Cyber Security

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Data subject rights, Enforcement, GDPR, News

Court makes permanent injunction against unknown parties preventing disclosure of confidential information unlawfully removed from computer

In the cases of Clarkson Plc v Person(s) Unknown (“Clarkson”) and PML v Person(s) unknown (“PML”), the court has created a new tool in the fight against cyber attackers. The defendants who are unknown person(s) gained unauthorised access to the … Continue reading

Leave a Comment

Filed under Cyber Security

NIS Directive and Regulations now in force

The EU Network and Information Systems Directive (“NISD”) was required to be implemented into national law by 9 May 2018. The UK implementing regulations (the Network and Information Systems Regulations 2018) (“Regulations”) are now in force. The Regulations impose cyber … Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection, National privacy law

Compliant or not: the GDPR is here

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Extra-territoriality, GDPR, Guidance

UK Government endorses new data security standards and greater patient control over use of health data

The Department of Health published its Review of Data Security, Consent and Opt-Outs (the “Review”) earlier this year. Incidents such as WannaCry (refer to article above for more detail) have created awareness of the ease and speed with which cyber-attacks … Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection, GDPR, National privacy law

UK Government Position Paper on International Transfers of Data – Key Points

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves … Continue reading

Leave a Comment

Filed under Brexit, Cyber Security, Data Protection, Data subject rights, Disclosures, Extra-territoriality, GDPR

ENISA Guidance: Incident Reporting for Digital Service Providers under Cyber Security Directive and the interplay with GDPR

The new report referenced in the article above, follows comprehensive guidelines (the “Guidelines“) published by ENISA in February 2017 for Member States and the European Commission on how to implement incident notification for “digital service providers” (“DSPs“) across the EU, … Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection, GDPR, Guidance

WannaCry: A chance to test systems and raise awareness at a global level?

In one of the most dramatic and widespread cyber attacks to date, on Friday 12 May 2017, a worldwide ransomware attack known as “WannaCrypt” or “WannaCry” began infecting hundreds of thousands of computers in over 150 countries. Starting in the … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, GDPR, Guidance

UK’s cyber security breaches survey and Verizon’s data breach report suggest progress – but more to do

April 2017 welcomed two insightful publications on the current cyber security landscape. The UK Department for Culture, Media and Sport’s annual Cyber Security Breaches Survey (the “Survey“) and Verizon’s 2017 Data Breach Investigations Report (the “Report“), highlight the changing attitude … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection

New Mirai based malware variants – BrickerBot and a Bitcoin miner

The Mirai malware gained its infamy in October 2016 following its record breaking attack on systems operated by domain name system provider Dyn, using unsecured Internet of Things (“IoT“) enabled “smart” devices (such as CCTV recorders, webcams and routers). It … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, IT and Technology