Spurred on by a relentless torrent of high-profile news stories about security breaches and data loss, law-makers the world over are building a complex new legal framework for data and cybersecurity.
This includes tough new laws imposing fines, custodial penalties, compulsory audits and the mandatory disclosure of serious security incidents; more prescriptive regulations on issues like encryption and the handling of incidents, plus very detailed rules for best practice in the handling of data.
Data and cybersecurity are now hot topics within corporate governance. Organisations that fail to keep data secure face serious consequences including regulatory action, contract disputes and claims for compensation.
Our market-leading team of highly experienced data security lawyers is perfectly positioned to provide you with advice and assistance on all matters arising out of the fast-changing legal framework for data security.
We offer a range of services designed to identify gaps in your policies and procedures in critical areas, including a unique 'Information Lifecycle Mapping' service, which tracks data flows around your organisation to identify risks and vulnerabilities, and a holistic solution for handling security incidents through our Breach Action service. We deliver drafting and documentation services, including security policies, outsourcing contracts and employee engagements, to help you ensure legal compliance.
We are also adept at representing your interests in dealings with regulators and providing civil and criminal defence services in legal proceedings for security breaches. We provide advice on key legislation, best practice standards, on financial sector issues government contracting, and privacy enhancing technologies.
Notable deals / highlights
- Advised on the first fully contested and successful defence of section 55 Data Protection Act “data theft” criminal proceedings brought by the ICO, against a firm of private detectives. After a two-week trial our clients were acquitted of more than 150 counts, with costs against the Information Commissioner's Office (ICO). This case was the one at the heart of ICO’s famous report to Parliament, “What price privacy?”.
- Advised on the first (and so far only successful) appeal against a data security Enforcement Notice, served on a leading retailer. The ICO cancelled the Notice shortly before the hearing.
- Worked with a client to achieve the first green-rated ICO audit finding for the private sector.
- Advised on the first appeal against a data protection Civil Monetary Penalty Notice, served on a NHS Trust in 2012, following a security breach.