Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Posts tagged Data Breach
Security guaranteed?
Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Read More
Nicola CainData Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment
Breach? Don’t preach! Take some good advice!
Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!

Read More
Nicola CainCyber Security, Information Security, Cyber Incident, Cyber Attack, Data Protection, Personal Data, UK GDPR, DATA PROTECTION ACT 2018, Article 33 UK GDPR, Article 34 UK GDPR, Article 33 GDPR, Article 34 GDPR, Incident Response Plan, Breach Response Plan, Data Breach, Data Breach Reporting, Data Breach Response, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, Cyber Security Breaches Survey 2024, Cyber Breaches Survey 2024, Cyber Insurance, Department for Science Innovation & Technology, DSITComment
Britain's Got Talent's Got Problems
Britain's Got Talent's Got Problems

Handley Gill Ltd’s specialist consultants provide initial comment and analysis on The Sun’s report of David Walliams’ data protection claim against one of the co-producers of ITV’s Britain’s Got Talent, Fremantle Media, including the nature of the claim, potential defences and the sums being claimed. The claim arises from the the leak of a transcript of comments made by Walliams on set to The Guardian in November 2022.

Read More
Nicola CainData Protection, Personal Data, Data Protection Act 1998, GDPR, General Data Protection Regulation, DATA PROTECTION ACT 2018, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Breach, Data Litigation, Sensitive Personal Data, SPECIAL CATEGORY PERSONAL DATA, S.2 Data Protection Act 1998, S.32 Data Protection Act 1998, Special Purposes Processing, Special Purposes Exemption, Journalism Art or Literature, Article 9 GDPR, Article 9 UK GDPR, Data Protection Offences, s.170 Data Protection Act 2018, S.170 DPA 2018, Right to Erasure, Right to be Forgotten, Article 17 GDPR, Article 17 UK GDPR, WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, TLT v Secretary of State for the Home Department [2016] EWHC 2217 (QB), Sir Cliff Richard v (1) BBC and (2) Chief Constable of South Yorkshire Police [2017] EWHC 1291 (Ch), Article 33 GDPR, Article 33 UK GDPR, Personal Data Breach Record, Breach Log, Data protection impact assessment, DPIA, Legitimate Interests Assessment, LIA, Retention Schedule, Privacy Notice, Data Controller, Vicarious LiabilityComment
CrapITa
CrapITa

Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.

Read More
Nicola CainData Protection, Personal Data, Information Security, Cyber Security, Cyber Resilience, Cyber Attack, Data Breach, Supply Chain Risk, Supply Chain Security, Vendor Management, Capita, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Pensions Regulator, Financial Conduct Authority, FCA, Data subjects, Compensation, Data litigation, Ransom, Ransom Payment, Department for Science Innovation & Technology, DSIT, Cyber Security Breaches Survey 2023, Article 25(1) UK GDPR, Article 25(1) GDPR, Data Controller, Data Processor, Data Processing Agreement, DPA, Data Processing, Article 28 GDPR, Article 28 UK GDPR, Article 32 GDPR, Article 32 UK GDPR, Cyber Insurance, Cyber Insurance Cover, Liability, Data protection impact assessment, DPIA, Administrative fine, Monetary penalty, Article 82(3) UK GDPR, Article 82(3) GDPR, Regulatory Action Policy, Article 33 UK GDPR, Article 33 GDPR, Article 34 UK GDPR, Data Breach Notification, Breach Response Plan, Incident Response Plan, Injunction, Injunctive Relief, Article 82 GDPR, Article 82 UK GDPR, CVE-2023-34362Comment
On Hand April 2023
On Hand April 2023

April 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management and digital markets regulation. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Read More
Nicola CainData Protection, Personal Data, GDPR, UK GDPR, Data Protection Act 2018, DPA 2018, Privacy and Electronic Communications Regulations, PECR, Data Reform Bill, Data Protection and Digital Information (No. 2) Bill, Information Commissioner, Content Regulation, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Digital Markets Regulation, AI Regulation, Reputation Management, Defamation, Privacy, Data Privacy, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Breach of Confidence, Digital Services Act, Data Subject Rights, Data Subject Rights Request, Data Subject Access Request, Global Cross Border Privacy Rules Forum, IMPRESS, Press Regulation, DSIT, Department for Science Innovation & Technology, Cyber Security Breaches Survey 2023, Digital Markets Competition & Consumers Bill, EDPB, European Data Protection Board, Data Breach, Data Breach Reporting, Data Breach Notification, Facial Recognition, Ofcom, On Hand, Product Security and Telecommunications Infrastructure Act 2002Comment
On Hand March 2023
On Hand March 2023

March 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection, cyber security, AI and machine learning, content regulation, access to information and reputation management. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Read More
Nicola CainOn Hand, Data Protection, Personal Data, GDPR, UK GDPR, DPA 2018, Data Protection Act 2018, Data Protection Reform, Data Reform Bill, Data Protection & Digital Information Bill, Data Protection & Digital Information (No.2) Bill, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Age Appropriate Design Code, European Data Protection Board, EDPB, Department for Science Innovation & Technology, DSIT, Privacy, Misuse of Private Information, Information Commissioner, ICO, Data Protection Officer, DPO, Data protection Legislation, Information Rights, Access to Information, Freedom of Information Act 2000, FOIA, Human Rights, Content Regulation, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, First Tier Tribunal (Information Rights), European Court of Human Rights, Data Breach, Data Breach Reporting, AI Regulation, Reputation Management, Libel, Slander, Defamation, Breach of Confidence, Confidential Information, Open JusticeComment
What's missing from the Computer Misuse Act 1990?
What's missing from the Computer Misuse Act 1990?

Handley Gill Limited’s consultants respond to the Home Office consultation on proposals to revise the Computer Misuse Act 1990 to introduce additional powers for law enforcement bodies to takedown and seize domains and IP addresses and, require the preservation of data, as well as to introduce new offences and stronger sentencing for the copying of data. We also call for stronger cyber resilience legislation, through the introduction of minimum cyber security standards, while rejecting lobbying efforts for a blanket public interest defence to CMA offences. Finally, we advocate for stronger extra-territoriality of CMA offences and stronger sentencing powers and associated guidance.

Read More
Nicola CainCyber Security, Cyber Resilience, Computer Misuse Act 1990, CMA, CMA 1990, Law Enforcement, Domain name registrars, Domain name registries, Internet Service Providers, ISPs, Hosting providers, Web hosts, Consultation, Consultation Response, Public Interest, Public Interest Defence, CyberUp campaign, Sir Patrick Vallance, Chief Scientific Adviser, HM Treasury, Home Office, Pro-Innovation Regulation for Digital Technologies Review, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, Domain name takedown and seizure, IP address take down and seizure, Online intermediaries, Domain name and IP address takedown and seizure, Data preservation, Data copying, Crown Prosecution Service, CPS, Product Security and Telecommunications Infrastructure Act 2002, Hacking, Proposal for legislation to improve the UK's cyber resilience, DSIT, Department for Science Technology & Innovation, Copyright, Copyright Designs and Patents Act 1988, CDPA 1988, s107 Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, Section 170(1)(a) Data Protection Act 2018, Personal Data, Commercial Data, s170(1)(a) Data Protection Act 2018, Information Commissioner, Information Commissioner's Office, ICO, Data Breach, Data Protection, Data Protection Offences, Intellectual Property, Intellectual Property OffencesComment
Your money... and your life?
Your money... and your life?

New cyber sanctions imposed by the UK and US governments against Russian nationals expose victims of ransomware, and their individual directors and officers, to criminal liability in the event that ransom payments are made.

Read More
Nicola CainRansom, Ransomware, Sanctions, Cyber Sanctions, Ransom Payment, Russia, Ukraine, Sophos State of Ransomware 2022 white paper, Information Commissioner, ICO, Home Secretary, Priti Patel, CyberUK Conference 2021, NCSC, National Cyber Security Centre, NCA, National Crime Agency, OFSI, Office of Financial Sanctions Implementation, Cyber Attack, Cyber Crime, Data Breach, Data Loss, Conti, Conti ransomware, Personal Data, Data Protection, UK Sanctions List, Guidance on Ransomware & Financial Sanctions, HM Treasury, Directors Duties, Directors' Duties, Criminal Offence, Criminal Liability, Cyber (Sanctions) (EU Exit) Regulations 2020, SI 2020/597, Sanctions & Anti-Money Laundering Act 2018, Designated Person, Cryptocurrency, Virtual assets, Due Diligence, Trickbot, Ransomware Victim, CPS, Crown Prosecution Service, Malware, Data Controller, Data ProcessorComment
Exclusive: Information Commissioner’s Office kisses source protection goodbye
Exclusive: Information Commissioner’s Office kisses source protection goodbye

Exclusive: Information Commissioner’s Office breached obligations when targeting journalists’ sources by conducting raids over Hancock snog CCTV footage

Read More
EnforcementNicola CainData Protection, Personal Data, Data Protection Act 2018, DPA 2018, Data Offences, Data Protection Offences, Data Protection Enforcement, Law Enforcement, Journalism, Special Purposes, Schedule 2 Part 5 Data Protection Act 2018, Journalistic Source, Confidential Source, Source Protection, Unlawful Disclosure, s.170 Data Protection Act 2018, Search Warrant, Schedule 15 Data Protection Act 2018, Data Breach, Unlawful processing, Information Commissioner, Whistleblowing, Freedom of Expression, Article 10 European Convention on Human Rights, Human Rights Act 1998, Police and Criminal Evidence Act 1984, Data Reform Bill, Journalism CodeComment
Too Many Phish in the Sea!
Too Many Phish in the Sea!

DCMS has recently published its Cyber Security Breaches Survey 2022, based on data gathered by IPSOS MORI over winter 2021/22, which reveals that businesses and charities continue to be under prepared to respond to inevitable cyber security incidents and data breaches.

In this post, we highlight some of the key findings of the survey and identify advice, guidance and free solutions to common cyber resilience shortcomings.

Read More
Protective MeasuresNicola CainHandley Gill Limited#CyberSecurity, #DataBreach, #CyberAttack, #Phishing, #Ransomware, #GDPR, #UKGDPR, #DPA2018, #DCMS, #CyberSecurityBreachesSurvey, #CyberSecurityBreachesSurvey2022, #DataBreachStatistics, #Malware, #CyberResilience, #CyberInsurance, #IncidentResponse, #CyberSecurityIncident, #DataBreachResponse, #SMEs, #Charities, #Business, #Charity, #Retail, #Education, #NCSC, #PoliceCyberAlarm, #NPCC, #LawEnforcement, #ActionFraud, #Police, #Sanctions, #SupplyChainRisk, #ThirdPartyRisk, #Training, #Logging, #TechnicalAndOrganisationalMeasures, #Penalties, #Article28, #Article32, #DataProtection, #Compliance, #SupplyChainSecurity, #CyberSecurityStrategy, #IncidentResponsePlan, #Trustees, #BusinessContinuity, #DisasterRecovery, #DataBreachReporting, #CyberCover, #IncidentReporting, #CSuite, Cyber Security, DCMS, Ransomware, Data Breach, Supply Chain Risk, Directors, Law Enforcement, Police, NCSC, National Cyber Security Centre, Cyber Attack, GDPR, UK GDPR, General Data Protection Regulation, DPA 2018, Data Protection Act 2018, Department for Culture, Cyber Security Breaches Survey, Cyber Security Breaches Survey 2022, Data Breach Statistics, Malware, Cyber Resilience, Cyber Insurance, Incident Response, Cyber Security Incident, Data Breach Response, SMEs, Micro Businesses, Charities, Start Ups, Retail, Education, Police CyberAlarm, NPCC, National Police Chiefs' Council, Action Fraud, Information Security, Cyber Crime, Sanctions, Third Party Risk, Training, Logging, Technical & Organisational Measures, Protective Measures, Costs, Fines, Administrative fine, Penalties, Monetary penalty, Data Protection, Article 28 GDPR, Article 32 GDPR, Article 28 UK GDPR, Article 32 UK GDPR, Compliance, Cyber Griffin, Cyber Essentials, Supply Chain Security, Cyber Security Strategy, Incident Response Plan, Breach Response Plan, Data breach costs, Trustees, Business Continuity, Disaster Recovery, Data Breach Reporting, Cyber Insurance Cover, Incident Reporting, C Suite, Data Controller, Data ProcessorComment
B.A. B.A. Black Sheep Returns to the Fold
B.A. B.A. Black Sheep Returns to the Fold

British Airways settles data breach group litigation compensation claims, concluding legal and regulatory proceedings following criminal hack

Read More
Nicola CainData Protection Act 2018, GDPR, General Data Protection Regulation, Data Breach, Hack, Data enforcement, Data regulation, Data litigation, Data protection, Lead supervisory authority, ICO, Data controller, Monetary penalty, Administrative fine, Article 83 GDPR, Article 82 GDPR, Compensation, Regulatory Action Policy, TLT & others v Secretary of State for the Home Department & another [2016] EWHC 2217 (QB), Lloyd v Google LLC [2019] EWCA Civ 1599, Data breach costs, Costs, Group litigation, British Airways Data Event Group Litigation, Weaver & others v British Airways plc [2021] EWHC 217 (QB), Weaver & others v British Airways plc [2021] EWHC 520 (QB), Cyber Security, Technical and organisational measures, Article 24 GDPRComment