A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 18 June 2015
Whilst we are still reeling from the ground-breaking Vidal-Hall decision earlier this year, the ICO has also issued some interesting guidance and publications which have themselves progressed the interpretation of existing data protection law.
The ICO's guidance on the issue of monetary penalties ("fines" to you and me) is one such publication which reveals a great deal of information as to why it will issue monetary penalties. A copy can be found here. Risk management issues can be drawn from this guidance, some of which might be surprising. For example, the guidance indicates that fines are effectively means tested so that bigger companies will face higher fines. How companies respond to data breaches is also crucial to whether the ICO will issue fines, and those companies who take immediate action to close vulnerabilities and offer compensation to affected parties will see the chances of a fine being issued reduced.
In May, the ICO also published the results from a pan-European study into what the public expect from data protection and the data protection authorities ("DPA") themselves. The report outlined a series of recommendations on how DPAs can be more effective in the management and protection of personal data. A copy can be found here. Ultimately, the ICO found that there was no 'one size fits all' view; privacy is personal to the individual and what one person is content to share and on what basis differs from person to person. However, the ICO found that there were common themes in what the public want:
The results of this study will no doubt influence the ICO's future priorities in regulating data protection in the UK. Savvy companies will try to take these factors into account when conducting business in order to stay a few steps ahead of the regulatory machine. The "savvy-est" of companies will build their businesses with the public's demands on privacy in mind in order to differentiate to gain a competitive advantage. Just ask Tim Cook of Apple who earlier this month reportedly criticised his web rivals' business models that undermined user privacy.
Across the pond, we are reminded that privacy risks are not only restricted to companies with retail customers. Employee data can be a prized hacking target and a stark reminder came in the form of a cyber-attack on the US Government that reportedly resulting in the loss of up to 4 million current and former employees' personal financial data. If the US government can be breached, what makes any other company immune?
There has also been an interesting legal development in the US on the topic of insurance coverage for cyber risks under existing insurance policies. The judgment demonstrates the limits of trying to claim under existing insurance programmes for losses which might have been better served by a dedicated cyber insurance policy.
And finally, what would any cyber update be without a reference to the EU Data Protection Regulation? Well the breaking news is that the European Council has agreed its version of the wording so that the Parliament, Council and Commission can sit down together and begin to horse-trade their respective positions. Those talks start on 24 June with the incoming Luxembourg Presidency aiming to find a general approach in October to be finalised by the end of 2015. Don't hold your breath!
London - Walbrook
+44 (0) 20 7894 6925
+44 (0)20 7894 6930
Thomas Jordan, Jonathan Mitchell
Peter Allchorne, Michael McCabe
Peter Allchorne, Michael McCabe, Caroline Hall
David Williams, David Johnson
John Maillie, Tom Baker
Clare Hughes-Williams, Mark Healing
David Williams, Ruth Winterbottom
Duncan Greenwood, Mark Cawthorne
Vladimir Rostan d’ Ancezune
Sally Roff, Stefan Desbordes
David Williams, Peter Allchorne, Barrie Hall
Clare Hughes-Williams, Catrin Davies, Naomi Park, Sophie Ruffles
Emma Fuller, Jade Batstone, Daniel Miller
Sally Roff, Chris Baranowski
Charlotte Le Maire