fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " liability "

Don’t Acquire a Company Until You Evaluate Its Data Security

When Marriott International acquired Starwood in 2016 for $13.6 billion, neither company was awareof a cyber-attack on Starwood’s reservation system that dated back to 2014. The breach, which exposed the sensitive personal data of nearly 500 million Starwood customers.

In M&A activity, a target’s quality may be linked to the strength of its cybersecurity and its compliance with data privacy regulation. Therefore, due diligence on data and privacy practices is strongly advised.

Full article: Don’t Acquire a Company Until You Evaluate Its Data Security

Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance.

Given the findings in the 2019 Data Security Incident Report (“DSIR”), what rule of thumb or general guidance exists to guide decision-making regarding acceptable financial risk allocation?

Full article: Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Here is our take on the underlying law and the recent trends.

Full article: UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

Marketers Push Agencies to Shoulder More Liability for Data Breaches

New data privacy rules are pushing marketers to unload millions of dollars in liability on the agencies that help them buy their media, forcing the shops to take on new levels of financial risks.

The focus on data privacy has heated up following the arrival of the European Union’s General Data Protection Regulation, which in many cases requires publishers and advertisers to obtain consumers’ explicit consent before using their information to tailor advertisements.

Full article: Marketers Push Agencies to Shoulder More Liability for Data Breaches – WSJ

How real is the threat of data protection group litigation in the UK?

In the run up to the implementation of the EU General Data Protection Regulation 2016/679, there were various dystopian predictions of huge fines and the rise of US style class action. Some of these claims have rightly been criticised as sales patter and scaremongering.

Two recent cases in the English courts help to some extent to clarify the evolving risk of group litigation for data protection, albeit that these are early skirmishes and there will undoubtedly be more litigation to follow.

Source: UK: How real is the threat of data protection group litigation in the UK?

Lloyd v Google – putting the brakes on English data breach litigation?

A judgment handed down today by the English High Court will be welcomed by UK data controllers. Lloyd v Google [2018] EWHC 2599 represents a corollary to recent case law expanding the circumstances in which litigation may be brought in relation to breaches of data protection legislation.

Full article: Lloyd v Google – putting the brakes on English data breach litigation?

Vicarious liability in the data breach context – bad news for UK employers?

The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer.

Full article: Vicarious liability in the data breach context – bad news for UK employers?

Morrisons data leak ‘a wake-up call for business’

In 2014, bank, salary and National Insurance details of almost 100,000 members of staff were posted on the internet and sent to newspapers and data sharing websites by a disgruntled Morrisons employee, Andrew Skelton, in what is believed to be the biggest such leak in British corporate history. Court found that Morrisons was legally responsible for the data leak. Morrisons appealed against the decision which was upheld by the Court of Appeal stating that they agreed with the Judge that Morrisons was vicariously liable for the torts committed by Mr Skelton against the claimants.

Full article: Morrisons data leak ‘a wake-up call for business’

DPO liability and potential insurance coverage

Could data protection officers (DPOs) conceivably be exposed to staggering personal liability for data protection violations by their employers or clients? What are the risks of liability for both internal and external DPOs and what options might be available to them to mitigate or insure against that risk?

Read article: DPO liability and potential insurance coverage

>