Off the rails?

Handley Gill Limited’s specialist data protection and ESG consultants consider the results of the Information Commissioner’s Office’s Cyber Security Incident Trends Report for Q1 2024 and the implications for Sir Keir Starmer’s new Labour government, calling for a greater understanding of and focus on cyber and information risk management by directors and trustees.

Nicola Cain11 July 2024Cyber Security, Data Protection, Cyber Security Breaches Survey 2024, Department for Science Innovation and Technology, Information Commissioner, Information Commissioner's Office, Cyber Attack, Data Breach, Data Breaches, Data Breach Statistics, Data Security Incident Trends Report, National Cyber Security Strategy 2022, Directors' Duties, ESGComment

Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Nicola Cain12 June 2024Data Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment

On Hand May 2024

The May 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 May 2024On Hand, Cyber Security, Information Security, Cyber Attack, Data Breach, Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, Data Protection and Digital Information Bill, DPDI Bill, Information Commissioner, Information Commissioner's Office, EDPB, European Data Protection Board, Artificial Intelligence, AI, AI Regulation, Machine Learning, Algorithmic Accountability, Algorithm Transparency, Open Justice, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Information, CONTENT REGULATION, Broadcasting Code, Broadcasting Regulation, VSPs, Video Sharing Platforms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, Privacy, Data Privacy, Digital Markets, Human Rights, Human Rights Act 1998, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, OFCOMComment

Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!

CrapITa

Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.

Nicola Cain10 June 2023Data Protection, Personal Data, Information Security, Cyber Security, Cyber Resilience, Cyber Attack, Data Breach, Supply Chain Risk, Supply Chain Security, Vendor Management, Capita, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Pensions Regulator, Financial Conduct Authority, FCA, Data subjects, Compensation, Data litigation, Ransom, Ransom Payment, Department for Science Innovation & Technology, DSIT, Cyber Security Breaches Survey 2023, Article 25(1) UK GDPR, Article 25(1) GDPR, Data Controller, Data Processor, Data Processing Agreement, DPA, Data Processing, Article 28 GDPR, Article 28 UK GDPR, Article 32 GDPR, Article 32 UK GDPR, Cyber Insurance, Cyber Insurance Cover, Liability, Data protection impact assessment, DPIA, Administrative fine, Monetary penalty, Article 82(3) UK GDPR, Article 82(3) GDPR, Regulatory Action Policy, Article 33 UK GDPR, Article 33 GDPR, Article 34 UK GDPR, Data Breach Notification, Breach Response Plan, Incident Response Plan, Injunction, Injunctive Relief, Article 82 GDPR, Article 82 UK GDPR, CVE-2023-34362Comment

On Hand May 2023

May 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management and digital markets regulation. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain1 June 2023Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, Information Commissioner, Data Protection Commission, CONTENT REGULATION, AI, Artificial Intelligence, AI Regulation, Machine Learning, Cyber Security, Cyber Resilience, Digital Markets Regulation, Reputation Management, Defamation, Privacy, Data Privacy, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Breach of Confidence, Data Breach, Press Regulation, Broadcasting, Broadcasting Regulation, Ofcom, Digital Markets Competition & Consumers Bill, European Data Protection Board, EDPB, On Hand, Facial Recognition, Meta Platforms Ireland Limited, Ransomware, Data Protection & Digital Information (No.2) Bill, EU law, Retained EU Law, BREXIT, Brexit Freedoms Bill, Retained EU Law (Revocation and Reform) Bill, Cyber Attack, ESG, Environmental Social & Governance, Environmental, Environmental Social & Corporate Governance, Human Rights, China, Data Transfer, International data transfers, Restricted International Data Transfers, Broadcasting Code, Ofcom Broadcasting Code, Online Safety, Online Harms, eSafety, Open Justice, Reporting Restriction, CHILDREN, Children's Data, Misinformation, Disinformatoin, Disinformation, Illegal Harms, Child Sexual Abuse Regulation, Child Sexual Abuse Material, CSAMComment

Your money... and your life?

New cyber sanctions imposed by the UK and US governments against Russian nationals expose victims of ransomware, and their individual directors and officers, to criminal liability in the event that ransom payments are made.

Nicola Cain21 February 2023Ransom, Ransomware, Sanctions, Cyber Sanctions, Ransom Payment, Russia, Ukraine, Sophos State of Ransomware 2022 white paper, Information Commissioner, ICO, Home Secretary, Priti Patel, CyberUK Conference 2021, NCSC, National Cyber Security Centre, NCA, National Crime Agency, OFSI, Office of Financial Sanctions Implementation, Cyber Attack, Cyber Crime, Data Breach, Data Loss, Conti, Conti ransomware, Personal Data, Data Protection, UK Sanctions List, Guidance on Ransomware & Financial Sanctions, HM Treasury, Directors Duties, Directors' Duties, Criminal Offence, Criminal Liability, Cyber (Sanctions) (EU Exit) Regulations 2020, SI 2020/597, Sanctions & Anti-Money Laundering Act 2018, Designated Person, Cryptocurrency, Virtual assets, Due Diligence, Trickbot, Ransomware Victim, CPS, Crown Prosecution Service, Malware, Data Controller, Data ProcessorComment

Too Many Phish in the Sea!

DCMS has recently published its Cyber Security Breaches Survey 2022, based on data gathered by IPSOS MORI over winter 2021/22, which reveals that businesses and charities continue to be under prepared to respond to inevitable cyber security incidents and data breaches.

In this post, we highlight some of the key findings of the survey and identify advice, guidance and free solutions to common cyber resilience shortcomings.

Protective MeasuresNicola Cain17 April 2022Handley Gill Limited#CyberSecurity, #DataBreach, #CyberAttack, #Phishing, #Ransomware, #GDPR, #UKGDPR, #DPA2018, #DCMS, #CyberSecurityBreachesSurvey, #CyberSecurityBreachesSurvey2022, #DataBreachStatistics, #Malware, #CyberResilience, #CyberInsurance, #IncidentResponse, #CyberSecurityIncident, #DataBreachResponse, #SMEs, #Charities, #Business, #Charity, #Retail, #Education, #NCSC, #PoliceCyberAlarm, #NPCC, #LawEnforcement, #ActionFraud, #Police, #Sanctions, #SupplyChainRisk, #ThirdPartyRisk, #Training, #Logging, #TechnicalAndOrganisationalMeasures, #Penalties, #Article28, #Article32, #DataProtection, #Compliance, #SupplyChainSecurity, #CyberSecurityStrategy, #IncidentResponsePlan, #Trustees, #BusinessContinuity, #DisasterRecovery, #DataBreachReporting, #CyberCover, #IncidentReporting, #CSuite, Cyber Security, DCMS, Ransomware, Data Breach, Supply Chain Risk, Directors, Law Enforcement, Police, NCSC, National Cyber Security Centre, Cyber Attack, GDPR, UK GDPR, General Data Protection Regulation, DPA 2018, Data Protection Act 2018, Department for Culture, Cyber Security Breaches Survey, Cyber Security Breaches Survey 2022, Data Breach Statistics, Malware, Cyber Resilience, Cyber Insurance, Incident Response, Cyber Security Incident, Data Breach Response, SMEs, Micro Businesses, Charities, Start Ups, Retail, Education, Police CyberAlarm, NPCC, National Police Chiefs' Council, Action Fraud, Information Security, Cyber Crime, Sanctions, Third Party Risk, Training, Logging, Technical & Organisational Measures, Protective Measures, Costs, Fines, Administrative fine, Penalties, Monetary penalty, Data Protection, Article 28 GDPR, Article 32 GDPR, Article 28 UK GDPR, Article 32 UK GDPR, Compliance, Cyber Griffin, Cyber Essentials, Supply Chain Security, Cyber Security Strategy, Incident Response Plan, Breach Response Plan, Data breach costs, Trustees, Business Continuity, Disaster Recovery, Data Breach Reporting, Cyber Insurance Cover, Incident Reporting, C Suite, Data Controller, Data ProcessorComment