The other not so mega ‘mega fine’: ICO fines Marriott £18.4 million in relation to Starwood Hotel’s 2014 data breach

Summary The ICO has fined Marriott Inc (“Marriott”) £18.4 million in relation to a 2014 cyber-attack on Starwood Hotels. The ICO had previously issued a notice of its intention to fine Marriott £99.2 million. The Penalty Notice does not explain the reasons why the final fine is considerably lower than this amount. Following the ICO’s … Read more

Morrisons wins Supreme Court appeal against finding of vicarious liability in data breach class action

Today the Supreme Court handed down its decision in Wm Morrisons Supermarkets Plc v Various Claimants [2020] UKSC 12, bringing to its conclusion a case which had the potential to alter significantly the data protection and cyber security litigation and class action landscape. The headline news is that Morrisons has been found not to be vicariously liable for the … Read more

UK Government publishes results to the annual Cyber Security Breaches Survey

The Cyber Security Breaches Survey (“CSBS”) is an annual study of UK businesses and charities that began in 2015. The latest CSBS was conducted during the winter of 2019/2020 and the results published on 25 March 2020. The CSBS influences how the government shapes future policy, allows organisations to compare their cyber security with others … Read more

Contractors on high alert after cyber attack on Bouygues Construction

On 30 January 2020, the French construction company, Bouygues Construction, was hit by a ransomware-type attack on their computer network. In subsequent press-releases Bouygues reported that it had taken all of its information systems offline as a precautionary measure to prevent further propagation of the attack, and advised that operational activity on its construction sites … Read more

NCSC advocates Security by Design at Launch of Third Annual Review today in London

The National Cyber Security Centre (“NCSC“) emphasised the need for security by design at the launch of its Annual Review 2019 in London this morning. Many legacy systems are “accidentally insecure”, noted NCSC CEO Ciaran Martin, but now we can see the major trends developing and plan strategically. The Secure by Design Code of Conduct … Read more

EU Regulation on cyber security now in force

As we previously reported, the EU reached political agreement on the new EU Cybersecurity Act (the “Act“) in March 2019. The Act has now been published in the Official Journal and the majority of its provisions came into effect on 27 June 2019. Read more