Cyber and Information security

Morrisons is not vicariously liable for data breach…but the Supreme Court does not rule out the possibility in future cases

Emma Keeling

On 1 April 2020, the UK Supreme Court unanimously overturned a 2018 Court of Appeal ruling that had found WM Morrisons Supermarkets PLC (Morrisons) vicariously liable for its employee’s misuse of private information, breach of confidence and breach of statutory duty under the Data Protection Act 1998 (DPA). Although this case was brought by reference Read More

No Comments

Cyber and data breaches: the questions that always arise

Lawson Caisley

When a company is the victim of a cyber attack or data breach, a number of crucial questions will have to be answered immediately.  These include: Must we involve the police? Do we need to pursue urgent civil remedies for real protection? Can/should we pay a ransom? When do we report to regulators? When do Read More

No Comments

Should we be Surprised by the Latest ICO Fines?

David Smith

Like many others in the data protection world I was initially taken aback by the size of latest fines proposed by the ICO. The idea of fining British Airways in excess of £183m and Marriott International nearly £100m for data breaches that in pre-GDPR days would have attracted fines of no more than £500,000, and Read More

No Comments

ICO bares its teeth with plans to issue over £280m in fines

Adam Smith

Those in the travel sector would be forgiven for feeling rather nervous after the UK’s Information Commissioner’s Office (ICO) announced plans to issue major fines to British Airways and Marriott International following separate data breach incidents in 2018. On 8 June 2019, the ICO issued a statement of its intention to fine British Airways £183.39m Read More

No Comments

The effect of the new UK cybersecurity laws

Charlotte Mullarkey

On 10 May the Network and Information Systems Regulations 2018 came into force in the UK. These implement the EU NIS Directive, EU-wide rules on cybersecurity. The NIS Directive had to be transposed into Member State laws by 9 May 2018. Many Member States have not met the deadline. Which companies are caught? The UK Read More

No Comments

Using artificial intelligence to fight financial crime – a legal risk perspective

Ian Rodgers

The Head of the Financial Crime Department at the UK Financial Conduct Authority (the FCA), Rob Gruppetta, gave a speech on “Using artificial intelligence to keep criminal funds out of the financial system” in December 2017 (1). In it, he explored how artificial intelligence (AI) could potentially be used to prevent financial crime, and for Read More

No Comments