The biggest changes in Data Protection may come with former IFAs leaving with data that belongs to their network of IFA sponsor firm.  Firms that leave networks are being asked to destroy data, and as an appointed representative, the network owns the data, not the AR (more on this next week.)

• The University of Greenwich was fined £120,000 following a serious security breach involving the personal data of nearly 20,000 people, including staff, students and alumni, some of which was sensitive data.
• Two West Yorkshire firms were fined a total of £400,000 for nuisance calls to subscribers of the Telephone Preference Service (TPS).
• Two Stockport firms were fined for nuisance marketing. The first had made more than 69,000 calls to people registered with the TPS and was issued with an enforcement notice ordering it to stop illegal marketing; the second had sent more than 260,000 spam texts.
• Royal Mail was fined £12,000 for sending more than 300,000 emails to people who had already opted out of receiving direct marketing.
• The Crown Prosecution Service was fined £325,000 after it lost unencrypted DVDs containing recordings of police interviews with child abuse victims. It was previously fined £200,000 for a separate breach in November 2015.
• Humberside Police was fined £130,000 after unencrypted disks containing the interview of an alleged rape victim, and accompanying paperwork, went missing.
• A former hospital employee was prosecuted after she accessed patient records without authorisation.
• Kensington and Chelsea Council was fined £120,000 after it unlawfully identified 943 owners of vacant properties in response to Freedom of Information Act requests by journalists.
• A former recruitment consultant was fined for stealing personal data from his employer when he left to set up a rival company.