Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!

Online Safety. This looks like a job for...

Handley Gill’s specialist online safety consultants respond to the Department for Science, Innovation & Technology’s consultation on ‘Super-complaints: eligible entity criteria and procedural requirements’ under the Online Safety Act 2023. Ofcom will be responsible for considering super-complaints.

The Bill with the Holes?

Handley Gill’s consultants consider the new Artificial Intelligence (Regulation) Bill, which would establish the AI Authority, impose a requirement to make regulations on AI Responsible Officers (AIROs) and impose notification and compliance obligations in relation to training data.

Nicola Cain26 November 2023Artificial Intelligence, AI, AI Regulation, Artificial Intelligence (Regulation) Bill, HL Bill 11 2023-24, Artificial Intelligence Authority, AI Authority, Artificial Intelligence Responsible Officer, AI Responsible Officer, AIRO, AI Officer, AI Auditor, AI Audit, Regulatory Sandbox, AI Training, AI Training Data, Personal Data, Intellectual Property, Intellectual Property Rights, IP, IPR, Informed Consent, Lord Holmes of Richmond, House of Commons Science Innovation & Technology Committee, Department for Science Innovation & Technology, DSIT, Secretary of State for Science Innovation & Technology, AI Risk Assessment Framework, AI Risk Assessment, AIRA, AI White Paper, A pro-innovation approach to AI regulation, AI Guardrails, AI Transparency, AI Explainability, AI Fairness, AI Accountability, AI Governance, AI Safety, AI Contestability, AI Bias, AI Disctimination, Privacy, Misuse of Private Information, Equality Act 2010, Bletchley DeclarationComment

Sifting Out Data Protection Rights?

The Government has prepared a draft statutory instrument, The Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023, to amend the UK GDPR and Data Protection Act 2018, and laid it before the Sifting Committees. The SI would re-define post-Brexit the definition of fundamental rights and freedoms in data protection legislation. Handley Gill’s specialist data protection consultants consider the implications of the SI for the enforcement of data protection rights across the UK.

Nicola Cain11 September 2023Department for Science Innovation & Technology, DSIT, Data Protection, Personal Data, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Protection Act 2018, Brexit, Retained EU Law (Revocation and Reform) Bill, European Union (Withdrawal) Act 2018, The Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023, European Convention on Human Rights, ECHR, Human Rights, Human Rights Act 1998, Fundamental Rights & Freedoms, Convention Rights, Article 8 European Convention on Human Rights, Article 8 ECHR, Right to Private and Family Life, Right to respect for private and family life, Article 8 European Charter of Fundamental Freedoms, Charter of Fundamental Rights of the European Union, (1) Satakunnan Markkinapörssi Oy and (2) Satamedia Oy v Finland, Information Commissioner, Privacy, Data Controller, REUL (Revocation and Reform) Act 2023, REUL (Revocation and Reform) Act 2023 Statutory Instruments, Retained EU Law (Revocation and Reform) Act 2023Comment

CrapITa

Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.

Nicola Cain10 June 2023Data Protection, Personal Data, Information Security, Cyber Security, Cyber Resilience, Cyber Attack, Data Breach, Supply Chain Risk, Supply Chain Security, Vendor Management, Capita, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Pensions Regulator, Financial Conduct Authority, FCA, Data subjects, Compensation, Data litigation, Ransom, Ransom Payment, Department for Science Innovation & Technology, DSIT, Cyber Security Breaches Survey 2023, Article 25(1) UK GDPR, Article 25(1) GDPR, Data Controller, Data Processor, Data Processing Agreement, DPA, Data Processing, Article 28 GDPR, Article 28 UK GDPR, Article 32 GDPR, Article 32 UK GDPR, Cyber Insurance, Cyber Insurance Cover, Liability, Data protection impact assessment, DPIA, Administrative fine, Monetary penalty, Article 82(3) UK GDPR, Article 82(3) GDPR, Regulatory Action Policy, Article 33 UK GDPR, Article 33 GDPR, Article 34 UK GDPR, Data Breach Notification, Breach Response Plan, Incident Response Plan, Injunction, Injunctive Relief, Article 82 GDPR, Article 82 UK GDPR, CVE-2023-34362Comment

On Hand April 2023

April 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management and digital markets regulation. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain30 April 2023Data Protection, Personal Data, GDPR, UK GDPR, Data Protection Act 2018, DPA 2018, Privacy and Electronic Communications Regulations, PECR, Data Reform Bill, Data Protection and Digital Information (No. 2) Bill, Information Commissioner, Content Regulation, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Digital Markets Regulation, AI Regulation, Reputation Management, Defamation, Privacy, Data Privacy, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Breach of Confidence, Digital Services Act, Data Subject Rights, Data Subject Rights Request, Data Subject Access Request, Global Cross Border Privacy Rules Forum, IMPRESS, Press Regulation, DSIT, Department for Science Innovation & Technology, Cyber Security Breaches Survey 2023, Digital Markets Competition & Consumers Bill, EDPB, European Data Protection Board, Data Breach, Data Breach Reporting, Data Breach Notification, Facial Recognition, Ofcom, On Hand, Product Security and Telecommunications Infrastructure Act 2002Comment

On Hand March 2023

March 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection, cyber security, AI and machine learning, content regulation, access to information and reputation management. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain21 April 2023On Hand, Data Protection, Personal Data, GDPR, UK GDPR, DPA 2018, Data Protection Act 2018, Data Protection Reform, Data Reform Bill, Data Protection & Digital Information Bill, Data Protection & Digital Information (No.2) Bill, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Age Appropriate Design Code, European Data Protection Board, EDPB, Department for Science Innovation & Technology, DSIT, Privacy, Misuse of Private Information, Information Commissioner, ICO, Data Protection Officer, DPO, Data protection Legislation, Information Rights, Access to Information, Freedom of Information Act 2000, FOIA, Human Rights, Content Regulation, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, First Tier Tribunal (Information Rights), European Court of Human Rights, Data Breach, Data Breach Reporting, AI Regulation, Reputation Management, Libel, Slander, Defamation, Breach of Confidence, Confidential Information, Open JusticeComment

What's missing from the Computer Misuse Act 1990?

Handley Gill Limited’s consultants respond to the Home Office consultation on proposals to revise the Computer Misuse Act 1990 to introduce additional powers for law enforcement bodies to takedown and seize domains and IP addresses and, require the preservation of data, as well as to introduce new offences and stronger sentencing for the copying of data. We also call for stronger cyber resilience legislation, through the introduction of minimum cyber security standards, while rejecting lobbying efforts for a blanket public interest defence to CMA offences. Finally, we advocate for stronger extra-territoriality of CMA offences and stronger sentencing powers and associated guidance.

Nicola Cain10 April 2023Cyber Security, Cyber Resilience, Computer Misuse Act 1990, CMA, CMA 1990, Law Enforcement, Domain name registrars, Domain name registries, Internet Service Providers, ISPs, Hosting providers, Web hosts, Consultation, Consultation Response, Public Interest, Public Interest Defence, CyberUp campaign, Sir Patrick Vallance, Chief Scientific Adviser, HM Treasury, Home Office, Pro-Innovation Regulation for Digital Technologies Review, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, Domain name takedown and seizure, IP address take down and seizure, Online intermediaries, Domain name and IP address takedown and seizure, Data preservation, Data copying, Crown Prosecution Service, CPS, Product Security and Telecommunications Infrastructure Act 2002, Hacking, Proposal for legislation to improve the UK's cyber resilience, DSIT, Department for Science Technology & Innovation, Copyright, Copyright Designs and Patents Act 1988, CDPA 1988, s107 Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, Section 170(1)(a) Data Protection Act 2018, Personal Data, Commercial Data, s170(1)(a) Data Protection Act 2018, Information Commissioner, Information Commissioner's Office, ICO, Data Breach, Data Protection, Data Protection Offences, Intellectual Property, Intellectual Property OffencesComment

SIT down...

The Prime Minister, Rishi Sunak, has announced that a new government department is to be created, the Department for Science, Technology & Innovation, which is likely to take on responsibility from DCMS for online safety and data protection.