UK minister attempts to clarify data protection plans after watchdog’s concerns – OUT-LAW.com

Posted January 19th, 2018 in bills, data protection, EC law, news by tracey

‘Concerns that proposed new UK data protection laws threaten the independence of the country’s data protection watchdog are “misplaced”, a government minister has said.’

Full Story

OUT-LAW.com, 18th January 2018

Source: www.out-law.com

PPI firm fined £350,000 for making 75 million spam calls in four months – The Independent

‘A PPI company that made 75 million nuisance calls in just four months has been fined £350,000 by the Information Commissioner’s Office. The director of Miss-sold Products UK Ltd will not face any punishment despite the company he ran “blatantly ignoring the law” because of shortcomings in existing legislation, the ICO said on Wednesday.’

Full Story

The Independent, 17th January 2018

Source: www.independent.co.uk

Home Office pays out £15,500 to asylum seeker over data breach – The Guardian

Posted January 18th, 2018 in asylum, compensation, data protection, news by tracey

‘The Home Office has paid out £15,500 in compensation after admitting handing over sensitive information about an asylum seeker to the government of his Middle East home country, a move which could have endangered his life and that of his family.’

Full Story

The Guardian, 17th January 2018

Source: www.theguardian.com

Another £400k penalty for a cyber security breach – Technology Law Update

Posted January 15th, 2018 in data protection, EC law, fines, news, penalties, telecommunications by sally

‘The Information Commissioner’s Office has imposed a £400,000 fine on mobile phone retailer Carphone Warehouse following a 2015 cyber attack. Originating from an IP address in Vietnam, the hack went on for 15 days before detection. It exposed the personal data of more than three million customers and 1,000 members of staff.’

Full Story

Technology Law Update, 11th January 2018

Source: www.technology-law-blog.co.uk

Facebook pays teen undisclosed damages over naked photograph in first case of its kind – Daily Telegraph

Posted January 12th, 2018 in compensation, data protection, internet, misuse of private information, news by tracey

‘Facebook has settled a landmark legal action over a naked photograph of a 14-year-old girl posted on a “shame” page. The social media giant agreed to pay undisclosed damages to the teenager after failing in its attempt to get the action thrown out of court.’

Full Story

Daily Telegraph, 11th January 2018

Source: www.telegraph.co.uk

Fines under GDPR wait for businesses that fail to fix known security flaws now, says UK watchdog – OUT-LAW.com

Posted January 11th, 2018 in data protection, EC law, fines, news, regulations by tracey

‘Data breaches that arise after new EU data protection laws take effect but which stem from security flaws that were known about prior to then will be enforced under the General Data Protection Regulation (GDPR), the UK’s data protection watchdog has said.’

Full Story

OUT-LAW.com, 10th January 2018

Source: www.out-law.com

Researchers to be free to test anonymisation measures under UK data protection reforms – OUT-LAW.com

Posted January 11th, 2018 in anonymity, bills, data protection, EC law, news by tracey

‘Planned changes to UK data protection laws will not put security researchers at risk of breaking the law when they test the effectiveness of data anonymization measures, as had been feared.’

Full Story

OUT-LAW.com, 11th January 2018

Source: www.out-law.com

Lords vote for second Leveson probe into press conduct – BBC News

‘Peers have backed a proposal that would require Theresa May to proceed with the second stage of the Leveson inquiry.’

Full Story

BBC News, 10th January 2018

Source: www.bbc.co.uk

Data protection bill amended to protect security researchers – The Guardian

Posted January 10th, 2018 in anonymity, bills, data protection, internet, news by sally

‘The government is to amend the data protection bill to protect security researchers who work to uncover abuses of personal data, quelling fears that the bill could accidentally criminalise legitimate research.’

Full Story

The Guardian, 9th January 2018

Source: www.theguardian.com

Data Breaches, Vicarious Liability of Employers & the Impact on the Insurance Industry – Six Pump Court

Posted January 9th, 2018 in data protection, employment, insurance, news by sally

‘The recent judgment in the Morrisons case Various Claimants and WM Morrisons Supermarket PLC concerning the vicariously liability of employers for the actions of employees involved in breaches of data is potentially highly significant for the insurance industry – both for the insurer and the insured.’

Full Story

Six Pump Court, 8th January 2018

Source: www.6pumpcourt.co.uk

Candy Crush (-es Holyoake) – Panopticon

Posted January 4th, 2018 in data protection, disclosure, news by sally

‘Readers of this blog will recall an important DPA judgment, particularly on the legal professional privilege exemption, which came out in January 2017 called Holyoake v Candy & CPC [2017] EWHC 52 (QB) (see the blogpost here). That case has, however, involved various pieces of satellite litigation including a 193 page judgment of Nugee J handed down just before Christmas in Holyoake & Hotblack v Candy & Candy & others [2017] EWHC 3397 (Ch).For some reason the parties to the extensive Chancery proceedings appear to have seen as most important the multi-million pound claims for misrepresentation, duress, unlawful means conspiracy, interference with economic interests, undue influence, breach of consumer credit legislation, breach of the rule against penalty clauses and the exotically named extortion under colour of due process. For very detailed and lengthy reasons which it is unnecessary to set out here, Nugee J rejected all of Mr Holyoake’s various claims. The judge made numerous adverse findings in respect Mr Holyoake’s performance as a witness, although it is fair to say that the Candy brothers did not escape without some measure of criticism either. (I should declare that I acted for Candy and CPC in the earlier DPA proceedings; although all of the Panopticon editors were on one side or the other.)’

Full Story

Panopticon, 29th December 2017

Source: panopticonblog.com

Police made ‘appalling’ errors in using internet data to target suspects – The Guardian

Posted December 21st, 2017 in data protection, internet, mistake, news, police, privacy, reports, sexual offences, warrants by tracey

‘Police have made serious errors getting search warrants for suspected sex offenders, leading to the targeting of innocent people and children being wrongly separated from their parents, an official report has revealed.’

Full Story

The Guardian, 20th December 2017

Source: www.theguardian.com

Employer liable for disgruntled employee’s deliberate data breach – Technology Law Blog

Posted December 20th, 2017 in computer crime, data protection, news, vicarious liability by sally

‘WM Morrisons Supermarket plc have been held liable to 5,518 of their employees for a deliberate data breach by a rogue employee, Andrew Skelton.’

Full Story

Technology Law Update, 19th December 2017

Source: www.technology-law-blog.co.uk

Watchdog concerned that government plans for the Data Protection Bill threaten its independence – OUT-LAW.com

Posted December 12th, 2017 in bills, data protection, news by sally

‘The UK’s data protection watchdog has raised concerns that proposed new UK laws threaten its ability to operate independently of the government.’

Full Story

OUT-LAW.com, 11th December 2017

Source: www.out-law.com

Three out of four small and medium-sized businesses not ready for new data laws face huge fines – The Independent

Posted December 12th, 2017 in data protection, fines, news, small businesses by sally

‘Three-quarters of Britain’s small and medium-sized businesses are unprepared for the introduction of strict new EU data laws designed to protect people’s private information following a number of high profile data breaches, a merchant bank has warned.’

Full Story

The Independent, 11th December 2017

Source: www.independent.co.uk

Landmark judgment in group litigation data leak claim – 5RB

‘Judgment in the trial on liability in a group litigation claim brought by 5,518 employees of the supermarket chain WM Morrison Supermarkets PLC has been handed down today [1 December].’

Full Story

5RB, 1st December 2017

Source: www.5rb.com

Data Breach, Group Actions, and the criminal insider: the Morrisons case – Panopticon

Posted December 7th, 2017 in appeals, damages, data protection, mental health, news, vicarious liability by sally

‘In Vidal-Hall v Google [2015] EWCA Civ 311 the Court of Appeal held that damages claims under section 13 of the Data Protection Act 1998 (DPA) can be brought on the basis of distress alone, without monetary loss. Since that decision there has much speculation that a major data breach could lead to distress-based claims against the data controller by a large class of individuals. Even if each individual claim was modest (in the hundreds or low thousands of pounds) the aggregate liability could be substantial.’

Full Story

Panopticon, 6th December 2017

Source: panopticonblog.com

UK admits that Investigatory Powers Act needs updated to comply with EU law – OUT-LAW.com

‘The Investigatory Powers Act needs to be updated if it is to comply with EU law, the UK government has admitted.’

Full Story

OUT-LAW.com, 1st December 2017

Source: www.out-law.com

The data protection bill is yet another legal threat to UK press freedom – The Guardian

‘Proposals to allow the information commissioner to assess journalists’ use of private information before publication could let the powerful off the hook.’

Full Story

The Guardian, 3rd December 2017

Source: www.theguardian.com

Vicarious Liability and Data Controllers – Panopticon

Posted December 1st, 2017 in data protection, news, vicarious liability by tracey

‘The High Court (Langstaff J) has today handed down an almost 200 paragraph judgment in the first ever group litigation data breach case to come before the courts. The issue for the court was whether the defendant data controller, Morrisons, was in principle either directly or vicariously liable for the actions of a rogue employee who had, as an act of malice directed at his employer, taken payroll data relating to some 100,000 employees and published it online. The court concluded that, despite itself having been entirely innocent of the misuse, Morrisons was in principle liable to compensate all the claimants in the group, some 5,500 individuals, on the basis of the application of common law (no fault) vicarious liability principles.’

Full Story

Panopticon, 1st December 2017

Source: panopticonblog.com