10 Min Read

Data And Cyber Bulletin - July 2022

Read More

By Hans Allnutt & Patrick Hill


Published 22 July 2022


Welcome to the July edition of our Data And Cyber Bulletin, with fascinating content covering the Irish DPC’s draft decision proposing to prevent Meta from transferring personal data from the EU to the US, the Lloyds report on physical cyber risks, and the link between Dunkin Donuts and credential stuffing.  We provide insight into the third attack on Marriott Group and welcome guest content from our Legalign Global partner firm, Wilson Elser, in respect of data breach class actions in the US.  We also consider the European Commission’s recent warning against strict interpretation of the GDPR by Data Protection Authorities, the ICO and NCSC joint letter to the Law Society and Bar Council in respect of ransom payments, and the proposed amendment to the PSTI Bill in respect of ethical hacking.

Draft DPC Decision Proposes Banning Meta Data Transfers from EU to US

We consider the implications of the DPC’s draft decision, banning Meta from transferring personal data from the EU to the US.

Read more

Physical risk in cyber-attacks: Lloyds outlines potential impact to businesses in a new report

We highlight the key points arising out of the Lloyds report on the importance of effective risk management and the role of insurers in helping customers build resilience to cyber-attacks that could cause damage to physical environments.

Read more

Stuffing Dunkin Donuts and Uber Attacks - New Guidance Released on “Credential Stuffing” Incidents

We discuss the recently issued guidance by the Global Privacy Assembly’s International Enforcement Cooperation Working Group on the increasing threat of credential stuffing and highlight recent examples of the same with the Dunkin Donuts and Uber attacks.

Read more

Marriott Group Struck by Third Data Breach

We explain the latest attack on Marriott Group and consider the resulting exposure for the beset hotel chain.

Read more

Plaintiffs’ Attorneys Racing to Courthouses in the United States to File Data Breach Class Actions

We welcome guest contribution from David Ross at Wilson Elser, looking at the uptick in data breach class actions in the US.

Read more

European Commission issues a warning against “strict” interpretation of the GDPR by Data Protection Authorities

We provide insight into the Commission’s recent confirmation that commercial considerations can satisfy the “legitimate interests” lawful basis, and explain the concern raised by the Commission  in respect of the Dutch DPA.

Read more

Ransoms - to pay or not to pay, that is the question …

We set out the key takeaways from the ICO and NCSC’s recently published joint letter to the Law Society and Bar Council in respect of paying ransom demands.

Read more

Proposed Amendment to the PSTI Bill Set To Provide Defence to Ethical Hacking Under the CMA

We share insight into the UK proposal to provide a defence to ethical hacking, providing a welcome update to UK cyber laws, specifically the Computer Misuse Act 1990.

Read more

Failed Delivery Attempt

We summarise key takeaways from the recent up-tick in cyber-incidents impacting delivery companies, with a focus on the recent attack on Yodel.

Read more

We hope you enjoy this month’s edition and invite you to contact the authors of the articles should you wish to discuss them further.