Everyone now knows that a personal data breach may lead to an ICO (Information Commissioner’s Office) investigation, financial penalties and/or other regulatory action. But what about the commercial consequences? It’s long been a standard observation that data breaches lead to …
While the recent statutory instrument that amends the PECR (Privacy and Electronic Communications Regulations) appears to be aimed at the directors of organisations that brazenly flout the law in respect of direct marketing (whether by email or telephone), the reality …
There is a trend among organisations that suffer data breaches – such as Eurostar, which has just identified a major data breach – to downplay their impact by saying things like ‘while usernames and passwords were compromised, the good news …
The Court of Appeal has upheld the lower court decision that supermarket chain Morrisons is vicariously liable for a data breach by an employee. The detail of this decision is interesting. The Court found that, as Morrisons had instructed the …
Facebook has, in respect of its data breach earlier this year, been fined the maximum £500,000 allowed under the DPA (Data Protection Act) 1998. It’s lucky the breach was discovered before 25 May 2018; if the fine had been levied …
Ransomware is a fact of life, right? Sooner or later, a member of staff is going to click a malicious link or visit a dodgy website, and a ransomware product will download and install itself. There are three ways you …
You’ll remember that Yahoo suffered a significant data breach (affecting about 3 billion user accounts) in 2013, but didn’t get around to telling anyone until 2016. The costs of that breach are now becoming clear: $350 million reduction in the …
EU Data Protection Supervisor Giovanni Buttarelli said yesterday that the first GDPR sanctions – fines, ultimatums, bans – will be imposed by the end of this year. Buttarelli co-ordinates the supervisory agencies across the EU, so he probably knows what …
Although it is largely expected that Internet giants like Facebook deal rapaciously with users’ personal data, it is astonishing that a publicly funded institution such as the NHS should decide to ignore the recommendations of its own CIO on the …
Boards should take note of the FCA’s (Financial Conduct Authority) £16.4 million fine of Tesco Bank for failing to prevent a cyber attack that, in the end, directly affected only 34 customers (although it did disrupt services for many others) …
