Digital TMT and Sourcing Predictions 2019

  2018 was a landmark year for digital TMT and sourcing. Against the backdrop of the UK’s impending departure from the EU, there were a wealth of highlights as regulation moved further towards greater harmonisation at the European level; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented … Read more

Treasury Committee inquiry: IT failures in the financial services sector

The House of Commons Treasury Committee has launched an inquiry into IT failures in the financial services sector. The inquiry will focus on the causes and consequences of operational incidents in the financial services sector and will examine the work being undertaken by industry and regulators to promote operational resilience. The Committee has also published … Read more

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; and (ii) the employee’s intention being to cause reputational or financial damage to Morrisons itself: … Read more

NIS Directive and Regulations now in force

The EU Network and Information Systems Directive (“NISD”) was required to be implemented into national law by 9 May 2018. The UK implementing regulations (the Network and Information Systems Regulations 2018) (“Regulations”) are now in force. The Regulations impose cyber security standards on operators of essential services (“OES”) and certain digital service providers (“DSPs”) to … Read more

Compliant or not: the GDPR is here

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but also to some organisations outside the EEA. With the legislation now in force, all eyes … Read more

Data breaches: new Article 29 Working Party guidance

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article 29 Working Party issued its initial guidance in October 2017 and published a final version … Read more

Court makes permanent injunction against unknown parties preventing disclosure of confidential information unlawfully removed from computer

In the cases of Clarkson Plc v Person(s) Unknown (“Clarkson”) and PML v Person(s) unknown (“PML”), the court has created a new tool in the fight against cyber attackers. The defendants who are unknown person(s) gained unauthorised access to the claimants’ IT systems and acquired a considerable quantity of information. The unknown defendant(s) then threatened … Read more