Cyber and Information security
What Might The BA And Marriott Fines Tell Us About The ICO’s Approach To Penalties?

17 November 2020 - David Smith
Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of intent. Many may nevertheless have been surprised at just how much lower, coming in at £20 million › Read More
Data protection, cybersecurity and Covid-19 coronavirus: trends and insights

17 April 2020 - Jane Finlayson-Brown
Allen & Overy’s Data Protection team presented trends and insights in relation to data protection, cybersecurity and Covid-19 coronavirus. This webinar focused on the data protection and cybersecurity challenges faced by organisations, including in relation to: processing data in special situations driven by Covid-19, such as screening employees and monitoring online or other behaviour, including › Read More

03 April 2020 - Emma Keeling
On 1 April 2020, the UK Supreme Court unanimously overturned a 2018 Court of Appeal ruling that had found WM Morrisons Supermarkets PLC (Morrisons) vicariously liable for its employee’s misuse of private information, breach of confidence and breach of statutory duty under the Data Protection Act 1998 (DPA). Although this case was brought by reference › Read More
Cyber and data breaches: the questions that always arise

22 November 2019 - Lawson Caisley
When a company is the victim of a cyber attack or data breach, a number of crucial questions will have to be answered immediately. These include: Must we involve the police? Do we need to pursue urgent civil remedies for real protection? Can/should we pay a ransom? When do we report to regulators? When do › Read More
Should we be Surprised by the Latest ICO Fines?

01 August 2019 - David Smith
Like many others in the data protection world I was initially taken aback by the size of latest fines proposed by the ICO. The idea of fining British Airways in excess of £183m and Marriott International nearly £100m for data breaches that in pre-GDPR days would have attracted fines of no more than £500,000, and › Read More
ICO bares its teeth with plans to issue over £280m in fines

09 July 2019 - data breach , fine , ICO Adam Smith
Those in the travel sector would be forgiven for feeling rather nervous after the UK’s Information Commissioner’s Office (ICO) announced plans to issue major fines to British Airways and Marriott International following separate data breach incidents in 2018. On 8 June 2019, the ICO issued a statement of its intention to fine British Airways £183.39m › Read More