Charlie Weston-Simons

Charlie Weston-Simons

A&O Shearman

Contact
View Bio
RSS

Latest Posts › UK

Share:

Insuring data breach liabilities – how different policies can stack up and the problem of late notification

An English Court has recently decided that three insurance policies covering the same loss – data breach settlements arising from an incorrectly addressed email – provided a combined, cumulative limit of indemnity. While the...more

5/19/2025  /  Cyber Insurance , Cybersecurity , Data Breach , Data Protection , Insurance Claims , Insurance Litigation , Liability , Policy Terms , Professional Liability Insurance , Settlement , UK

Operational resilience in banking: from regulatory compliance to strategic priority

As regulatory frameworks tighten and cybersecurity threats grow in complexity, operational resilience is, now more than ever, a boardroom challenge for banks....more

4/29/2025  /  Banks , Compliance , Cybersecurity , Digital Operational Resilience Act (DORA) , EU , Financial Institutions , Financial Services Industry , Regulatory Requirements , Risk Management , UK

End of the Road for Representative Actions in English Data Claims

How should multiple claimants seek compensation for alleged data misuse? It had originally been thought that the answer might be a representative action; an “opt-out” procedure enabling a single claimant to bring proceedings...more

1/13/2025  /  Class Action , Consumer Privacy Rights , Data Breach , Data Privacy , Data Protection , Privacy Laws , Privacy Torts , Regulatory Oversight , Regulatory Requirements , UK

English Court reviews the ICOs first GDPR fine (again)

In December 2019, the UK Information Commissioner’s Office (ICO) imposed a fine of £275,000 on Doorstep Dispensaree Limited (DDL) for multiple contraventions of the GDPR. On December 9 2024, five years on and three judgments...more

12/19/2024  /  Cybersecurity , Data Breach , Data Controller , Document Destruction , Enforcement Actions , Fines , General Data Protection Regulation (GDPR) , Information Commissioner's Office (ICO) , Personal Data , UK

English judgment shines light on ICO investigation into Cambridge Analytica

On March 23 2018, the Information Commissioner’s Office (ICO) executed a warrant to enter and search the offices of Cambridge Analytica. The purpose of the search was to access records concerning its alleged use of personal...more

12/18/2024  /  Analytics , Commercial Litigation , Corporate Governance , Data Protection , EU , Information Commissioner's Office (ICO) , Investigations , Personal Data , Search & Seizure , UK

English court determines the “meaning” of personal data

In a previous blog post we considered an unsuccessful application to strike out a claim for alleged breaches of the UK GDPR, on the grounds that the claim was – in substance – a defamation claim. That application was...more

12/2/2024  /  Data Privacy , Data Protection , Defamation , EU , General Data Protection Regulation (GDPR) , Personal Data , Statutory Interpretation , UK

Securing our world: how businesses can prepare for and recover from cyber attacks

As part of our Cybersecurity Awareness Month program of events, we hosted our inaugural Cybersecurity Forum on October 1 at our London office and online. Compèred by Ffion Flockhart, global head of cybersecurity, the day’s...more

11/27/2024  /  Acquisitions , Corporate Governance , Cyber Attacks , Cyber Incident Reporting , Cybersecurity , Data Breach , Data Controller , EU , Incident Response Plans , Mergers , Personal Data , Privacy Laws , Ransomware , Risk Mitigation , UK

When does payment card data qualify as personal data? English Court gives new guidance on this question

The Upper Tribunal (UT) has overturned a decision by the First-tier Tribunal (FTT), relating to a Monetary Penalty Notice (MPN) that was issued by the Information Commissioner (ICO). All of this stemmed from a cyber-attack...more

11/6/2024  /  Credit Cards , Cyber Attacks , Data Security , Debit Cards , EU , Information Commissioner's Office (ICO) , Payment Methods , Personal Data , UK , UK Data Protection Act , UK GDPR

UK - When is a data protection claim not a data protection claim?

In a recent case, Pacini & Anor v Dow Jones & Company Inc., the publisher of the Wall Street Journal unsuccessfully applied to strike out a data protection claim concerning two historic articles....more

7/17/2024  /  Cyber Crimes , Cybersecurity , Data Breach , Data Protection , Data Protection Authority , General Data Protection Regulation (GDPR) , Personal Data , UK
9 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide