Latest news with #DataProtectionAct
Yahoo
21-05-2025
- Business
- Yahoo
Cyberattack fallout: what's next for retail infrastructure?
Recent cyberattacks on major UK retailers and their supply chains have exposed significant vulnerabilities in the retail infrastructure, raising urgent questions about the future of cybersecurity in the sector. As digital systems become increasingly central to retail operations—from inventory management to customer data handling—the repercussions of these security breaches highlight the need for comprehensive change. This article explores the implications of recent cyber incidents and examines how retailers, regulators, and consumers can adapt to create a more resilient retail infrastructure. The retail industry has long been a prime target for cybercriminals, given its vast amounts of sensitive customer data and complex, interconnected supply networks. Recent attacks involving ransomware and data breaches have disrupted logistics and inventory flows, leading to operational delays and potential financial losses. Such events underline the fragile nature of current retail infrastructure and the reliance on digital platforms that may not be adequately protected. Cyberattacks on suppliers servicing large retailers such as Tesco, Aldi, and Lidl have shown that vulnerabilities extend beyond the retailers themselves to their broader ecosystem. These supply chain breaches can cascade through the system, impacting product availability and customer trust. The complexity of retail infrastructure—with multiple third-party providers and cloud services—means that a single weak point can jeopardise the entire chain. The rise of sophisticated cyber threats, including ransomware-as-a-service and advanced persistent threats, requires retailers to rethink their cybersecurity strategies. Protecting retail infrastructure now involves continuous threat monitoring, real-time incident response, and robust risk assessment across all operational layers. Failure to do so can lead to regulatory penalties, damaged brand reputation, and loss of consumer confidence. In response to the increasing frequency and severity of cyberattacks, regulatory bodies are intensifying their focus on retail cybersecurity standards. Governments and data protection authorities are implementing stricter guidelines to ensure retailers safeguard consumer data and maintain secure infrastructure. The UK's updated Data Protection Act and compliance with the EU's General Data Protection Regulation (GDPR) set high standards for data privacy and breach notification. Retailers are now required to conduct regular security audits and report cyber incidents promptly. Non-compliance can result in substantial fines and legal action, compelling retailers to prioritise cybersecurity investment. Regulators are also exploring new measures to address supply chain security, recognising that the weakest link often exists outside the retailer's direct control. Proposals include mandatory cybersecurity certifications for suppliers and increased transparency regarding third-party risk management. These steps aim to raise the overall security baseline for retail infrastructure, making it harder for cybercriminals to exploit systemic vulnerabilities. Moreover, regulatory emphasis on consumer protection is increasing. Consumers are becoming more aware of their data rights and demand greater transparency about how their information is stored and protected. Retailers must balance regulatory compliance with clear communication to maintain trust and loyalty. Technology plays a critical role in reinforcing retail infrastructure against cyber threats. The adoption of advanced cybersecurity tools is transforming how retailers defend themselves and respond to incidents. Artificial intelligence (AI) and machine learning are being employed to detect anomalies in network traffic and identify potential attacks before they cause damage. These technologies enable predictive threat analysis and faster containment of breaches. For retail infrastructure, integrating AI-driven security systems offers proactive defence mechanisms tailored to evolving cyber risks. Blockchain technology is also gaining attention for its potential to enhance supply chain security. By providing a transparent, immutable ledger of transactions, blockchain can verify the authenticity of goods and monitor every stage of the supply chain. This reduces the risk of tampering and fraud, reinforcing trust throughout retail operations. Cloud security improvements are essential as retailers increasingly migrate critical systems to cloud platforms. Implementing strong encryption, multi-factor authentication, and zero-trust architectures helps mitigate risks associated with remote access and shared infrastructure. #Regular penetration testing and continuous security training for staff further strengthen defence layers. Cyber resilience extends beyond prevention to recovery capabilities. Retailers are investing in comprehensive disaster recovery plans and backup systems to ensure rapid restoration of operations following an attack. This focus on resilience minimises downtime and protects revenue streams. The fallout from recent cyberattacks has made clear that the future of retail infrastructure depends on a coordinated approach involving enhanced security measures, regulatory compliance, and technological innovation. Retailers must address vulnerabilities across their entire ecosystem, from direct operations to supply chain partners, while meeting stricter legal requirements and responding to consumer expectations. Building a resilient retail infrastructure will require ongoing investment in cutting-edge cybersecurity tools, staff training, and transparent communication with consumers and regulators alike. The challenges are significant, but the opportunity to create a safer, more trustworthy retail environment is within reach. The lessons learned today will shape the retail landscape of tomorrow, ensuring that businesses remain competitive and customers' data stays secure in an increasingly digital world. "Cyberattack fallout: what's next for retail infrastructure?" was originally created and published by Retail Insight Network, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
BBC News
29-04-2025
- BBC News
Ex-Cambridgeshire police officer charged with assault
A former Cambridgeshire Police officer has been charged with assault after allegedly striking and injuring a man during an officer was charged with a series of offences following an investigation by the Independent Office for Police Conduct (IOPC), which stated the person could not be named for legal officer is due at Westminster Magistrates' Court on IOPC said a serving Cambridgeshire officer, Joshua Williams, 37, is also due before the same court charged with misconduct in a public office and perverting the course of justice. The IOPC said the unnamed former officer had been charged with assault occasioning actual bodily harm and perverting the course of related to an incident where the accused allegedly struck and injured a man during an arrest, as well as his actions following the IOPC said the officer had also been charged with two counts of misconduct in public counts related to the officer's actions following the detention of a 17-year-old in custody including allegedly making and sharing a threatening video, and a separate incident where the officer allegedly requested personal and sensitive material from a colleague who had obtained the material from the phone of a member of the public without a policing purpose, the watchdog officer is also charged with two counts under the Data Protection Act relating to allegedly sharing personal and sensitive material about two individuals to a member of the public. The IOPC said that allegations made against the serving officer, Mr Williams, related to him allegedly sharing personal and sensitive material obtained from the phone of a member of the public without a policing purpose and his actions following the alleged offences took place between January 2020 and February IOPC said its investigation began in October 2022 and was carried out by Bedfordshire, Cambridgeshire and Hertfordshire's professional standards department under its direction and March 2024, the IOPC passed a file of evidence to the Crown Prosecution Service, which authorised charges against both Police declined to comment about the allegations to the Press Association. Follow Cambridgeshire news on BBC Sounds, Facebook, Instagram and X.
Channel 4
23-04-2025
- Channel 4
Police apologise and drop threat to prosecute grieving mother
A UK police force has apologised and withdrawn a threat to prosecute a grieving mother unless she deletes a damning review of the investigation into her daughter's death. Caroline Charters was warned that she faced possible criminal prosecution unless she destroyed all copies of the official review into Gloucestershire Constabulary's actions following her daughter Danielle Charters-Christie's sudden death in February 2021. Gloucestershire Constabulary – which originally commissioned the review and directly handed it to Ms Charters last year – said it had since identified 'a serious data breach' and was compelled to act. The force deployed officers to Ms Charters' home in Greater Manchester and sent multiple emails to demand its deletion, raising the prospect of 'legal enforcement action' under the Data Protection Act. The threat to prosecute the mother-of-four sparked outcry, with author JK Rowling declaring that she would fund any legal defence. If they prosecute this bereaved mother, I stand ready to fund her defence. — J.K. Rowling (@jk_rowling) April 11, 2025 A government spokesperson issued a statement to remind police to 'treat bereaved families with compassion' and 'use their resources to pursue perpetrators'. Gloucestershire Constabulary has now dropped its threat to prosecute, telling Ms Charters in writing on Tuesday: 'Although you have declined to do so [delete the review] we have decided not to take this matter any further, at this time'. The force's assistant chief constable concluded the letter by saying: 'May I take this opportunity to apologise to you and your family for our oversight and the way our attempts to rectify it may have impacted you and your family'. Ms Charters told Channel 4 News that she believed the U-turn 'proved they were just trying to threaten and intimidate me into giving up'. She added: 'Never underestimate the lengths a mother will go to, to establish the truth. I will not be silenced. I will ensure the truth is known'. Gloucestershire Police has been approached for further comment. 'Never underestimate the lengths a mother will go to, to establish the truth. I will not be silenced. I will ensure the truth is known'. – Caroline Charters Channel 4 News reported the contents of the Victim's Right to Review last October, with serious questions raised about the quality of the investigation into Ms Charters-Christie's sudden death. The death was ruled as a suicide within 55 minutes of police arriving, with the review exposing a failure to forensically examine Ms Charters-Christie's body for signs of trauma nor the scene where she was found dead by her former partner. A decision to grant permission to the father of her former partner to transfer her body to a morgue, in his capacity as an undertaker, was also highlighted. The review found that the caravan that lived in had been 'disposed of' by the time of her former partner's arrest on suspicion of her murder in April 2022. He was later released without charge, with police citing a lack of evidence and unrealistic prospect of conviction. The individual, who Channel 4 News is not naming, has never responded to repeated requests for comment in response to Ms Charters-Christie's death. 'No one should have to go through that' Ms Charters' grave concerns about the handling of her daughter's case prompted Gloucestershire Constabulary to order the external review, conducted by a separate police force in Wiltshire Police. The review – detailing a litany of shortcomings – was directly handed to Ms Charters in June 2024, with Gloucestershire Constabulary promising 'openness and transparency'. Gloucestershire Constabulary's Assistant Chief Constable Arman Mathieson told Channel 4 News last October that the review demonstrated that 'evidential opportunities had not been taken'. He added: 'Caroline has had to campaign and challenge the organisation quite extensively and no one should have to go through that'. In February, four months after Channel 4 News' original reporting of Danielle Charters-Christie's death, Caroline Charters received a text message from a senior police officer requesting a face-to-face meeting to 'discuss/share some new information'. Ms Charters' hopes that this may be a significant development in her daughter's case were quickly dispelled when she was handed a letter demanding that she destroy all electronic and physical copies of the review. The force later said it would replace the 74-page document with a six-page 'outcome letter'. The letter stripped out all the detailed findings listed in the original review. On 10 April, Channel 4 News published the threat to prosecute Caroline Charters, with the mother-of-four saying she was 'appalled' by police actions towards her and her family. Responding to the case, Harriet Wistrich, director of the Centre for Women's Justice, told LBC : 'A mother should not have to fear prosecution. She should be able to speak about her concerns freely about what happened to her daughter and police failures to investigate.' Domestic Abuse Commissioner Nicole Jacobs said: 'Bereaved families rely on the police to provide answers and justice when the unimaginable happens – any contact with the police must be met with empathy, humility and respect, every single time.' A Home Office spokesperson said: 'We expect to see police using their resources to pursue perpetrators and protect victims from harm.' In the letter confirming its decision not to pursue Ms Charters, Gloucestershire Constabulary maintained that it 'made a mistake' in sharing the unredacted Victim's Right to Review because of the availability of 'sensitive third-party data.' The force said the Information Commissioner's Office was continuing to investigate the 'data breach' and requested that Ms Charters not share the review 'further than your immediate family'. On the decision to send police officers to her home to demand its deletion, the force's assistant chief constable Arman Mathieson told Ms Charters: 'I felt this was providing you the best possible service and I'm sorry for any distress you felt upon our attendance'.
The Guardian
03-04-2025
- Business
- The Guardian
Floppy disks and vaccine cards: exhibition tells tale of privacy rights in UK
Forty years ago, it would take a four-drawer filing cabinet to store 10,000 documents. You would need 736 floppy disks to hold those same files; now it takes up no physical space at all to store 10,000 documents on the Cloud. But as data storage has evolved, so too has the whole information landscape, and with it the challenges of storing, transferring and appropriately using people's personal data. A new exhibition from the Information Commissioner's Office (ICO), which opened this week at Manchester Central Library, charts the evolution of data privacy through 40 items, each chosen to illustrate how access to information has evolved, or how data has been at the heart of some of the biggest news events of the past four decades. 'I think the wonderful thing about the exhibition is that the world that we occupy, like any specialty, is filled with jargon and technicalities,' the information commissioner, John Edwards, said. '[People] won't know what a data controller is, they don't know what a data processor is, they don't know what a data subject is, we have to use some of these specialist terms. What the exhibition shows is what we do is about people, and it's about real human impacts.' Artefacts in the exhibition, which is also available to view online, include everything from a Pokémon toy, a floppy disk, a Tesco Clubcard, a modem, a millennium bug pamphlet, a football shirt to a Covid vaccination card. Other exhibits highlight how the ICO has made changes in society; from ending the construction 'employment deny list', to being behind the introduction of public food hygiene ratings for restaurants. Edwards' favourite item? A pair of spiked lawn aerator shoes, which illustrate an early example of enforcement action, when in the 1980s, the company behind them was found to be making almost as much money from selling its customers' information as it was from selling shoes. 'They were fined quite significantly for their exploitative marketing techniques,' Edwards said. The 40th plinth in the exhibition remains empty, with members of the public asked to put forward their own ideas for objects that have shaped the data landscape. 'That's to reflect the notion that privacy is personal, subjective,' Edwards said. 'We each have our own expectations and experiences.' The ICO was founded 40 years ago, in a small office near Manchester, as the UK's data protection regulator, responsible for presiding over a new Data Protection Act. Now, the landscape that the regulator is tasked with overseeing has changed beyond all recognition. Today, people have 'tens of thousands of times' more personal data out in the world than they did when the role was created, Edwards said. 'You just move through the world today shedding data wherever you go,' Edwards said. He asks how the Guardian travelled to this interview (by bus). 'Did you tap on?' he asked, 'you created data there.' 'You used your cell phone on the way, so you're pinging off cell towers the whole way. Forty years ago, none of this was a thing. 'We've had this, kind of, data world sneak up on us, and most of that data, for most of those years, was an accidental byproduct. 'We've now got to a stage where all these companies are going, hang on a minute, we could make money out of that.' Every year, he said, 'hundreds of billions of data transactions' take place, and with 'infinite variety', the ICO is regulating everything from small local schools, GP surgeries and libraries to huge 'fiercely competitive' social media companies, which Edwards said often 'don't pause long enough to test the privacy implications of what they're doing'. 'The biggest challenge has been trying to keep up with the pace of change,' Edwards said. 'Companies innovate very quickly, we regulate and investigate very slowly.' 'I think part of the objective of an investigation is to put some lines in the sand for companies to say 'you can't do this,'' he added, 'but if it takes us three years to do that, then all the companies have moved on by the time we learn that lesson. So that's the biggest challenge, and that's something we've got to get better at.' And what will data and privacy look like in 40 more years? 'Look, I don't know where we're going to be four weeks from now,' Edwards said. 'The geopolitical situation is really kind of volatile at the moment,' he said. 'We've got an environment where US tech firms are pushing back on a lot of regulation that affects them, even when it's in a jurisdiction that they want to do business in, we haven't seen how that's going to play out.' 'Quantum computing has potential to change everything,' he added, 'Agentic AI is the next AI coming down the pipeline.' 'It's going to be really fascinating even the next 12 months,' he said, 'let alone the next 40 years.'
Yahoo
13-03-2025
- Politics
- Yahoo
Privacy concerns over CCTV in female toilets
There are calls for a Derbyshire council to carry out a review of a CCTV camera in a female public toilet facility after the BBC found the inside of a cubicle is partially visible. Concerns were raised by local residents on social media about the public toilets in Ashbourne after women complained the cameras made them feel "violated". While no laws prohibit the use of CCTV in public toilets, guidance from the Information Commissioner's Office (ICO) says their use must be in line with the Data Protection Act. Derbyshire Dales District Council says data protection laws can only be breached where an individual is identifiable and "no one's privacy is compromised". The official guidance recommends use must be "proportionate", "limited" and with consideration given for potential voyeurism. The district council says the cameras were placed there in 2022 in response to vandalism concerns. It is understood there are currently three officers with access to the CCTV system, and a log is kept on who has accessed the footage and when. Recordings are kept for 31 days, in line with the ICO guidance. An email distributed to councillors seen by the BBC states that the cameras only cover "communal areas". However, the BBC found part of the inside of the front cubicle of the facility is visible on the CCTV. Footage of a reporter visit requested via a Data Subject Access Request showed visibility in the cubicle from the waist upwards. Susan Hobson, leader of the Conservative group at Derbyshire Dales District Council, said the footage "certainly does raise some concerns". "I feel very uncomfortable as a woman that my personal space could be violated by CCTV in public toilets, and I'm sure most other females would feel the same," she said. "I would welcome an independent review by Derbyshire Dales District ensure any safety measures respect personal boundaries. "You can actually see in the toilet door. I think that makes me feel a bit uncomfortable. "Let's just look at this in an objective way without being dramatic, just get to the bottom of it so everybody is reassured." A spokesperson for Derbyshire Dales District Council said: "No-one's privacy is compromised by the CCTV cameras, which were originally sited at the Ashbourne public loos on police advice to combat an increasing amount of vandalism. "The good news is that there has been a marked reduction in damage at that site. "We welcome Councillor Hobson sharing her specific concerns with us, but would point out that all of our CCTV cameras are already independently audited as a matter of course. The next audit happens in May." An ICO spokesperson said: "It's unlikely anybody would expect this use of CCTV in public toilet cubicles, where people have a much greater expectation of privacy. "Our guidance is clear that CCTV can be intrusive if not used fairly or proportionately. "It is only in exceptional circumstances that CCTV should be installed anywhere in toilets and organisations must be able to justify that its use in private areas is absolutely necessary." Follow BBC Derby on Facebook, on X, or on Instagram. Send your story ideas to eastmidsnews@ or via WhatsApp on 0808 100 2210. C CTV brought in to tackle toilet vandals Derbyshire Dales District Council
