowledged during the debate, consider the implications of the new Labour government’s proposals to revisit the legislative and regulatory framework governing the deployment of live facial recognition by law enforcement.

Now you see me...

As police forces are encouraged by the government to expand their use of live facial recognition technologies, with the Prime Minister announcing additional funding, Handley Gill Limited’s specialist consultants consider the legal issues that arise and the actions that Chief Constables and forces must take prior to deploying or even procuring LFR for law enforcement purposes.

Nicola Cain15 April 2024Data Protection, Personal Data, Part 3 DPA 2018, Part 3 Data Protection Act 2018, Law Enforcement, Law Enforcement Processing, Police, Policing, Biometric data, Biometric Processing, Sensitive Processing, Human Rights, DATA PROTECTION ACT 2018, Human Rights Act 1998, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, Article 14 ECHR, Article 14 European Convention on Human Rights, Facial Recognition, Live Facial Recognition, LFR, Public Sector Equality Duty, PSED, Discrimination, Bias, Surveillance, Surveillance Camera Commissioner, Biometrics Commissioner, Data protection impact assessment, DPIA, Appropriate Policy Document, Equality Impact Assessment, Community Impact Assessment, Human Rights Impact Assessment, Cyber Security Risk Assessment, Integrated Impact Assessment, Model Card, Algorithmic Impact Assessment, Algorithmic Transparency Report, Algorithmic Transparency, Data Processing Agreement, Data Sharing Agreement, Joint Controller Agreement, Privacy Policy, Privacy Notice, House of Lords Justice & Home Affairs CommitteeComment

Commended

Team at Handley Gill Limited receive an award commending the legal services provide to its client, the City of London Corporation acting in its capacity as police authority for the City of London Police in connection with the National Police Chiefs’ Council’s (NPCC’s) National Cybercrime Programme, which the City hosts.

Non-sequitur

Handley Gill’s specialist data protection consultants consider the conclusions and implications of the College of Policing’s review of Lancashire Constabulary’s handling of the investigation into the disappearance of Nicola Bulley for the processing of personal data for law enforcement purposes by police forces and other competent authorities under Part 3 Data Protection Act 2018.

PSNI Blues

Reflecting on the reprimand issued by the Information Commissioner against the Police Service of Northern Ireland (PSNI) for unlawfully transferring personal data processed for the law enforcement purposes under Part 3 Data Protection Act 2018 to the USA, Handley Gill’s consultants identify the elements of a compliance programme that would mitigate against such incidents and have produced a downloadable pdf illustrating each lawful basis for transferring personal data processed under Part 3 DPA 2018 overseas.

What's missing from the Computer Misuse Act 1990?

Handley Gill Limited’s consultants respond to the Home Office consultation on proposals to revise the Computer Misuse Act 1990 to introduce additional powers for law enforcement bodies to takedown and seize domains and IP addresses and, require the preservation of data, as well as to introduce new offences and stronger sentencing for the copying of data. We also call for stronger cyber resilience legislation, through the introduction of minimum cyber security standards, while rejecting lobbying efforts for a blanket public interest defence to CMA offences. Finally, we advocate for stronger extra-territoriality of CMA offences and stronger sentencing powers and associated guidance.

Nicola Cain10 April 2023Cyber Security, Cyber Resilience, Computer Misuse Act 1990, CMA, CMA 1990, Law Enforcement, Domain name registrars, Domain name registries, Internet Service Providers, ISPs, Hosting providers, Web hosts, Consultation, Consultation Response, Public Interest, Public Interest Defence, CyberUp campaign, Sir Patrick Vallance, Chief Scientific Adviser, HM Treasury, Home Office, Pro-Innovation Regulation for Digital Technologies Review, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, Domain name takedown and seizure, IP address take down and seizure, Online intermediaries, Domain name and IP address takedown and seizure, Data preservation, Data copying, Crown Prosecution Service, CPS, Product Security and Telecommunications Infrastructure Act 2002, Hacking, Proposal for legislation to improve the UK's cyber resilience, DSIT, Department for Science Technology & Innovation, Copyright, Copyright Designs and Patents Act 1988, CDPA 1988, s107 Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, Section 170(1)(a) Data Protection Act 2018, Personal Data, Commercial Data, s170(1)(a) Data Protection Act 2018, Information Commissioner, Information Commissioner's Office, ICO, Data Breach, Data Protection, Data Protection Offences, Intellectual Property, Intellectual Property OffencesComment

In the Firing Line?

ICO25, the Information Commissioner’s new draft strategic plan for the period 2022-25, currently open for consultation, identifies 15 industry sectors and data processing activities proposed to be the intended focus of the Commissioner’s investigations and enforcement activity in relation to data protection and the processing of personal data under the UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications Regulations (PECR), including recruitment, banking and finance, biometrics, the care sector, gambling, CCTV, law enforcement, health, AI and algorithms.

Who's Under Investigation?

The Information Commissioner recently published an opinion, 'Who’s Under Investigation? The processing of victims’ personal data in rape and serious sexual offence investigations', which calls on the police, CPS and other prosecution agencies to overhaul their approach to the obtaining and retention of victim personal data.

Nicola Cain13 June 2022Data Protection, Personal Data, Data Protection Act 2018, Part 3 Data Protection Act 2018, Law enforcement processing, Information Commissioner, Police, Training, Consent, Lawful Basis for Processing, Criminal Justice System, Victims, Witnesses, Law EnforcementComment

Exclusive: Information Commissioner’s Office kisses source protection goodbye

Exclusive: Information Commissioner’s Office breached obligations when targeting journalists’ sources by conducting raids over Hancock snog CCTV footage

Too Many Phish in the Sea!

DCMS has recently published its Cyber Security Breaches Survey 2022, based on data gathered by IPSOS MORI over winter 2021/22, which reveals that businesses and charities continue to be under prepared to respond to inevitable cyber security incidents and data breaches.

In this post, we highlight some of the key findings of the survey and identify advice, guidance and free solutions to common cyber resilience shortcomings.

Protective MeasuresNicola Cain17 April 2022Handley Gill Limited#CyberSecurity, #DataBreach, #CyberAttack, #Phishing, #Ransomware, #GDPR, #UKGDPR, #DPA2018, #DCMS, #CyberSecurityBreachesSurvey, #CyberSecurityBreachesSurvey2022, #DataBreachStatistics, #Malware, #CyberResilience, #CyberInsurance, #IncidentResponse, #CyberSecurityIncident, #DataBreachResponse, #SMEs, #Charities, #Business, #Charity, #Retail, #Education, #NCSC, #PoliceCyberAlarm, #NPCC, #LawEnforcement, #ActionFraud, #Police, #Sanctions, #SupplyChainRisk, #ThirdPartyRisk, #Training, #Logging, #TechnicalAndOrganisationalMeasures, #Penalties, #Article28, #Article32, #DataProtection, #Compliance, #SupplyChainSecurity, #CyberSecurityStrategy, #IncidentResponsePlan, #Trustees, #BusinessContinuity, #DisasterRecovery, #DataBreachReporting, #CyberCover, #IncidentReporting, #CSuite, Cyber Security, DCMS, Ransomware, Data Breach, Supply Chain Risk, Directors, Law Enforcement, Police, NCSC, National Cyber Security Centre, Cyber Attack, GDPR, UK GDPR, General Data Protection Regulation, DPA 2018, Data Protection Act 2018, Department for Culture, Cyber Security Breaches Survey, Cyber Security Breaches Survey 2022, Data Breach Statistics, Malware, Cyber Resilience, Cyber Insurance, Incident Response, Cyber Security Incident, Data Breach Response, SMEs, Micro Businesses, Charities, Start Ups, Retail, Education, Police CyberAlarm, NPCC, National Police Chiefs' Council, Action Fraud, Information Security, Cyber Crime, Sanctions, Third Party Risk, Training, Logging, Technical & Organisational Measures, Protective Measures, Costs, Fines, Administrative fine, Penalties, Monetary penalty, Data Protection, Article 28 GDPR, Article 32 GDPR, Article 28 UK GDPR, Article 32 UK GDPR, Compliance, Cyber Griffin, Cyber Essentials, Supply Chain Security, Cyber Security Strategy, Incident Response Plan, Breach Response Plan, Data breach costs, Trustees, Business Continuity, Disaster Recovery, Data Breach Reporting, Cyber Insurance Cover, Incident Reporting, C Suite, Data Controller, Data ProcessorComment

Deep Impact on Data Protection Impact Assessments

Data controllers should revisit their Data Protection Impact Assessments (DPIAs).

DPIAsNicola Cain15 November 2020Data protection, Data protection impact assessment, GDPR, Article 35, Law enforcement processing, High risk processing, Data controller, Criminal conviction & offence data, Data Protection Act 2018, Section 64, Biometric data, Systematic public monitoring, Law Enforcement, Law Enforcement Processing, DPIA, Part 3 Data Protection Act 2018