Data breaches by rogue employees – employers still liable: Vicarious liability applies
The Court of Appeal recently upheld a decision of the High Court that found Morrisons Supermarkets vicariously liable for the malicious and criminal actions of a rogue employee who intentionally damaged Morrison’s reputation by misusing the personal data of almost 100,000 Morrison employees.
ICO gets tough: Equifax fined £500,000 under the “old” rules for very serious data breach
The recent introduction into UK law of the more stringent General Data Protection Regulation rules (GDPR) has certainly raised awareness of data protection and security. The Information Commissioner’s Office (ICO) has just announced a record fine in relation to a very serious breach that took place in 2017, which meant that the fine was imposed under the Data Protection Act 1998 rules rather than the new rules enshrined in the Data Protection Act 2018.
The importance of insurance in exclusion of liability clauses
Goodlife Foods Limited v Hall Fire Protection Limited
This decision has once again shown that the courts often place considerable importance on the availability of insurance in interpreting the validity (or not) of an exclusion of liability clause in a commercial contract. It also shows the courts being generally supportive of businesses limiting liability through contractual terms â€“ limitation and exclusion clauses are important in all commercial contracts but particularly in the technology sector where potential losses can be far higher than the underlying contract value.
Countdown to GDPR day – Top tips 1: Consent and the GDPR
Under the GDPR, consent needs to be â€œ…freely given, specific, informed and unambiguous…â€� In other words, consent will only be validly given where there is a clear statement or conduct by an individual which indicates his/her acceptance of the proposed processing. Accordingly, the following will no longer be satisfactory evidence of consent:
Database rights: Technomed v Bluecrest Health Screening
Databases can be protected by database right and/or copyright. A recent spat between the supplier of an internet-based electrocardiogram (ECG) reporting system known as the â€œECG Cloudâ€� has led to the conclusion that a simple PDF document relating to the ECG Cloud was protected by both database right and copyright.
Brexit will not save you from new EU data protection rules!
On 25 May 2018, the largest ever overhaul of data protection laws in the EU will take effect. Businesses must comply with the changes or face fines of â‚¬20m or 4% of worldwide annual turnover. Despite this, many organisations have not yet started preparing for the changes.