Cyber and Information security
International – ASEAN proposes Model Clauses for international data transfers

01 February 2021 - Jane Finlayson-Brown
On 22 January 2021, the Digital Senior Officials’ meeting of the Association of Southeast Asian Nations (ASEAN) approved model contractual clauses for cross-border data flows (ASEAN Model Clauses) and related guidance on their implementation. The ASEAN Model Clauses include two sets of contractual terms to cover controller-processor and controller-to-controller situations. The ASEAN Model Clauses are › Read More
What Might The BA And Marriott Fines Tell Us About The ICO’s Approach To Penalties?

17 November 2020 - David Smith
Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of intent. Many may nevertheless have been surprised at just how much lower, coming in at £20 million › Read More
Data protection, cybersecurity and Covid-19 coronavirus: trends and insights

17 April 2020 - Jane Finlayson-Brown
Allen & Overy’s Data Protection team presented trends and insights in relation to data protection, cybersecurity and Covid-19 coronavirus. This webinar focused on the data protection and cybersecurity challenges faced by organisations, including in relation to: processing data in special situations driven by Covid-19, such as screening employees and monitoring online or other behaviour, including › Read More

03 April 2020 - Emma Keeling
On 1 April 2020, the UK Supreme Court unanimously overturned a 2018 Court of Appeal ruling that had found WM Morrisons Supermarkets PLC (Morrisons) vicariously liable for its employee’s misuse of private information, breach of confidence and breach of statutory duty under the Data Protection Act 1998 (DPA). Although this case was brought by reference › Read More
Cyber and data breaches: the questions that always arise

22 November 2019 - Lawson Caisley
When a company is the victim of a cyber attack or data breach, a number of crucial questions will have to be answered immediately. These include: Must we involve the police? Do we need to pursue urgent civil remedies for real protection? Can/should we pay a ransom? When do we report to regulators? When do › Read More
Should we be Surprised by the Latest ICO Fines?

01 August 2019 - David Smith
Like many others in the data protection world I was initially taken aback by the size of latest fines proposed by the ICO. The idea of fining British Airways in excess of £183m and Marriott International nearly £100m for data breaches that in pre-GDPR days would have attracted fines of no more than £500,000, and › Read More