Latest news with #InformationCommissioner'sOffice
The Herald Scotland
4 days ago
- The Herald Scotland
Parents slam council over new phone policy for schools
As part of work to develop a new policy around smartphones in schools, officials at East Dunbartonshire Council opened online surveys for teachers, parents, secondary school students and upper-primary school pupils. Each survey, which did not collect names but did record information on the schools that young people attend, ran for around two weeks, with the council receiving a total of more than 11,000 responses across the four different groups. In order to process the survey data 'efficiently and consistently', council officers made use of several AI tools to process the contents of open text boxes in which respondents were invited to add 'any additional information' that they wished to be considered as part of the review. This material, including that produced by young children, was input to ChatGPT, Gemini AI and Microsoft Copilot, which were used to 'assist in reviewing and summarising the anonymous comments.' Officials say that this generated a 'breakdown of key messages' that were then provided to the project working group, but when asked to share the summary of survey responses claimed that this 'is not available as yet.' Asked to explain how the output of AI platforms was checked for accuracy, the council stated that cross-validation, human oversight, triangulation and bias-monitoring processes were all applied, with reviews by officials ensuring 'fidelity' to the more than 11,000 responses that were received. Officials stated that these 'safeguards' would ensure that 'the final summaries accurately reflect the breadth and nuance of stakeholder views gathered during the consultation.' However, those taking part in the survey were not informed that their information would be processed using AI platforms. The Information Commissioner's Office, which regulates areas such as data protection across the whole of the UK, told The Herald that they would expect organisations including local authorities to be "transparent' about how data is being processed, including advising of the purpose of AI tools that are to be used and explaining what the council intends to do with the outputs that are generated. The council has told The Herald that the surveys closed on 13 or 14 May, that work on a new policy began on 19 May, and that a full draft policy had been produced and submitted to the legal department by 27 May – the same day on which the council had been approached about the issue. However, material seen by The Herald shows officials advising parents that the policy had been written and submitted to the legal department by 20 May, just one day after the council claims to have begun drafting the document. An explanation has been requested from the council. READ MORE A comparison of the surveys issued to each group also confirms that a key question about was not included in the parents version of the survey, although it was present in the versions that were issued to teachers and pupils. Parents were asked the extent to which they support either a ban on phone use during lessons, or a ban on use during lessons unless their use is approved by a teacher. However, the other versions of the survey also asked explicitly whether respondents support a ban on the use of phones during the whole school day. The omission has provoked an angry response from some parents. As a result of these and other concerns, formal complaints have now been submitted to East Dunbartonshire Council alleging that the 'flawed survey information and structure' is not fit for purpose, and that the views of parents have not been fully explored or fairly represented. Commenting on behalf of the local Smartphone Free Childhood campaign group, one parent raised significant concerns about the council's approach: 'The fact that parents were the only group not asked about a full ban shocked us. But we were assured that the free text answers we gave would be properly looked at and considered. 'As a result, many parents left long, detailed and personal stories in response to this survey question. 'They shared heart-breaking stories of kids losing sleep at night after seeing things they shouldn't have. Other stories included girls and teachers being filmed without their consent - and kids being afraid to report the extent of what they're seeing in school because of peer pressure. 'There were long, careful responses outlining their concerns - where has this all gone? 'We have been told that an AI tool was used to summarise all this into five 'top-line' policy considerations. We're not sure if the rest was looked at? 'Not only is it not good enough - it's a betrayal of parents who have trusted the council to listen to their concerns. 'It's also not clear how they've shared and processed these highly personal responses from parents, children and teachers - some containing identifiable details, to an unknown 'AI platform' without our consent. We don't know who can access the data.' The Herald contacted East Dunbartonshire Council asking whether the information in the open text boxes was checked for personal or identifying details before being submitted to AI systems. Officials were also asked to provide a copy of the council's current policy on AI use. The response received from the council did not engage with these queries. We also asked why the council had given two different dates in response to questions about when its new draft policy was completed, and whether the council has provided false information as a consequence. A spokesperson insisted that "the draft policy was formally submitted to Legal on 27 May for consideration" and asked to be provided with evidence suggesting otherwise so that they could investigate. Finally, the council was asked to explain why the surveys for pupils and teachers included an explicit question about full bans on smartphones during the school day. Their spokesperson said: "The pupil survey included a specific question on full day bans to gather targeted data from young people. The working group which consisted of Head Teachers, Depute Head Teachers, Quality Improvement Officers and an EIS representative, felt that the young people may be less likely to leave an additional comment in the open text box and so wanted to explicitly ask this question. Parents were intentionally given an open text box to avoid steering responses and to allow respondents to freely express their views. The open text box was used by parents to express their view on a full day ban which many did."
Time Business News
26-05-2025
- Business
- Time Business News
Employee Privacy Rights When Working Remotely
Remember the good old days when work meant a cubicle and awkward water cooler conversations? Yeah, those days are gone, mostly. With remote work becoming common for people worldwide, the home has become the new office. But here's a question that's probably crossed your mind. How much privacy do you have when you're working remotely? If you're churning through your to-do list at your kitchen table, it might feel like you're in your world. But the digital trail you leave behind tells a different story, and your employer might be watching. Let's break it all down. When you work remotely, your computer, emails, keystrokes, and webcam can become surveillance tools. Employers have legitimate reasons for monitoring. Think productivity tracking, data security, and ensuring company assets are being used appropriately. But this doesn't mean they have a blank check to spy on you. Employee monitoring must walk a tightrope between protecting company interests and respecting employee rights. This is where employee privacy rights come into play. Your right to privacy isn't magically erased just because you're not in the office. But it's also not absolute. Here's the balancing act. Employers can usually monitor work-related activities, but they must inform you. It may come in the form of a workplace monitoring policy. If you're unaware your screen activity is being logged or your webcam might randomly flicker to life, that's a red flag. Personal vs. Professional Boundaries If you're using company equipment, assume it's being monitored. But if you're using your personal device outside work hours? That's off-limits. Employers stepping into this space can open themselves to legal challenges and damage employee trust. Data Collection Must Be Proportionate Just because an employer can collect specific data doesn't mean they should. The principle of proportionality necessitates surveillance to be necessary and not excessive. Legal protections vary across countries, but many principles hold strong internationally. For example, in the UK, the Employment Practices Code by the Information Commissioner's Office provides clear guidance on how employers should handle employee monitoring. It emphasizes necessity and transparency. It's more of a patchwork in the US, with varying state laws. Some states, like California, provide more robust protections, requiring explicit consent for monitoring. Others are a bit more lenient, so always know your local rules. The bottom line? Wherever you are, some level of employee privacy is protected, but it pays to know the details. Employee monitoring isn't always about catching you bingeing Netflix during work hours. Sometimes, the employees get the short end of the stick. Wage and time theft is a real issue in the remote work era. This happens when employees are pressured to work off the clock, answer late-night emails, or underreport hours without getting paid for that time. Ironically, some employers install surveillance software for productivity but use it to squeeze more unpaid work out of employees. Working remotely has transformed how we think about work-life balance. However, it's also blurred the lines between professional and personal space. Knowing your employees' privacy rights is essential. Monitoring doesn't mean mistrust, and oversight doesn't have to feel oppressive. TIME BUSINESS NEWS
Business Mayor
22-05-2025
- Business
- Business Mayor
The cyber-attack is costly and embarrassing. But M&S should pull through
S houldn't a robust IT system be able to withstand the odd 'human error', such as somebody at a third-party supplier being hoodwinked by devious cybercriminals? Isn't £300m at the expensive end for these events? And should it really take four-and-a-half weeks, and counting, for one of the UK's biggest and well-resourced retailers to restore its website to working order? The response of Marks & Spencer's chief executive, Stuart Machin, to such questions ran along these lines: the incident had nothing to do with underinvestment in IT; everyone is vulnerable; M&S was unlucky; the 'moment in time' will pass and everything will be back to normal by July at the latest. Stuart Machin, the CEO of M&S, should be on safe ground with his 'bump in the road' financial thesis. Photograph: M&S Too complacent? Marking his own homework? Well, before joining the chorus that says M&S should have been better prepared, one should probably say that assessing corporate responses to these cyber-attacks is impossible from the outside. M&S can't share the full details of what happened, just as nobody ever does. One suspects its reaction was better than most, but there isn't a league table to consult. We will have to wait to see what, if any, fine is dished out by the Information Commissioner's Office for breaches of customers' data. But Machin is probably on safe ground with his 'bump in the road' financial thesis. If the top-line hit of £300m can be whittled down to £150m-ish after the arm-wrestle with the insurers plus management of costs 'and other trading actions', one is looking at a number that, while large, is a long way from upsetting M&S's broader revival. This is a group that has just reported a 22% jump in underlying pre-tax profits to £876m, its best result in 17 years, and the balance sheet these days is a model of conservatism, showing year-end net cash of £438m ignoring lease liabilities. As long as the IT/cyber issues are contained and fixable, M&S can handle the financial blow. The website, which is where the crisis was concentrated (and still is), accounts for only a tenth of sales. Ensuring it comes back reliably, as opposed to prioritising absolute speed, sounds sensible. It is hard to know how customers will react, of course. Machin probably shouldn't place too much weight on the fact that many are telling him they're terribly supportive; the ones to worry about are the non-communicative sort. 'We are nervous that customers will have their long-term habits changed,' says Jonathan Pritchard at the broker Peel Hunt. It's a legitimate concern but, equally, it's entirely possible that customers take a sanguine view and carry on as before. Most of us, let's be honest, aren't making amateur IT appraisals when we shop. The show of corporate confidence – plus the forecast-beating pre-attack profit numbers – were enough to repair some of the damage to the share price. It rose by 2.5% on Wednesday, meaning it's down a net 8% since the Easter cyber villainy. That reaction feels roughly right. This was a severe incident, it's embarrassing and it's not yet over. But if £150m is the ultimate one-off net cost to M&S – and, crucially, if there is no repetition – the roof has not fallen in.
Powys County Times
20-05-2025
- Business
- Powys County Times
Post Office to compensate hundreds of data breach victims
Hundreds of former subpostmasters are to be compensated by the Post Office after it accidentally leaked their names and addresses online last year. The Post Office confirmed it has agreed to pay individuals either £5,000 or £3,500, depending on whether they were living at the address leaked at the time, while higher claims may be pursued in 'special cases'. The data breach was revealed last June when it emerged the personal details of 555 victims of the Horizon IT scandal had been published on the Post Office's website. The Information Commissioner's Office (ICO) has launched an investigation. A Post Office spokesman said: 'We have written to all named individuals either directly or via their solicitors. 'If there are any individuals whose name was impacted by last year's breach, but who have not received information about the payment for some reason, they can contact us or ask their solicitors if they have legal representation. 'In the meantime we remain in full co-operation with the ICO's investigation, which was opened following our initial self-referral when the breach was discovered.' The law firm acting for the subpostmasters, Freeths, said it has been told most of those affected will receive a 'significant interim compensation payment', and confirmed that 348 of its clients have already received an interim settlement. Will Richmond-Coggan, the lawyer at Freeths leading the claim, said: 'We welcome the progress we have made with this case but there is still a long way to go to recognise the devastating impact of this breach for those affected. 'My team will continue to use our considerable expertise in matters like these to secure a final resolution to this situation which reflects the severity of the impact on our clients.'
Yahoo
20-05-2025
- Business
- Yahoo
Post Office to compensate hundreds of data breach victims
Hundreds of former subpostmasters are to be compensated by the Post Office after it accidentally leaked their names and addresses online last year. The Post Office confirmed it has agreed to pay individuals either £5,000 or £3,500, depending on whether they were living at the address leaked at the time, while higher claims may be pursued in 'special cases'. The data breach was revealed last June when it emerged the personal details of 555 victims of the Horizon IT scandal had been published on the Post Office's website. The Information Commissioner's Office (ICO) has launched an investigation. A Post Office spokesman said: 'We have written to all named individuals either directly or via their solicitors. 'If there are any individuals whose name was impacted by last year's breach, but who have not received information about the payment for some reason, they can contact us or ask their solicitors if they have legal representation. 'In the meantime we remain in full co-operation with the ICO's investigation, which was opened following our initial self-referral when the breach was discovered.' The law firm acting for the subpostmasters, Freeths, said it has been told most of those affected will receive a 'significant interim compensation payment', and confirmed that 348 of its clients have already received an interim settlement. Will Richmond-Coggan, the lawyer at Freeths leading the claim, said: 'We welcome the progress we have made with this case but there is still a long way to go to recognise the devastating impact of this breach for those affected. 'My team will continue to use our considerable expertise in matters like these to secure a final resolution to this situation which reflects the severity of the impact on our clients.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
