Today the Supreme Court handed down its decision in Wm Morrisons Supermarkets Plc v Various Claimants [2020] UKSC 12, bringing to its conclusion a case which had the potential to alter significantly the data protection and cyber security litigation and class action landscape. The headline news is that Morrisons has been found not to be vicariously liable for the … Read more
The Cyber Security Breaches Survey (“CSBS”) is an annual study of UK businesses and charities that began in 2015. The latest CSBS was conducted during the winter of 2019/2020 and the results published on 25 March 2020. The CSBS influences how the government shapes future policy, allows organisations to compare their cyber security with others … Read more
On 30 January 2020, the French construction company, Bouygues Construction, was hit by a ransomware-type attack on their computer network. In subsequent press-releases Bouygues reported that it had taken all of its information systems offline as a precautionary measure to prevent further propagation of the attack, and advised that operational activity on its construction sites … Read more
The Supreme Court in England has two issues to consider in the appeal which opens today. First, should the company be held to be vicariously liable for the acts of its employee in this case? It concerns, after all, a rogue employee, who took payroll data with which he was entrusted home on a … Read more
The National Cyber Security Centre (“NCSC“) emphasised the need for security by design at the launch of its Annual Review 2019 in London this morning. Many legacy systems are “accidentally insecure”, noted NCSC CEO Ciaran Martin, but now we can see the major trends developing and plan strategically. The Secure by Design Code of Conduct … Read more
As we previously reported, the EU reached political agreement on the new EU Cybersecurity Act (the “Act“) in March 2019. The Act has now been published in the Official Journal and the majority of its provisions came into effect on 27 June 2019. Read more
On 20 June 2019, the US Senate confirmed Keith Krach as the Under Secretary of State for Economic Growth, Energy, and the Environment. As part of that role, Krach will serve as the permanent Ombudsman for the EU-US Privacy Shield agreement. The EU-US Privacy Shield is a framework that regulates transatlantic exchanges of personal data … Read more
On 17 May, the EU adopted legislation which will enable it to impose sanctions against persons and entities who engage in cyber-attacks against the EU and its member states. The sanctions will be designed “to deter and respond to cyber-attacks with a significant effect which constitute an external threat to the EU and its Member … Read more
On 8 March 2018, the European Commission published its FinTech Action Plan with the aim of encouraging the European Supervisory Authorities ("ESAs") to recommend to the Commission improvements that can be made to the existing supervisory practices across financial sectors around ICT security and governance requirements. Read more
