UK Government issues call for Views on post-Brexit Cyber Security Certification

Last week, the Department for Digital, Culture, Media & Sport issued a Call for Views on the certification scheme currently anticipated by Regulation (EU) 2019/881 (the Cybersecurity Act) after Brexit. The closing date for responses has been extended to 15 October 2019. In the issued document, the UK Government proposes to maintain “a close relationship with the EU … Read more

Storming the Breaches: DCMS releases Cyber Security Breaches Survey 2019

Cyber-attacks are a continuous threat to both businesses and charities. From the Cyber Security Breaches Survey 2019 (available here as a PDF), we can see that fewer businesses are identifying breaches than in previous years, but the ones that are identifying breaches are typically experiencing more of them. Approximately 32% of businesses and 22% of … Read more

A Clearer Roadmap to Recovery: the roles of NCSC and ICO clarified at CYBERUK

The National Cyber Security Centre (NCSC) and the Information Commission Office (ICO) have clarified their roles in relation to breaches of cyber security.  NCSC manages cyber incidents at a national level to prevent harm being caused to both victims and the UK overall. It helps manage the response at a governmental level and seeks to ensure that lessons are learned to help deter future attacks. The ICO is the independent regulator for enforcing and monitoring data protection legislation and the competent authority for Digital Service Providers under the Network and Information Systems (NIS) Directive. The ICO is the first port of call for organisations who have suffered a breach of cyber security. Read more

EU adopts new sanctions framework targeting external cyber-attacks

On 17 May, the EU adopted legislation which will enable it to impose sanctions against persons and entities who engage in cyber-attacks against the EU and its member states. The sanctions will be designed “to deter and respond to cyber-attacks with a significant effect which constitute an external threat to the EU and its Member … Read more

Digital TMT and Sourcing Predictions 2019

  2018 was a landmark year for digital TMT and sourcing. Against the backdrop of the UK’s impending departure from the EU, there were a wealth of highlights as regulation moved further towards greater harmonisation at the European level; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented … Read more

Treasury Committee inquiry: IT failures in the financial services sector

The House of Commons Treasury Committee has launched an inquiry into IT failures in the financial services sector. The inquiry will focus on the causes and consequences of operational incidents in the financial services sector and will examine the work being undertaken by industry and regulators to promote operational resilience. The Committee has also published … Read more

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; and (ii) the employee’s intention being to cause reputational or financial damage to Morrisons itself: … Read more