Cyber and Information security

International – ASEAN proposes Model Clauses for international data transfers

Jane Finlayson-Brown

On 22 January 2021, the Digital Senior Officials’ meeting of the Association of Southeast Asian Nations (ASEAN) approved model contractual clauses for cross-border data flows (ASEAN Model Clauses) and related guidance on their implementation. The ASEAN Model Clauses include two sets of contractual terms to cover controller-processor and controller-to-controller situations. The ASEAN Model Clauses are Read More

No Comments

What Might The BA And Marriott Fines Tell Us About The ICO’s Approach To Penalties?

David Smith

Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of intent. Many may nevertheless have been surprised at just how much lower, coming in at £20 million Read More

No Comments

Data protection, cybersecurity and Covid-19 coronavirus: trends and insights

Jane Finlayson-Brown

Allen & Overy’s Data Protection team presented trends and insights in relation to data protection, cybersecurity and Covid-19 coronavirus. This webinar focused on the data protection and cybersecurity challenges faced by organisations, including in relation to: processing data in special situations driven by Covid-19, such as screening employees and monitoring online or other behaviour, including Read More

No Comments

Morrisons is not vicariously liable for data breach…but the Supreme Court does not rule out the possibility in future cases

Emma Keeling

On 1 April 2020, the UK Supreme Court unanimously overturned a 2018 Court of Appeal ruling that had found WM Morrisons Supermarkets PLC (Morrisons) vicariously liable for its employee’s misuse of private information, breach of confidence and breach of statutory duty under the Data Protection Act 1998 (DPA). Although this case was brought by reference Read More

No Comments

Cyber and data breaches: the questions that always arise

Lawson Caisley

When a company is the victim of a cyber attack or data breach, a number of crucial questions will have to be answered immediately.  These include: Must we involve the police? Do we need to pursue urgent civil remedies for real protection? Can/should we pay a ransom? When do we report to regulators? When do Read More

No Comments

Should we be Surprised by the Latest ICO Fines?

David Smith

Like many others in the data protection world I was initially taken aback by the size of latest fines proposed by the ICO. The idea of fining British Airways in excess of £183m and Marriott International nearly £100m for data breaches that in pre-GDPR days would have attracted fines of no more than £500,000, and Read More

No Comments