Welcome to the March edition of our Data And Cyber Bulletin.We are delighted to share this month’s bumper edition of our Data And Cyber Bulletin with content covering the topical issue of making ransom payments in light of ever-evolving international sanctions, the ICO’s recently published guidance on ransomware and data protection compliance, and a useful summary of the challenges of navigating aviation cyber risk.
We highlight key points arising out two recent regulatory decisions, being the ICO’s first ransomware related monetary penalty notice against Tuckers Solicitors LLP and the Polish DPA fine against Santander Bank. We explain the significance of the recent Supreme Court decision in Bloomberg LG v ZXC and provide insight from our Dublin office on the recent DPC fine against Meta for EUR17m.
Finally, we offer our thoughts on the EDPB’s Amicable Settlement Guidelines which aim to provide consistency in European data breach claims.
The Challenges of Ransom Payments and the International Sanctions Regime
We consider the impact of the international community’s implementation of sanctions on Russia and the payment of ransoms to threat actor groups.
New ICO Guidance on Ransomware and Data Protection Compliance
We highlight the key points arising out of the ICO’s recently published guidance on ransomware and data protection compliance, which provides a useful reminder of steps which can be taken to mitigate the risk of such attacks.
Navigating Aviation Cyber Risk
We discuss the importance of aviation cyber insurance and explain the legislative and regulatory environment within which the industry operates.
Tucking into ransomware; the ICO turns to the legal profession
We consider the importance of the ICO’s recent first ransomware related monetary penalty notice against Tuckers Solicitors LLP, and highlighted a concerning trend in increased attacks against law firms.
Santander Bank Polska Ordered to Issue Data Subject Notifications and Subjected to EUR 120,000 Fine
We explain the basis for the Polish DPA’s fine against Santander Bank and the justification for ordering the bank to notify impacted data subjects.
DPC Fines Facebook parent Company Meta €17 million for Breaches of GDPR
Our Dublin office explains the basis and significance of the DPC fine of EUR17m against Facebook parent company, Meta.
‘Amicable Settlement Guidelines’ to provide consistency in European data breach claims
We explain the key elements of the EDPB Amicable Settlements Guidance and its anticipated impact in respect of harmonising the European approach to resolving data breach complaints.
Bloomberg LP (Appellant) v ZXC (Respondent) [2022] UKSC 5
We consider the Supreme Court decision in the case of Bloomberg LP v ZXC and the implications for misuse of private information and breach of confidence causes of action.
We hope you enjoy this month’s newsletter. Please do contact the authors of this month’s newsletter content if you have any questions.
