Cyber and Information security
Should we be Surprised by the Latest ICO Fines?
01 August 2019 - David Smith
Like many others in the data protection world I was initially taken aback by the size of latest fines proposed by the ICO. The idea of fining British Airways in excess of £183m and Marriott International nearly £100m for data breaches that in pre-GDPR days would have attracted fines of no more than £500,000, and › Read More
ICO bares its teeth with plans to issue over £280m in fines
09 July 2019 - data breach , fine , ICO Adam Smith
Those in the travel sector would be forgiven for feeling rather nervous after the UK’s Information Commissioner’s Office (ICO) announced plans to issue major fines to British Airways and Marriott International following separate data breach incidents in 2018. On 8 June 2019, the ICO issued a statement of its intention to fine British Airways £183.39m › Read More
The effect of the new UK cybersecurity laws
17 May 2018 - Charlotte Mullarkey
On 10 May the Network and Information Systems Regulations 2018 came into force in the UK. These implement the EU NIS Directive, EU-wide rules on cybersecurity. The NIS Directive had to be transposed into Member State laws by 9 May 2018. Many Member States have not met the deadline. Which companies are caught? The UK › Read More
Using artificial intelligence to fight financial crime – a legal risk perspective
27 February 2018 - Ian Rodgers
The Head of the Financial Crime Department at the UK Financial Conduct Authority (the FCA), Rob Gruppetta, gave a speech on “Using artificial intelligence to keep criminal funds out of the financial system” in December 2017 (1). In it, he explored how artificial intelligence (AI) could potentially be used to prevent financial crime, and for › Read More
US Consumer Financial Protection Bureau guidelines for third-party financial data sharing
12 November 2017 - Jacob Reed
On October 18, the U.S. Consumer Financial Protection Bureau (CFPB) published nine principles for the protection of consumers in the emerging financial data aggregation industry. The CFPB, which is charged with ensuring consumer access to fair and transparent financial services, emphasized that the principles are not intended as guidance on existing laws and regulations and › Read More
WP29 guidelines on personal data breach notification under GDPR
22 October 2017 - Anita Anand
The Article 29 Working Party this week published draft Guidelines on personal data breach notification under GDPR. The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day. Many are now asking what further clarity the draft guidelines bring for companies › Read More