Information Commissioner hates lawyers?

We think the Information Commissioner has been reading too much Shakespeare, particularly Henry VI (Part 2).  One of the most cited quotes from the play is, of course:

“The first thing we do, let’s kill all the lawyers”. – (Act IV, Scene II).

Why do we say this?  Look at the ICO press releases for this year.   From these press releases, which industry sector would you consider to be the most in breach of the Data Protection Act 1998?  You’d have to say law firms, given that four of them have been prosecuted as against only one other company, The Consulting Association.  Is this right, given that at the moment public authorities seems to be doing a spectacular job of losing personal data on almost a daily basis?

It’s a Friday before a Bank Holiday.   Most lawyers in UK law firms will be looking forward to a rest after a busy week (traditionally law firms’ financial year end is 30 April).  So perhaps this post should be in the cateogry “tired and emotional”!

Enjoy the weekend.  Even the weather forecast is quite good!

Binding Corporate Rules

A press release from the Information Commissioner today is a good reminder that there is another way of dealing with data transfers into and out of the European Economic Area but within multi-national organisations – using binding corporate rules (BCRs).

We note that the UK Information Commissioner’s Office (ICO) is getting a good track record of being the coordinating data protection authority of choice for organisations wishes to get their corporate rules authorised.  However, BCRs are still not exactly popular.  The ICO as so far only approved 4 BCRs:

15 December 2005: General Electric Company (employee data)
2 April 2007: Koninklijke Philips Electronics NV (employee data)
22 April 2009: Atmel Corporation (employee data)
30 April 2009: Accenture Limited (employee and client)

Maybe multi-national prefer dealing with a whole stack of export of data agreements?!