ThreatInformer Cyber Threat Advisory – March 2018
In the wake of the catastrophic Spectre and Meltdown bugs published in January, the usual suspects are back at large again, with Microsoft and Adobe leading the way with serious vulnerabilities…
Published 12 July 2018
The last few weeks have seen data protection laws radically overhauled in the UK and across Europe. The long-awaited General Data Protection Regulations finally became directly applicable in all Member States on 25 May 2018 and the majority of the Data Protection Act 2018 came into force on the same date, amid wide-spread concerns in the lead-up that it would not receive parliamentary approval in time.
Please click here for more information on the GDPR, the DPA 2018 and the EU's ePrivacy Regulation, which is still being finalised and it is now expected to come in next year.
Understanding the implications of this new legislation for data controllers, data processors and individuals has been some-what perplexing but the UK's ICO is helping by issuing frequent updates to its GDPR Guide and guidance notes. Also, the European Data Protection Supervisor (EDPS), which replaces the old Article 29 Working Party, has been busy issuing updates and preparing draft guidelines for consultation.
Please click here for further information on the ICO and EDPS guidance.
Other news is that Morrisons has appealed the decision Various Claimants v Morrisons to the Court of Appeal on the issue of whether the supermarket is vicariously liable for the deliberate misuse of personal data by its disgruntled employee who intended to cause it harm. This appeal is expected to be heard in October 2018.
Meanwhile, the High Court has handed down its costs judgment relating to the first instance decision. Emphasising the importance of pleading arguments in a proportionate and focussed way and not indulging in tenuous or fanciful arguments, the judge awarded the Claimants only 40% of their costs claim. This was to reflect that the Claimants were unsuccessful in their argument that Morrisons was directly liable for the data leak; an argument that went to 13 of the 14 issues at trial.
Our full commentary on the costs decision is here.
The Court of Appeal has also ruled on the appeal in Secretary of State for the Home Department v TLU and TLV concerning the liability of the Home Office to pay distress compensation to individuals who were not named but whose identity could be inferred from asylum data accidentally disclosed on its website. The Court of Appeal was unwilling to interfere with the trial judge's findings of fact that individuals could be identified as asylum seekers by third parties.
Please click here for our full article on the decision.
Websites without HTTPS will be labelled “Not Secure” by Google Chrome this month. With over 50% of website visitors using Chrome, it could have a significant business impact.
Please click here to read the full article.
Our new Breach Response Planner has completed its Beta testing stage and will be available shortly. This will allow organisations of all sizes to ensure that they have a comprehensive plan in the event of a data breach. More details about the Planner will follow shortly but please feel free to contact us should you require further information in the meantime.