Data breach

Cyberattack on German Public Figures Leads To One of Germany’s Largest Data Breaches

Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany’s largest data breaches. The leaked … Continue reading

Leave a Comment

Filed under Data breach, Data subject rights, Enforcement

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Data subject rights, Enforcement, GDPR, News

Data breaches: new Article 29 Working Party guidance

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, GDPR, Guidance, National privacy law

Compliant or not: the GDPR is here

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Extra-territoriality, GDPR, Guidance

The GDPR: Practical European Guidance on personal data breach notification requirements

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, Data subject rights, GDPR

Morrisons – the first successful class action in the UK for data breach

On 1 December 2017, the High Court handed down its judgment on the UK’s first class action arising from a data breach (Various Claimants v Morrisons). The High Court allowed the claim and deemed Morrisons to be vicariously liable for … Continue reading

Leave a Comment

Filed under Data breach, Data Protection, Enforcement

Google DeepMind trial failed to comply with data protection law

On 3 July 2017 the Information Commissioner’s Office (“ICO“) determined that the Royal Free NHS Foundation Trust (the “Trust“) had breached the Data Protection Act 1998 (the “Act”) when it provided patient details to Google’s DeepMind. The Trust provided personal … Continue reading

Leave a Comment

Filed under Data breach, Data Protection, Data subject rights, Enforcement, IT and Technology, News

WannaCry: A chance to test systems and raise awareness at a global level?

In one of the most dramatic and widespread cyber attacks to date, on Friday 12 May 2017, a worldwide ransomware attack known as “WannaCrypt” or “WannaCry” began infecting hundreds of thousands of computers in over 150 countries. Starting in the … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, GDPR, Guidance

UK’s cyber security breaches survey and Verizon’s data breach report suggest progress – but more to do

April 2017 welcomed two insightful publications on the current cyber security landscape. The UK Department for Culture, Media and Sport’s annual Cyber Security Breaches Survey (the “Survey“) and Verizon’s 2017 Data Breach Investigations Report (the “Report“), highlight the changing attitude … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection

New Mirai based malware variants – BrickerBot and a Bitcoin miner

The Mirai malware gained its infamy in October 2016 following its record breaking attack on systems operated by domain name system provider Dyn, using unsecured Internet of Things (“IoT“) enabled “smart” devices (such as CCTV recorders, webcams and routers). It … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, IT and Technology