Latest news with #InformationCommissioner
Yahoo
15 hours ago
- Politics
- Yahoo
Freedom of Information delays concern regulator
The office which manages Freedom of Information (FOI) requests to Jersey's public bodies said it had observed "delays, excessive redactions and concerns over misuse of exemptions". Information Commissioner Paul Vane said: "While many public bodies have made significant strides in responding efficiently and proactively publishing information, challenges remain." An FOI is a formal request for information made to a public authority. There were 1,292 received by the Jersey office in 2024, up from1,046 in 2023, said its annual report. There were also 12 appeals, which was described in the report as an "unprecedented" number. More news stories for Jersey Listen to the latest news for Jersey The office said there were usually an average of "one or two" appeals a year. It would be reviewing whether this was due to "excessive redactions" and "misuse of exemptions", it added. Mr Vane said: "We have observed instances of delays, excessive redactions, and concerns over misuse of exemptions "We are liaising with the Government of Jersey's Central Information Governance Office to understand more about such delays and how, as the regulator, our office could support." The BBC has contacted the government for comment. Follow BBC Jersey on X and Facebook. Send your story ideas to Organisations urged to get data protection right Government of Jersey
BBC News
16 hours ago
- Politics
- BBC News
Freedom of Information delays concern Jersey regulator
The office which manages Freedom of Information (FOI) requests to Jersey's public bodies said it had observed "delays, excessive redactions and concerns over misuse of exemptions".Information Commissioner Paul Vane said: "While many public bodies have made significant strides in responding efficiently and proactively publishing information, challenges remain."An FOI is a formal request for information made to a public authority. There were 1,292 received by the Jersey office in 2024, up from1,046 in 2023, said its annual were also 12 appeals, which was described in the report as an "unprecedented" number. The office said there were usually an average of "one or two" appeals a would be reviewing whether this was due to "excessive redactions" and "misuse of exemptions", it added. Mr Vane said: "We have observed instances of delays, excessive redactions, and concerns over misuse of exemptions"We are liaising with the Government of Jersey's Central Information Governance Office to understand more about such delays and how, as the regulator, our office could support."The BBC has contacted the government for comment.
The Guardian
23-05-2025
- Business
- The Guardian
Marks & Spencer's IT contractor investigating potential systems breach, report claims
An Indian company which operates Marks & Spencer's IT helpdesk is reportedly investigating whether it was used by cybercriminals to gain access to systems at the retailer, which is battling a devastating hack. M&S said this week that 'threat actors' had gained access to the retailer's systems through one of its contractors – understood to be Tata Consulting Services (TCS). The clothing, food and homeware retailer confirmed the hackers used 'social engineering' techniques to attack them, such as posing as a staff member to fool a helpdesk into giving away passwords. TCS, which has worked with M&S for more than a decade, has been helping the retailer with its inquiries into the cyber-attack, which began over the Easter weekend. The retailer said the attack could cost it up to £300m in profit. The Mumbai-based group is now conducting an internal inquiry, expected to conclude this month, into whether its employees or systems were linked to the attack, according to the Financial Times. Discerning the exact route the hackers took could be important for M&S and TCS as the Information Commissioner's Office (ICO), the UK's data watchdog, will examine who might face a fine for any loss of customer and staff data as a result of the hack. The ICO can impose a fine of up to £17.5m, or 4%, of worldwide annual turnover, whichever is greater, and will take into account the nature and seriousness of a failure, how individuals have been affected, and whether other regulatory authorities are already taking action. British Airways faced a £20m fine from the ICO in 2018 after hackers diverted traffic to a fake website allowing them to access personal data while Tesco Bank was hit with a £16.4m fine after hackers stole customer card details. M&S has been battling to recover for a month. The attack forced M&S to stop orders via its website, while deliveries of food and fashion into stores and some deliveries to its online food partner, Ocado, have also been disrupted. M&S has admitted that some personal information relating to thousands of customers – including names, addresses, dates of birth and order histories – was taken. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion The TCS investigation comes as M&S's operations continue to be disrupted by the hack, with stock levels in stores affected. Its website is not expected to be fully functioning again until July. The attack, which has been attributed to the hacking collective Scattered Spider, emerged days before similar cyber-attacks were reported against the Co-op and Harrods. Staff at some of The Co-op's grocery stores are still struggling to keep shelves fully stocked this week. TCS was approached for comment.
The Guardian
21-05-2025
- Business
- The Guardian
The M&S cyber-attack is costly and embarrassing, but it should pull through
Shouldn't a robust IT system be able to withstand the odd 'human error', such as somebody at a third-party supplier being hoodwinked by devious cybercriminals? Isn't £300m at the expensive end for these events? And should it really take four-and-a-half weeks, and counting, for one of the UK's biggest and well-resourced retailers to restore its website to working order? The response of Marks & Spencer's chief executive, Stuart Machin, to such questions ran along these lines: the incident had nothing to do with underinvestment in IT; everyone is vulnerable; M&S was unlucky; the 'moment in time' will pass and everything will be back to normal by July at the latest. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion Too complacent? Marking his own homework? Well, before joining the chorus that says M&S should have been better prepared, one should probably say that assessing corporate responses to these cyber-attacks is impossible from the outside. M&S can't share the full details of what happened, just as nobody ever does. One suspects its reaction was better than most, but there isn't a league table to consult. We will have to wait to see what, if any, fine is dished out by the Information Commissioner's Office for breaches of customers' data. But Machin is probably on safe ground with his 'bump in the road' financial thesis. If the top-line hit of £300m can be whittled down to £150m-ish after the arm-wrestle with the insurers plus management of costs 'and other trading actions', one is looking at a number that, while large, is a long way from upsetting M&S's broader revival. This is a group that has just reported a 22% jump in underlying pre-tax profits to £876m, its best result in 17 years, and the balance sheet these days is a model of conservatism, showing year-end net cash of £438m ignoring lease liabilities. As long as the IT/cyber issues are contained and fixable, M&S can handle the financial blow. The website, which is where the crisis was concentrated (and still is), accounts for only a tenth of sales. Ensuring it comes back reliably, as opposed to prioritising absolute speed, sounds sensible. It is hard to know how customers will react, of course. Machin probably shouldn't place too much weight on the fact that many are telling him they're terribly supportive; the ones to worry about are the non-communicative sort. 'We are nervous that customers will have their long-term habits changed,' says Jonathan Pritchard at the broker Peel Hunt. It's a legitimate concern but, equally, it's entirely possible that customers take a sanguine view and carry on as before. Most of us, let's be honest, aren't making amateur IT appraisals when we shop. The show of corporate confidence – plus the forecast-beating pre-attack profit numbers – were enough to repair some of the damage to the share price. It rose 2.5% on Wednesday, meaning it's down a net 8% since the Easter cyber villainy. That reaction feels roughly right. This was a severe incident, it's embarrassing and it's not yet over. But if £150m is the ultimate one-off net cost to M&S – and, crucially, if there is no repetition – the roof has not fallen in.
CBC
09-05-2025
- Politics
- CBC
Investigation finds Alberta government broke its own freedom of information rules
Alberta's access to information watchdog has found the provincial government to be non-compliant with its own freedom of information rules. A new report from information and privacy commissioner Diane McLeod says Alberta's government has implemented internal procedures and policy that allow government employees to wrongfully deny freedom of information requests. It says the government has put unnecessary restrictions and limitations on requests in an attempt to make fulfilling them easier. But McLeod says the restrictions make the process unfair for those seeking information and violate the rules set out in legislation. McLeod's report follows a two-year investigation and says all 27 government departments were found to be at fault. The report recommends the government make a number of changes to its internal policies to stop refusing requests unnecessarily.
