Security stimulus

New guidance on good industry practice for directors issued by the Institute of Directors obliges directors and boards to identify and mitigate information and cyber security risks, and to prioritise business resilience, bringing a renewed focus to cyber resilience and supply chain security.

Cyber Security Awareness Month 2024

This Cyber Security Awareness Month, Handley Gill’s specialist consultants identify steps you can take to improve your organisation’s cyber resilience and highlight relevant content and free resources to support you to make Cyber Month 2024 your most secure yet.

Nicola Cain1 October 2024Cyber Security, Cyber Resilience, Information Security, Cyber Month, Cyber Month 2024, #CyberMonth2024, Cyber Security Awareness Month, Cyber Security Awareness Month 2024Comment

On Hand August 2024

August 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 August 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, Cyber Resilience, CONTENT REGULATION, Content Moderation, Online Safety, Online Harms, eSafety, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Confidential Information, Breach of Confidence, Freedom of Expression, Freedom of Speech, Free speech, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, AI, Artificial Intelligence, Digital Markets, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Information Commissioner, ICO, Monetary Penalty Notice, International data transfers, Restricted International Data Transfers, Media Act 2024, Generative AI & Data Protection, Generative AI, Generative Artificial Intelligence, CMA, Competition & Markets Authority, Children's Code, Institute of Directors, IoD, Responsible Business, FCA, Financial Conduct Authority, Data Protection Commission, Leveson, Press Recognition Panel, Press Regulation, Media Regulation, Data Controller, Data Protection Fee, Online Safety Act 2023, Illegal Harms, Digital Markets Competition & Consumers Act, DMCCAComment

Holiday packing list

With the summer holiday season in full swing, Handley Gill Limited’s specialist data protection and cyber resilience consultants consider the data protection and information security risks of staff taking data and devices used for business purposes overseas and the practical measures that organisations can take to safeguard data subject to border control powers.

On Hand July 2024

July 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management and free speech, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 July 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Defamation, Malicious Falsehood, Misuse of Private Information, Privacy, Confidential Information, Breach of Confidence, Article 8 European Convention on Human Rights, Free speech, Freedom of Speech, Freedom of Expression, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, AI, Artificial Intelligence, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Online Safety, Online Harms, eSafety, EU AI Act, Online Safety Act 2023, Digital Markets Act, Cookies, Contempt, EU Corporate Sustainability Due Diligence Directive, Information Commissioner, ICO, Information Commissioner's Office, Data Subject Rights, Data protection impact assessment, DPIAComment

Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Nicola Cain12 June 2024Data Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment

Washed-up or fallen down the plughole?

Following the announcement on 22 May 2024 of the snap General Election to take place on 04 July 2024, Parliament has been prorogued with effect from 24 May 2024 (meaning Parliamentary business is suspended thereafter) and will be dissolved with effect from 30 May 2024. The brief period between the announcement of the election and prorogation is known as wash up, when political parties must negotiate to pass outstanding Bills, or parts of them, or Bills fall. Prorogation also bring an end to the work of the various Parliamentary Committees. Handley Gill’s consultants consider which Bills have been washed up and which have fallen in the context of cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG, as well as the work of Parliamentary Committees which were either rushed out or dropped.

Nicola Cain5 June 2024General Election 2024, GE2024, Data Protection, Personal Data, Data Protection and Digital Information Bill, Media Bill, Media Act 2024, Digital Markets Competition & Consumers Bill, Digital Markets Competition & Consumers Act 2024, Human Rights, Duty of Candour, Joint Committee on Human Rights, Education Committee, Commons Education Committee, Screentime impact on education & wellbeing, Science Innovation & Technology Committee, House of Commons Science Innovation & Technology Committee, Artificial Intelligence, AI, AI Governance, Governance of Artificial Intelligence, Artificial Intelligence (Regulation) Bill, SLAPPs, Strategic Litigation Against Public Participation Bill, Criminal Justice Bill, European Affairs Committee, UK-EU Data Adequacy, Adequacy Decision, Cyber Security, Information Security, Cyber Resilience, Cyber resilience of the UK's critical national infrastructure (CNI), Commons Women & Equalities Committee, Non-consensual intimate image abuse, Revenge porn, Online Safety, Online Harms, DPDI Bill, OFCOM, Competition and Markets Authority, CMA, Strategic Lawsuit Against Public Participation, Strategic Litigation Against Public Participation, Data Protection Reform, UK GDPR, Victims and Prisoners Act 2024, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be ForgottenComment

On Hand May 2024

The May 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 May 2024On Hand, Cyber Security, Information Security, Cyber Attack, Data Breach, Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, Data Protection and Digital Information Bill, DPDI Bill, Information Commissioner, Information Commissioner's Office, EDPB, European Data Protection Board, Artificial Intelligence, AI, AI Regulation, Machine Learning, Algorithmic Accountability, Algorithm Transparency, Open Justice, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Information, CONTENT REGULATION, Broadcasting Code, Broadcasting Regulation, VSPs, Video Sharing Platforms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, Privacy, Data Privacy, Digital Markets, Human Rights, Human Rights Act 1998, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, OFCOMComment

Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!

On Hand March 2024

The March 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 March 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, Regulation, Regulation (EU) 2016/679, UK GENERAL DATA PROTECTION REGULATION, UK GDPR, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Malicious Falsehood, Defamation, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Article 8 ECHR, Article 7 European Charter of Fundamental Freedoms, Article 8 European Charter of Fundamental Freedoms, Charter of Fundamental Rights of the European Union, Freedom of Speech, Free speech, Freedom of Expression, Article 10 European Convention on Human Rights, Article 10 ECHR, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, Artificial Intelligence, AI, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate GovernanceComment

CrapITa

Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.

Nicola Cain10 June 2023Data Protection, Personal Data, Information Security, Cyber Security, Cyber Resilience, Cyber Attack, Data Breach, Supply Chain Risk, Supply Chain Security, Vendor Management, Capita, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Pensions Regulator, Financial Conduct Authority, FCA, Data subjects, Compensation, Data litigation, Ransom, Ransom Payment, Department for Science Innovation & Technology, DSIT, Cyber Security Breaches Survey 2023, Article 25(1) UK GDPR, Article 25(1) GDPR, Data Controller, Data Processor, Data Processing Agreement, DPA, Data Processing, Article 28 GDPR, Article 28 UK GDPR, Article 32 GDPR, Article 32 UK GDPR, Cyber Insurance, Cyber Insurance Cover, Liability, Data protection impact assessment, DPIA, Administrative fine, Monetary penalty, Article 82(3) UK GDPR, Article 82(3) GDPR, Regulatory Action Policy, Article 33 UK GDPR, Article 33 GDPR, Article 34 UK GDPR, Data Breach Notification, Breach Response Plan, Incident Response Plan, Injunction, Injunctive Relief, Article 82 GDPR, Article 82 UK GDPR, CVE-2023-34362Comment

Can data protection save the planet?

To acknowledge Earth Day, Handley Gill’s specialist consultants comment on how data protection / data privacy compliance can contribute to satisfying environment, social, and governance (ESG) goals, and the practical steps that organisations can take to implement and report upon sustainability measures to demonstrate accountability.

Nicola Cain3 May 2023Data Protection, Data Privacy, GDPR, UK GDPR, Compliance, Regulation, Earth Day, Environment, Sustainability, ESG, Environmental, Social, Governance, Environmental Social & Governance, Climate Change, Privacy by Design, Data Protection Impact Assessment, DPIA, Data Minimisation, Data Retention, Information Security, Advertising, Marketing, Programmatic Advertising, Accuracy, Data Accuracy, Data Deletion, Directors' Duties, Companies Act 2006, s172(1) Companies Act 2006, s414C(7) Companies Act 2006, Securities and Exchange Commission, SEC, International Sustainability Standards Board, ISSB, Task Force on Climate-Related Financial Disclosures, Sustainability Accounting Standards Board, UN Sustainable Development Goals, Global Reporting Initiative, World Economic Forum, Stakeholder Capitalism Metrics, GR1 Universal Standards, Data ControllerComment

Too Many Phish in the Sea!

DCMS has recently published its Cyber Security Breaches Survey 2022, based on data gathered by IPSOS MORI over winter 2021/22, which reveals that businesses and charities continue to be under prepared to respond to inevitable cyber security incidents and data breaches.

In this post, we highlight some of the key findings of the survey and identify advice, guidance and free solutions to common cyber resilience shortcomings.

Protective MeasuresNicola Cain17 April 2022Handley Gill Limited#CyberSecurity, #DataBreach, #CyberAttack, #Phishing, #Ransomware, #GDPR, #UKGDPR, #DPA2018, #DCMS, #CyberSecurityBreachesSurvey, #CyberSecurityBreachesSurvey2022, #DataBreachStatistics, #Malware, #CyberResilience, #CyberInsurance, #IncidentResponse, #CyberSecurityIncident, #DataBreachResponse, #SMEs, #Charities, #Business, #Charity, #Retail, #Education, #NCSC, #PoliceCyberAlarm, #NPCC, #LawEnforcement, #ActionFraud, #Police, #Sanctions, #SupplyChainRisk, #ThirdPartyRisk, #Training, #Logging, #TechnicalAndOrganisationalMeasures, #Penalties, #Article28, #Article32, #DataProtection, #Compliance, #SupplyChainSecurity, #CyberSecurityStrategy, #IncidentResponsePlan, #Trustees, #BusinessContinuity, #DisasterRecovery, #DataBreachReporting, #CyberCover, #IncidentReporting, #CSuite, Cyber Security, DCMS, Ransomware, Data Breach, Supply Chain Risk, Directors, Law Enforcement, Police, NCSC, National Cyber Security Centre, Cyber Attack, GDPR, UK GDPR, General Data Protection Regulation, DPA 2018, Data Protection Act 2018, Department for Culture, Cyber Security Breaches Survey, Cyber Security Breaches Survey 2022, Data Breach Statistics, Malware, Cyber Resilience, Cyber Insurance, Incident Response, Cyber Security Incident, Data Breach Response, SMEs, Micro Businesses, Charities, Start Ups, Retail, Education, Police CyberAlarm, NPCC, National Police Chiefs' Council, Action Fraud, Information Security, Cyber Crime, Sanctions, Third Party Risk, Training, Logging, Technical & Organisational Measures, Protective Measures, Costs, Fines, Administrative fine, Penalties, Monetary penalty, Data Protection, Article 28 GDPR, Article 32 GDPR, Article 28 UK GDPR, Article 32 UK GDPR, Compliance, Cyber Griffin, Cyber Essentials, Supply Chain Security, Cyber Security Strategy, Incident Response Plan, Breach Response Plan, Data breach costs, Trustees, Business Continuity, Disaster Recovery, Data Breach Reporting, Cyber Insurance Cover, Incident Reporting, C Suite, Data Controller, Data ProcessorComment