Encryption Factor: Losing customer data costs Sun Alliance £150,000
TSE listed insurer, the Royal & Sun Alliance (“R&SA”) has been fined £150,000 by the ICO after losing personal data relating to 60,000 of its customers. The loss occurred as a result of the insurer having a hard drive stolen.
The fine was issued under Section 55A of the Data Protection Act 1998, a provision that permits the ICO to impose penalties of up to £500,000.
In this case, the fine was deemed to be appropriate; R&SA’s actions were a serious infringement of the seventh data principle, which, which requires measures to be taken against accidental loss or destruction of, or damage to, personal data.
An ICO investigation looked at the theft of a hard drive device containing 59,592 customers’ names, addresses and bank account details including account numbers and sort codes. The device also held limited credit card details of 20,000 customers, although CVC numbers and expiry dates were not affected.
ICO enforcement officers found that R&SA did not have the appropriate measures in place to protect financial information by preventing the theft at its offices in West Sussex from happening. The device was stolen from company premises either by a member of staff or a contractor, the information on it was not encrypted and the device has never been recovered.
The ICO were quick to point out that the liability could have been avoided through simple steps to keep the companies’ information safe including through encryption on the machines concerned, making sure the device was secure and monitoring the equipment routinely.
Sponsor Licence Compliance: Key considerations & how to be audit ready
Join us for the third in our series of mini webinars on post Brexit immigration about sponsor licence compliance.
UK SPACs: could changes to the UK Listing Rules spark an increase?
SPAC listing popularity has increased. Could the UK be the next hotspot following proposed changes to the Listing Rules?
Data Protection: All roads lead back to the GDPR
Across the globe, jurisdictions continue to develop their data protection and privacy laws.
Dual class share structures: how do they work and what are the pros and cons?
Dual class share structures allow a shareholder, for example the founder, to retain voting control over a company.
COVID-19 Vaccination – can an employer make it compulsory for employees?
We review what legal issues to take into account when considering to make vaccination compulsory as an employer.
The Lawyer, New Law Journal, International Adviser, CDR Magazine and eprivateclient report on the firm's partner promotions
Charles Russell Speechlys promoted five lawyers to partner, effective 1 May 2021.
Music to our ears? Well, perhaps not for Apple.
A feud first began when the music streaming giant, Spotify, filed a complaint against music streaming provide rand competitor, Apple Inc.
Linking ESG and Executive Pay
How does a business go about embedding a focus on strong ESG performance into the structures and culture of its organisation?
National Security and Investment Act granted Royal Assent
The Act establishes a new regime for the review of mergers, acquisitions and other transactions that could threaten national security.
Charles Russell Speechlys advises Waverton on acquisition of Cornerstone Asset Management
Established in July 2010 and with offices in Edinburgh and Glasgow, Cornerstone offers wealth management and financial planning advice.
Charles Russell Speechlys promotes five to Partner
The promotions are effective 1 May 2021 and are accompanied by one Legal Director and 15 Senior Associate promotions.
Risk allocation in commercial leases: the High Court considers rent suspension, insurance and frustration arguments
Read our summary of the full judgement on the latest Covid arrears case.
Proposed Takeover Code Amendments – Key Changes
The Consultation Paper has now been followed by a corresponding response paper which made certain modifications to the initial proposals.
Competition and Markets Authority announces review of the EU vertical agreements block exemption
The UK Competition and Markets Authority is reviewing the future application of the EU vertical agreements block exemption in the UK.
Playing Copycat – Why have M&S begun legal action against Aldi over Colin the Caterpillar?
M&S’s chocolate caterpillar was the first of its kind to land on our supermarket shelves, over 30 years ago.
Building Back Better: Real Estate and Restructuring
How and why should hospitality businesses re-structure post pandemic?
Charles Russell Speechlys advises Fudco Partnership on sale to Exponent-backed Vibrant Foods
Fudco is a family-owned business selling South Asian ethnic foods in UK and Europe.
Charles Russell Speechlys advises Polar Technology on investment by BGF
Polar Technology Management Group is a holding company for engineering businesses operating at the leading edge of technology.
ESG – Searching for substance behind the acronym
ESG is an acronym much used but perhaps less understood.
Use and Regulation of Renewable Energy Certificates in the UAE
The market for trading in renewable energy certificates is set to increase in both visibility and importance.