What a Year! 2021 Review

MicrosoftTeams-image (8)

As we come to the end of another year, the Act Now team would like to thank all our delegates for their continued support and our associates for their hard work. It has been a challenging year but we have all taken the opportunity to learn and grow. 

Much happened in 2021 in the privacy arena. We had the first GDPR fine Issued to a charity as well as the Cabinet Office finally being fined for the 2020 New Year’s Honours List data breach. In September, the Government launched a consultation entitled “Data: A new direction” intended “to create an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data.” Cynics will say that it is an attempt to water down the UK GDPR just a few months after the UK received adequacy status from the European Union. Time will tell! We predict that 2022 is going to be the year of AI and Data Ethics. We are planning some workshops to help you navigate through the thorny issues. 

It wasn’t all about GDPR. At the end of the year, it seemed like the Government was ready to launch another attack on freedom of information. At present they are distracted by other troubles (unauthorised Christmas parties) but it will be interesting to see if the threat of FOI reform rears its head in 2022. 

In 2021 Act Now has been at the forefront of helping the IG/DP community stay abreast of developments and rise to the challenges of working from home and continuing to learn. We have delivered over 250 online workshops and launched some great new courses and products including our Advanced Certificate in GDPR Practice.
We intended to run 3 of these certificate courses in 2021. Such was the demand that we ran a total of 8, all of which were fully booked. With some great reviews, we will continue to improve this course. Watch this space for some exciting and challenging new courses in 2022. Alongside our usual training programme, we ran a number of free webinars on a range of topics including cyber security, risk management and the CCPA. 

Act Now has also continued to raise the media profile of Information Governance in 2021. Ibrahim Hasan was interviewed twice by the BBC on a variety of topics including footballers’ data, data breaches and vaccine passports. He was also on RT News talking about FOI. 

Data Protection is going global. With laws being passed in the Middle East, Africa and North America, we are now looking to spread the information privacy message further afield by promoting our US CCPA and Dubaiprivacy programmes. We have exciting announcements planned in 2022.

2021 ended with some great news. Act Now Training won the Information and Records Management Society (IRMS) Supplier of the year award at the IRMS conference in Birmingham. We were also delighted to welcome solicitor and information law expert, Kate Grimley Evans, to our team of associates. Kate is a Fee Paid Member of the Upper Tribunal.

These are exciting times for information governance professionals. Act Now is committed to raising awareness and the importance of Information Rights. We want to continue to support IG professionals with their professional development by developing training that helps them to navigate this often complex but interesting area. 

The Act Now office will be closed for the holiday season from Thursday the 23rd December. We will be back in the office from the 5th January 2021.

Wishing you all a safe and enjoyable Christmas and a successful new year. 

FOI Under Attack

Last week, a government minister called the Freedom of Information Act (FOI) a “truly malign piece of legislation”. Lord Callanan, a minister at the Department for Business, Energy & Industrial Strategy, made the comments during a parliamentary debate. He was defending the government’s decision that FOI should not apply to a new Defence research agency

It is not surprising that a government minister has expressed his dislike of FOI. The Act is very popular amongst politicians but only when they are in opposition. This view rapidly changes when they take up government positions and are on the receiving end of FOI requests. Tony Blair introduced the Act but regretted it in his memoirs, calling himself “a naive, foolish, irresponsible nincompoop”.

This new attack on FOI is not just about the Advanced Research and Invention Agency (ARIA) and whether it should be subject to FOI. This a minister expressing his frustrations about legislation which has no doubt made the Government’s life more difficult especially during the Pandemic. Information requests have been made about key government decisions, the actions of advisers in allegedly breaking lockdown rules (Barnard Castle) and the award of lucrative PPE supplies contracts to companies who seemingly have little experience of the health sector. In July, the Information Commissioner launched an investigation into reports that ministers and senior officials have been using private correspondence channels, such as Whatsapp and private email accounts, to conduct sensitive official business. 

FOI allows the public to see how their money is being spent. It is extraordinary that a body like ARIA, which is responsible for spending £800 million of public funds over four years, should be free from the scrutiny that applies to the whole public sector including small parish councils. ARIA will be tasked with handing out lucrative research contracts and so the public have a right to know how their money will be spent.


Lord Callanan also said that charging the public fees for requesting government information was an “excellent idea”. This idea has also been backed by the incoming Information Commissioner, John Edwards. He told a committee of MPs in September that it was “legitimate” to ask the public to meet the cost of digging out the relevant information.

One of the governments arguments for introducing fees is that it costs money to deal with complex freedom of information request. However the current legislation already allows for fees to be charged if a request takes more than 18 hours to deal with or 24 hours if made to a government department. 

Introducing a flat fee or fees for all requests, will undermine the public’s trust in government. At a time when the economy is weak and the cost of living is going up, why should the public have to pay for information that has been gathered by public bodies using public funds? In a sense they would be asked to pay for it twice. Fees also mean that only the rich would be able to scrutinise and challenge decisions made by public bodies which affect their lives. 

It could be that Lord Callanan’s comments signal the start of a government attempt to weaken FOI. If this is the case, bearing in mind Boris Johnson’s parliamentary majority, we should all be concerned. The Government must lead by example and not weaken FOI because it is a hindrance.

Watch Ibrahim Hasan’s interview with RT News here.

Looking for an FOI qualification? We have one place left on our online FOI Practitioner Certificate course starting in January. 

Leading Information Lawyer Joins the Act Now Team


Act Now Training welcomes solicitor and information law expert, Kate Grimley Evans, to its team of associates. Kate specialises in helping clients with all aspects of data protection and freedom of information. She was formerly the Head of Information Law at Stone King LLP. She has also worked for other top law firms including Eversheds and Mills & Reeve. Kate is currently a Consultant Solicitor for Bates Wells and Kesteven Partners Limited.

Kate is an expert in her field and has specialist knowledge of data protection compliance in the education and charity law sectors. She is the author of the leading guidance on data protection and information law matters for the museums’ sector and is currently writing a chapter (on schools) for an Oxford University Press book on data protection.

Kate has spoken at high profile conferences such as the Grammar School Heads’ Association Conference, Institute of School Business Leaders Conference and the Optimus Education Conference. Like our other associate Susan Wolf, Kate is a Fee Paid Member of the Upper Tribunal assigned to the Administrative Appeals Chamber (Information Rights Jurisdiction) and First Tier Tribunal General Regulatory Chamber (Information Rights Jurisdiction). 

Ibrahim Hasan, director of Act Now Training, said:

“I am delighted that Kate has joined our team. Her wealth of experience in the education and charity sectors, will help us develop further our training and consultancy offerings to these important sectors.”

In time Kate will be delivering all the workshops on our current programme as well as developing new ones. She will also be available to conduct audits and health checks and deliver in house training particularly for charities and schools. 

Learn about the latest GDPR developments in next week’s GDPR Update workshop. We have a one place left on our Advanced Certificate in GDPR Practice course starting in January.

Cabinet Office Receives £500,000 GDPR Fine

The Information Commissioner’s Office (ICO) has fined the Cabinet Office £500,000 for disclosing postal addresses of the 2020 New Year Honours recipients online.

The New Year Honours list is supposed to “recognise the achievements and service of extraordinary people across the United Kingdom.” However in 2020 the media attention was on the fact that, together with the names of recipients, the Cabinet Office accidentally published their addresses; a clear breach of the General Data Protection Regulation (GDPR) particularly the sixth data protection principle and Article 32 (security).

The Honours List file contained the details of 1097 people, including the singer Sir Elton John, cricketer Ben Stokes, the politician Iain Duncan Smith and the TV cook Nadiya Hussain. More than a dozen MoD employees and senior counter-terrorism officers as well as holocaust survivors were also on the list which was published online at 10.30pm on Friday 26th December 2019. After becoming aware of the data breach, the Cabinet Office removed the weblink to the file. However, the file was still cached and accessible online to people who had the exact webpage address.

The personal data was available online for a period of two hours and 21 minutes and it was accessed 3,872 times. The vast majority of people on the list had their house numbers, street names and postcodes published with their name. One of the lessons here is, always have a second person check the data before pressing “publish”.

This is the first ever GDPR fine issued by the ICO to a public sector organisation. A stark contrast to the ICO’s fines under the DPA 1998 where they started with a local authority. Article 82(1) sets out the right to compensation:

“Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.”

It will be interesting to see how many of the affected individuals pursue a civil claim. 

(See also our blog post from the time the breach was reported.)

This and other GDPR developments will be discussed in detail on our forthcoming GDPR Update workshop. We have a one place left on our Advanced Certificate in GDPR Practice course starting in January.

Act Now Training Wins IRMS Award

Act Now Training is proud to announce that it has won the Information and Records Management Society (IRMS) Supplier of the year award for 2021.

The awards ceremony took place on Monday night at the IRMS Conference in Birmingham. Act Now was also nominated for two others awards. Congratulations to all the other winners.

Ibrahim Hasan said:

“I would like to thank the IRMS as well as the Act Now team. This award recognises the hard work of our colleagues who are focussed on fantastic customer service as well as our experienced associates who deliver great practical content and go the extra mile for our delegates. We are committed to helping advance the profession and raising the awareness of the importance of Information Rights as a fundamental Human Right; and enable a culture of respect and trust within organisations.” 

The Innovation of the Year award went to Dapian which is a cloud based programme designed to assist those conducting Data Protection Impact Assessments and Information Sharing Agreements. Act Now helped develop Dapian alongside nine organisations from the public and private sector including the IRMS.

Despite the pandemic, it has been a fantastic year for Act Now. We have delivered over 250 online workshops and launched some great new courses and products. Our Advanced Certificate in GDPR Practice has been really well received by experienced GDPR practitioners who want to enhance their skills and knowledge. We have run eight fully booked courses this year with fantastic reviews. We have also launched our very popular UK and EU GDPR Handbooks.

We have exciting plans for 2022. Watch this space!

%d bloggers like this: