What to do in a personal data breach

"We are serious about the handling of personal data and keep all your data secure." Everybody says that, don't they? That doesn't necessarily mean they won't commit a personal data breach though. Some breaches arise because of poor security which fails to prevent hackers. Others are due to carelessness or accidents by employees. Many people … Continue reading What to do in a personal data breach


GDPR: Episode 3

The General Data Protection Regulation is the big topic at the moment. In episode 1 of Technology & the Law we looked at GDPR in relation to data location. In episode 3 we looked more broadly at GDPR issues. There is no magic wand which a consultant can wave to make you GDPR compliant: you … Continue reading GDPR: Episode 3

Privacy Shield not ready yet

Two working parties, ministers galore... but data transfer law remains in limbo The revelations by rogue NSA sysadmin Edward Snowden in 2013 caused indignant EU politicians to open a dialogue with the US government to update the data transfer regime to safeguard personal data. The Privacy Shield is the culmination of those discussions. The US's hands-off approach … Continue reading Privacy Shield not ready yet

Brexit = Legal Armageddon?

The Brexit debate continues and, with the Leave and Remain camps neck and neck, it looks likely that the undecided few will carry the result. It seems that we can expect more headline-grabbing soundbites until the vote on June 23. The polarised nature of this debate is throwing up some interesting oddities, so you might … Continue reading Brexit = Legal Armageddon?

Data transfers post Schrems

Transfers of data from EU to US can still occur. The Article 29 Working Party has set a deadline of end of January 2016 for Safe Harbour 2.0 to be finalised. After this, depending upon what transfer methods are being used, the data protection authorities will start taking enforcement action. The European Commission sets out … Continue reading Data transfers post Schrems

US & Microsoft return to court over access to Dublin data

Finally, after going quiet for several months, the US Gov & Microsoft is set to return to court. The US government had obtained a court ruling under the US Stored Communications Act to allow it to gain access to data held in Microsoft's Dublin datacentre. Microsoft had resisted on the basis that Irish law should … Continue reading US & Microsoft return to court over access to Dublin data

Carphone Warehouse data hack

The hack of 2.4m Carphone Warehouse customer records (including 90,000 credit card details) has received much coverage in the press. The Information Commissioner's Office, the body that regulates compliance with the UK Data Protection Act, has said that is "making enquiries". It would be inappropriate for me to comment on whether Carphone Warehouse could have been … Continue reading Carphone Warehouse data hack