Archived Legal Articles from 2020

Together we are Forbes

Governance, Procurement & Information

December

Procurement: Post BREXIT

22/12/20

As the end of the transition period fast approaches, the Public Contract Contracts Regulations and Concession Contracts Regulations are being amended to bring them 'onshore' but not repealed. They will remain the law until the government's review reaches a conclusion that changes everything…

EU/ EEA Data Flow: Business Readiness Update

14/12/20

As the end of the transition period fast approaches, businesses must focus on actions required to ensure personal data continues to flow from the EU to the UK. This was the point raised by Secretary of State for Business, Energy & Industrial Strategy Alok Sharma in his weekly Business Readiness…

Back to top

November

ICO Publishes Detailed Guidance on Criminal Offence Data

17/11/20

Earlier this month, the Information Commissioner's Office (ICO) published detailed guidance discussing the use of criminal offence data in detail. Data Protection Officers and information governance teams should review the latest guidance to ensure RPs meet the obligations set out in the new…

Back to top

October

ICO Publishes Updated Subject Access Request Guidance

21/10/20

The ICO has today announced that it has published its updated its 'Right of Access Detailed Guidance'. A copy of the guidance can be found here - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/right-of-access/ This…

Sky High Fine: ICO fines British Airways £20m for data breach

21/10/20

Sky High Fine: ICO fines British Airways £20m for data breach The Information Commissioner's Office (ICO) has fined British Airways (BA) £20m has fined British Airways - the biggest such penalty to date - for failing to protect data resulting in more than 400,000 of its customers…

35 Million Fine for Illegal Employee Data Collection

20/10/20

It has been reported earlier this month that the Swedish clothing retailer, H&M has been fined more than €35 million by the German data protection authority, after it was found to have unlawfully collected employee data of some of its employees in Germany. This is the highest level of fine…

ICO Conducts Compulsory Audit of the DfE

13/10/20

On 7 October 2020, the Information Commissioner's Office (ICO) published the outcome of a compulsory audit of the Department for Education (DfE) earlier in the year. The audit found that data protection was not being prioritised and this affected the DfE's ability to comply with the GDPR and…

EU-US Privacy Shield invalidated - What does this mean for you?

13/10/20

The transfer of personal data from outside the European Union to a third country is prohibited under the General Data Protection Regulation (GDPR) unless certain safeguards are met. These safeguards include: · Under Article 45, GDPR - where there is a European Commission adequacy decision…

ICO Launches Accountability Framework

13/10/20

The Information Commissioner's Office (ICO) has published its Accountability Framework to help organisations manage their data protection compliance and understand how they can comply with the General Data Protection Regulation's (GDPR) accountability principle. Article 5(2) of the GDPR…

H&M fined over 35 Million for Employee Data Collection

13/10/20

It has been reported earlier this week that the Swedish clothing retailer, H&M has been fined more than €35 million ($41 million) by the German data protection authority, after it was found to have unlawfully collected employee data of some of its employees in Germany. This is the highest level…

Court grants injunction following data breach

13/10/20

It has recently been reported that the High Court awarded an interim injunction preventing a local resident from publishing sensitive personal information that was wrongly disclosed by the social services department in the London Borough of Redbridge. Background In the matter of London Borough…

Back to top

September

Educational Websites & the ICO's Code of Practice

23/09/20

On 2 September 2020, the ICO's Age Appropriate Design Code (known as the Children's Code) came into force. The Children's Code sets out 15 standards that online services should meet to protect children's privacy whilst online. The Children's Code is a statutory code of conduct…

ICO Launches Accountability Framework

18/09/20

The Information Commissioner's Office (ICO) has published its Accountability Framework to help organisations manage their data protection compliance and understand how they can comply with the General Data Protection Regulation's (GDPR) accountability principle. Article 5(2) of the GDPR…

Data Breach Trends Show Reported Incidents are Falling

17/09/20

The Information Commissioner's Office (ICO) has published its recent data security incident trends for the first quarter of 2020/2021. The figures published are compiled by the ICO and are based upon the number of personal data breaches reported to them. The figures show how many incidents have…

Court rejects 19 of 20 data protection claims against employer

16/09/20

In the recent case of Kathryn Hopkins v Revenue & Customs Commissioners [2020] EWHC 2355 (QB), the High Court struck out most claims brought by a civil servant against her employer. This article will focus on some of the 20 data protection claims under the General Data Protection Regulation (EU)…

Back to top

August

Private RPs not Subject to Environmental Information Regulations

13/08/20

The Upper Tribunal has recently published its judgment in the case of The Information Commissioner v Poplar Housing Association and Regeneration Community Association confirming that private registered providers of social housing (RPs) are not subject to the Environmental Information Regulations 2004 (…

Back to top

July

Private RPs not Subject to Environmental Information Regulations

28/07/20

The Upper Tribunal has recently published its judgment in the case of The Information Commissioner v Poplar Housing Association and Regeneration Community Association confirming that private registered providers of social housing (RPs) are not subject to the Environmental Information Regulations 2004 (…

Test and Trace, Customer Details and Data Protection

03/07/20

As we prepare for further measures to ease the current restrictions in place to curb the spread of the coronavirus, the government has confirmed that these restrictions are being eased with the support of the NHS' contact tracing system. In guidance published yesterday, the government confirmed…

Back to top

June

GDPR Review Published

30/06/20

Under Article 97 of the General Data Protection Regulation (GDPR), the European Commission is obliged to report to the European Parliament and European Council on the evaluation and review of the GDPR. This review must be conducted 2 years after the date the GDPR was implemented (i.e. by 25 May 2020)…

Back to top

May

GDPR: 2 Year Anniversary

22/05/20

The 25th May 2020 marks two years since the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 came into force in the UK. The change in law marked the biggest change in data protection law in 20 years and gave the regulator, the Information Commissioner's Office (ICO), the…

EasyJet Reveals Data Breach of up to 9 Million Customers

20/05/20

In a statement released yesterday, 19 May 2020, easyJet revealed that the personal information of approximately 9 million customers was accessed in a highly sophisticated cyber-attack. The personal information accessed included e-mail addresses and travel details. Credit card details of 2,208 customers…

School Letter Breached Data Protection Act

05/05/20

Last week, the High Court published a judgment where a school that sent a letter to parents regarding the disruptive behavioural issues of a disabled pupil, designed to reassure them that staff were able to deal with the behaviour appropriately, was liable for breaches of the Data Protection Act 1998,…

Covid-19 and the RSH

01/05/20

Last month, the Regulator of Social Housing (RSH) wrote to all RPs and local authorities regarding its expectations and regulatory approach in response to the coronavirus pandemic. In its letter, the RSH confirmed that its shared priority across the sector was to maintain tenant safety. Subsequently…

Back to top

April

Covid-19: Exams and Subject Access Requests

22/04/20

Following the announcement that the government has cancelled this summer's exams due to the coronavirus pandemic, the exam regulator, Ofqual, has launched a consultation on proposals to award pupils with a calculated grade. Ofqual proposes to award GCSE and A-Level grades by a combination of teacher…

Morrisons are not Liable for Actions of a Rogue Employee

01/04/20

The Supreme Court has today ruled in favour of Morrisons Supermarkets in relation to a large data breach claim, brought by a group of employees whose personal information had been posted online by a disgruntled employee. Data Breach Claim The employee, Andrew Skelton, was a member of Morrisons…

COVID-19: Sharing Tenant Personal Information

01/04/20

With the unprecedented measures being put in place by the government to reduce the spread of the coronavirus pandemic, RPs are undoubtedly considering what action needs to be taken to make sure both tenants and staff are kept safe. The Regulator of Social Housing (RSH) wrote to RPs last week to…

Back to top

March

Meeting the Challenge: COVID 19 and Virtual Meetings

27/03/20

The coronavirus pandemic is presenting organisations of all kinds (including charities, schools and colleges, housing providers and businesses across the board) with complex issues as urgent decisions need to be made by decision-makers who are harder to bring together. In these unprecedented times,…

Public Contracts - Options when responding to COVID-19

26/03/20

In these current exceptional circumstances, you may need to procure goods, services and works urgently. As you are probably already aware, authorities are permitted to do this using regulation 32(2)(c) under the Public Contract Regulations 2015. So, what can you do? Option 1 - Direct award due…

Coronavirus: Managing your Contracts and Costs

26/03/20

With the unprecedented measures being put in place by the government to reduce the spread of the coronavirus pandemic, RPs will be undoubtedly be considering the risks of contracts being unfulfilled. This global pandemic is having a huge impact on organisations of all sizes and is outside the…

Proposed Extension of IR35 to be Delayed

18/03/20

In response to the ongoing spread of COVID-19 the Government has announced that the roll out of IR35 to the private sector shall be delayed until the spring of 2021 On 17 March 2020 the Chief Secretary to the Treasury, Steve Barclay, announced to Parliament that "the government is postponing…

Back to top

January

GDPR and Brexit - Officially Business as Usual

31/01/20

As the UK prepares to leave the European Union on 31 January 2020, the Information Commissioner's Office (ICO) has released a statement confirming that it will be "business as usual for data protection" during the transition period. The Brexit transition period will run until the…

Back to top

Archive