Welcome to the March edition of our Data And Cyber Bulletin.We are delighted to share this month’s bumper edition of our Data And Cyber Bulletin with content covering the topical issue of making ransom payments in light of ever-evolving international sanctions, the ICO’s recently published guidance on ransomware and data protection compliance, and a useful summary of the challenges of navigating aviation cyber risk.We highlight key points arising out two recent regulatory decisions, being the ICO’s first ransomware related monetary penalty notice against Tuckers Solicitors LLP and the Polish DPA fine against Santander Bank. We explain the significance of the recent Supreme Court decision in Bloomberg LG v ZXC and provide insight from our Dublin office on the recent DPC fine against Meta for EUR17m.Finally, we offer our thoughts on the EDPB’s Amicable Settlement Guidelines which aim to provide consistency in European data breach claims.The Challenges of Ransom Payments and the International Sanctions RegimeWe consider the impact of the international community’s implementation of sanctions on Russia and the payment of ransoms to threat actor groups.Read moreNew ICO Guidance on Ransomware and Data Protection ComplianceWe highlight the key points arising out of the ICO’s recently published guidance on ransomware and data protection compliance, which provides a useful reminder of steps which can be taken to mitigate the risk of such attacks.Read moreNavigating Aviation Cyber RiskWe discuss the importance of aviation cyber insurance and explain the legislative and regulatory environment within which the industry operates.Read moreTucking into ransomware; the ICO turns to the legal professionWe consider the importance of the ICO’s recent first ransomware related monetary penalty notice against Tuckers Solicitors LLP, and highlighted a concerning trend in increased attacks against law firms.Read moreSantander Bank Polska Ordered to Issue Data Subject Notifications and Subjected to EUR 120,000 FineWe explain the basis for the Polish DPA’s fine against Santander Bank and the justification for ordering the bank to notify impacted data subjects.Read moreDPC Fines Facebook parent Company Meta €17 million for Breaches of GDPROur Dublin office explains the basis and significance of the DPC fine of EUR17m against Facebook parent company, Meta.Read more‘Amicable Settlement Guidelines’ to provide consistency in European data breach claimsWe explain the key elements of the EDPB Amicable Settlements Guidance and its anticipated impact in respect of harmonising the European approach to resolving data breach complaints.Read moreBloomberg LP (Appellant) v ZXC (Respondent) [2022] UKSC 5We consider the Supreme Court decision in the case of Bloomberg LP v ZXC and the implications for misuse of private information and breach of confidence causes of action.Read moreWe hope you enjoy this month’s newsletter. Please do contact the authors of this month’s newsletter content if you have any questions.DAC Beachcroft’s Cyber Team