Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure....more
General Data Protection Regulation Update - As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more
Under section 56 of the Data Protection Act 1998 (DPA), it is now a criminal offence for any person or organisation to require an individual to submit a ‘subject access request’ (i.e. the right for an individual to access any...more
On January 24, 2013, the UK Data Protection Watchdog — the UK Information Commissioner's Office (ICO) — fined Sony Computer Entertainment Europe Limited £250,000 (about $400,000) for its alleged failure to implement...more
Introduction - On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security...more
The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during which hackers gained access to personal data (including credit card information) of over 77 million...more