Cyber and Information security

Should we be Surprised by the Latest ICO Fines?

David Smith

Like many others in the data protection world I was initially taken aback by the size of latest fines proposed by the ICO. The idea of fining British Airways in excess of £183m and Marriott International nearly £100m for data breaches that in pre-GDPR days would have attracted fines of no more than £500,000, and Read More

No Comments

ICO bares its teeth with plans to issue over £280m in fines

Adam Smith

Those in the travel sector would be forgiven for feeling rather nervous after the UK’s Information Commissioner’s Office (ICO) announced plans to issue major fines to British Airways and Marriott International following separate data breach incidents in 2018. On 8 June 2019, the ICO issued a statement of its intention to fine British Airways £183.39m Read More

No Comments

The effect of the new UK cybersecurity laws

Charlotte Mullarkey

On 10 May the Network and Information Systems Regulations 2018 came into force in the UK. These implement the EU NIS Directive, EU-wide rules on cybersecurity. The NIS Directive had to be transposed into Member State laws by 9 May 2018. Many Member States have not met the deadline. Which companies are caught? The UK Read More

No Comments

Using artificial intelligence to fight financial crime – a legal risk perspective

Ian Rodgers

The Head of the Financial Crime Department at the UK Financial Conduct Authority (the FCA), Rob Gruppetta, gave a speech on “Using artificial intelligence to keep criminal funds out of the financial system” in December 2017 (1). In it, he explored how artificial intelligence (AI) could potentially be used to prevent financial crime, and for Read More

No Comments

US Consumer Financial Protection Bureau guidelines for third-party financial data sharing

Jacob Reed

On October 18, the U.S. Consumer Financial Protection Bureau (CFPB) published nine principles for the protection of consumers in the emerging financial data aggregation industry. The CFPB, which is charged with ensuring consumer access to fair and transparent financial services, emphasized that the principles are not intended as guidance on existing laws and regulations and Read More

No Comments

WP29 guidelines on personal data breach notification under GDPR

Anita Anand

The Article 29 Working Party this week published draft Guidelines on personal data breach notification under GDPR.  The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day.  Many are now asking what further clarity the draft guidelines bring for companies Read More

No Comments