Blog
ICO enforcement – key considerations for businesses and organisations in 2020
Emily Carter
The financial and reputational damage caused by a data breach can have devastating consequences to businesses and organisations. Dealing with a data breach of any nature involves complex considerations. Our data breach solicitors can assist you from the moment that a breach is first identified to the conclusion of the legal processes which may follow.
Under investigation by the ICO
In the event your organisation is investigated by the Information Commissioner’s Office (ICO), our data breach lawyers can draw upon significant specialist regulatory and criminal experience to support your organisation through the enforcement process. We have specialist litigation expertise, both within the civil and criminal courts.
We have been instructed in a number of the most significant ICO investigations to date, including acting for a key individual in the on-going Facebook investigation. Our data protection team have a proven track record of acting in cases which attract media interest and where protection of a client’s reputation is of paramount importance. We are considered to have an exceptional breadth and depth of expertise in this complex and fast-developing area of law.
First response following a data breach
We will work closely with you from the point when a data breach is first identified in order to provide swift advice concerning your immediate obligations whilst anticipating and managing the consequences which may follow. We can assist by:
- Advising upon your obligations to notify the ICO and data subjects within 72 hours
- Advising upon any related notification obligations within regulated sectors
- Managing the reputational impact of the data breach
Data breach investigation and enforcement
The ICO’s recently strengthened powers will be increasingly exercised to bring about compliance with data protection legislation and other information law. The ICO’s reach is broad: all individuals and organisations which obtain, share and store information about others may be investigated for breaches of the law. We can provide you with focussed legal advice and practical support if:
- You are subject to an ICO investigation
- You are compelled to provide information to the ICO, whether by search order, Information Notice or audit (Assessment Notice)
- The ICO has identified data protection breaches and a regulatory outcome is being considered, such as an undertaking, Enforcement Notice or fine (Monetary Penalty Notice)
Criminal investigation for data protection offences
The Data Protection Act 2018 includes new criminal offences, for which both an organisation and its directors may be prosecuted. When facing a criminal investigation for data protection offences, you need the support of data breach lawyers who understand both the complexities of data protection legislation and the realities of the criminal justice system. The experience of our data protection team is set apart by the expertise of our criminal lawyers who can assist with:
- Attending interviews under criminal caution
- Responding production orders for use in criminal proceedings
- Assist in the event of search and seizure
- Represent you in court from first appearance through to trial
Civil action in a data breach
An individual whose data rights have been breached is able to seek compensation for damage or distress caused by data breaches by application to the court. Where a data breach has impacted upon a significant number of data subjects, the risk of civil litigation may be significant and the consequences for an organisation significant. Our expert civil litigation lawyers can assess this risk immediately and assist you in mitigating the damage to potential claimants, ensuring you are prepared for any civil litigation which may follow.