Blog
What is your duty to co-operate with your regulator?
Zoe Beels
11 October 2016
Privacy by design to safety by default: A process improvement approach to data protection
Process improvement in a legal context
The concept of taking a process improvement approach to legal practice is gaining momentum. Historically, it has been those in General Counsel and in-house roles who have applied the use of formerly manufacturing-based methodologies to respond to challenges in the legal sector such as improving efficiency and reducing the cost of transactional work or litigation, often following the lead of the organisations within which they operate. The development and adaptation of process improvement, particularly Lean Six Sigma, tools and techniques for professional services has enabled law firms to follow suit and we are starting to see a steady emergence of the “process improvement lawyer” (or equivalent) across the sector, working closely alongside the other emerging breed of legal project managers.
15 March 2016
March Update: EU-US Privacy Shield
Further to our blog of 9 February 2016 (see here), the European Commission (the Commission) has published the draft “adequacy decision” and related legal texts that will provide for the EU-US Privacy Shield (the replacement framework for EU-US personal data transfers). The Commission has also issued a “communication” (i.e. a policy document with no mandatory authority) summarising the steps taken over the past few years to restore trust in EU-US data transfers since the Edward Snowden surveillance revelations.
2 March 2016
Press stop on poor mobile working practices
As the use of mobile devices by employees increases, so too do the risks to businesses of data breaches and a failure to comply with the Data Protection Act 1998 (“DPA”).
The Information Commissioner believes that ever more popular mobile working practices will enhance both the “potential attack surface” for hackers and the risk of data breaches. The DPA requires data controllers to take “appropriate technical and organisational measures…against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.
This article first appeared on www.realbusiness.co.uk in March 2016.
18 December 2015
EU Data Protection Regulation: Here at last…well, nearly!
EU Data Protection Reform has been under discussion since 2012 with the intention to “make Europe fit for the digital age”. This week the European Commission, European Parliament and the Council of the European Union have reached agreement on the final wording of the General Data Protection Regulation. The draft Regulation is now widely expected to be formally approved in the new year.
3 November 2015
A bitter pill: Hard lessons learnt by online pharmacy fined for selling customer data
The Information Commissioner has issued a monetary penalty notice (MPN) of £130,000 to Pharmacy2U, the UK's largest NHS approved online pharmacy, after it sold the details of 21,500 customers to third-parties through an online marketing company. The Commissioner’s enforcement activity to date has focussed predominantly upon data security breaches. This is the first MPN for a breach of the first data protection principle under the Data Protection Act 1998 (DPA) which concerns the fair and lawful processing of data. It provides both a reminder of the importance of the first principle and a lesson to all organisations about clear customer communication and consent.
