Tag: Cordery Compliance

Categories
The ESG Report

Greenwashing or Getting in Trouble While Trying to Do Good with Jonathan Armstrong


 
Jonathan Armstrong has been looking at ESG from a unique angle for quite some time. In this episode of the ESG Report, he and Tom Fox are taking a look at greenwashing, and how trying to do good can end badly.  
 

 
The Issue of Greenwashing 
One area where people can do wrong by trying to do good is combining the energy crisis with ESG. Corporations attempt to get with the ESG program by talking about carbon neutrality or the use of renewable power, but many have gone beyond simply saying ‘We are carbon neutral!’ to sound more like ‘We’re doing what’s best for the planet!’ Making these claims potentially subject your company to fair trading law across Europe, and can lead to fines or even prison in extreme cases, if the statement cannot be backed up. 
 
The Dark Side 
The production of solar panels, wind turbines, and biofuels are associated with a number of issues, including forced labor, armed conflict, corruption, ecosystem destruction, and allegations of fraud and money laundering. Jonathan discusses all of these, making it clear that, “We shouldn’t necessarily assume green is good.”
 
Responses of the EU & UK 
The biggest response has come from the UK parliament, which have had a specific inquiry into supply chains and proposals for new legislation, including a toughening of the UK Modern Slavery Act. Jonathan’s advice is to provide complete due diligence on who is selling the goods, and where they are coming from, to ensure a good ESG program. “A corporation does not have a good ESG program if one of its first acts is being prosecuted for abuses involved in alternative fuel source production,” he tells listeners.
 
RESOURCES 
Tom Fox’s email
Jonathan Armstrong | LinkedIn | Twitter
 

Categories
Life with GDPR

Privacy Shield 3


Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, consider the recently announced EU/US resolution to allow data transfer from the EU to the United States through the mechanism of Privacy Shield 3. Some of the issues we consider include:

  1. Is it Déjà vu all over again?
  2. What about consent and standard contractual clauses as a basis for data transfer?
  3. What was the court’s ruling?
  4. Why will double due diligence be required going forward?
  5. What about the UK?
  6. What does Max Shrems have to say?

Resources
Check out the Cordery Compliance client alert on this topic; click here and here. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Categories
Life with GDPR

The Case of the Rogue Employee

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:

1.     What were the underlying facts of the case?

2.     What was the court’s ruling?

3.     Key Takeaways for the data privacy, data protection practitioner, including:

·      Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization – depending on the circumstances, a rogue employee might be after a lot of data;

·      Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;

·      Perform a Data Protection Impact Assessment for new processes;

·      Make sure that employees in trusted roles are reliable and that their access rights are reviewed.

·      Put in place and rehearse a data breach notification procedure, including detection and response capabilities;

·      Training staff on all of the above; and,

·      Check existing insurance or taking out new insurance to cover the range of potential risks from “innocent” errors to the actions of a rogue employee.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.