On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used...more
Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more
When the regulator has decided to investigate your organisation following a data breach, the remit for the investigation will be wide-ranging and go beyond the narrow circumstances of the breach. Recent decisions shed useful...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more