The other not so mega ‘mega fine’: ICO fines Marriott £18.4 million in relation to Starwood Hotel’s 2014 data breach

Summary The ICO has fined Marriott Inc (“Marriott”) £18.4 million in relation to a 2014 cyber-attack on Starwood Hotels. The ICO had previously issued a notice of its intention to fine Marriott £99.2 million. The Penalty Notice does not explain the reasons why the final fine is considerably lower than this amount. Following the ICO’s … Read more

Morrisons wins Supreme Court appeal against finding of vicarious liability in data breach class action

Today the Supreme Court handed down its decision in Wm Morrisons Supermarkets Plc v Various Claimants [2020] UKSC 12, bringing to its conclusion a case which had the potential to alter significantly the data protection and cyber security litigation and class action landscape. The headline news is that Morrisons has been found not to be vicariously liable for the … Read more

UK Government publishes results to the annual Cyber Security Breaches Survey

The Cyber Security Breaches Survey (“CSBS”) is an annual study of UK businesses and charities that began in 2015. The latest CSBS was conducted during the winter of 2019/2020 and the results published on 25 March 2020. The CSBS influences how the government shapes future policy, allows organisations to compare their cyber security with others … Read more

NCSC advocates Security by Design at Launch of Third Annual Review today in London

The National Cyber Security Centre (“NCSC“) emphasised the need for security by design at the launch of its Annual Review 2019 in London this morning. Many legacy systems are “accidentally insecure”, noted NCSC CEO Ciaran Martin, but now we can see the major trends developing and plan strategically. The Secure by Design Code of Conduct … Read more

EU adopts new sanctions framework targeting external cyber attacks

On 17 May, the EU adopted legislation which will enable it to impose sanctions against persons and entities who engage in cyber-attacks against the EU and its member states. The sanctions will be designed “to deter and respond to cyber-attacks with a significant effect which constitute an external threat to the EU and its Member … Read more