ICO Leads Joint Probe of Union Data Breach
The ICO and its counterparts in Jersey, Guernsey and the Isle of Man are jointly probing a cyber incident that compromised data of the trade union Prospect Custodian Trustees in June, they said Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Prospect has more than 160,000 members who work as scientists, tech experts, engineers and other specialists, the DPAs said. The organization holds members' personal information, including financial and sensitive data such as ethnic origin and sexual orientation.
The investigation will examine the scope of the personal data that was exposed and potential harms to affected people, the watchdogs said. It will also determine whether the union had adequate technical and organizational measures in place to safeguard the sensitive information it holds and whether it complied with breach notification obligations.
In addition, the investigation will examine whether Prospect took appropriate steps in its initial response to the breach to mitigate any identified risks to data subjects.
The regulators said the joint probe shows their commitment to cooperate to protect people's data rights across jurisdictions. Each DPA will investigate compliance with the law it oversees.
Data protection legislation allows the authorities of the U.K., Guernsey, Jersey and Isle of Man to collaborate on matters of impact across the jurisdictions, the watchdogs noted.