Categories
Life with GDPR

The Case of the Rogue Employee

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:

1.     What were the underlying facts of the case?

2.     What was the court’s ruling?

3.     Key Takeaways for the data privacy, data protection practitioner, including:

·      Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization – depending on the circumstances, a rogue employee might be after a lot of data;

·      Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;

·      Perform a Data Protection Impact Assessment for new processes;

·      Make sure that employees in trusted roles are reliable and that their access rights are reviewed.

·      Put in place and rehearse a data breach notification procedure, including detection and response capabilities;

·      Training staff on all of the above; and,

·      Check existing insurance or taking out new insurance to cover the range of potential risks from “innocent” errors to the actions of a rogue employee.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

The Case of the Smart TV

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, dissect the case of the Smart TV and considers its implications for de minimis cases brought under GDPR. Some of the issues we consider include:

1.     What were the underlying facts of the case?

2.     Was the case filed in the correct court (High Court)? If not, why not?

3.     What was the court’s ruling?

4.     What is the viability of a de minimums claim going forward?

5.     When dealing with data protection infringement compensation claims, look to cases from other jurisdictions.

6.     No matter how seemingly trivial, organizations should be prepared for them and manage them with care.

 Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

GDPR-10 Years After Original Proposal


Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, they celebrate the 10th anniversary of the initial proposal of the law, which became GDPR. Some of the issues they consider include:

  1. What was in the original proposal that did not become enacted in the final law?
  2. Reduction in costs-what happened?
  3. Right to be Forgotten morphed into something very different than intended.
  4. Fines, Fines, Fines.
  5. Evolution of regulatory sophistication.
  6. Criticism of regulators.

Resources
Check out the Cordery Compliance client alert on this topic; click here. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Categories
Life with GDPR

Class Action Update

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take a deep dive into class action litigation in the UK and EU around data privacy and data protection. Some of the issues we consider include:

1.     Has the tide turned in favor of defendants in class action litigation in the UK?

2.     Are actual damages now required to receive damages after a data breach?

3.     How can a company manage a regulatory investigation of a data breach during a class action litigation?

4.     What about suits against Boards of Directors?

 Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Life with GDPR named one of the top 30 Data Security Podcasts you must follow in 2022.

Categories
Great Women in Compliance

Jonathan Armstrong – Original Gangster Great Gentleman in Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

Welcome to the first Great Women In Compliance episode for 2022. Lisa and Mary are really excited about starting off another year of connecting, communicating and celebrating our GWIC family.

While Mary and Lisa usually start out each quarter with a joint discussion, this time they do a joint interview with a guest who was there when this podcast was born. Jonathan Armstrong is a strong supporter of women in compliance, diversity, and is an expert in GDPR, Brexit, and many other multinational issues, as well as a partner at Cordery Compliance, and is based in the UK. He is also on the Compliance Podcast Network as a co-host of the “Everything Compliance” and “Life with GDPR” podcasts.

 In this episode, we talk about what he thinks should be top of mind for E&C professionals in multinational organizations, how Brexit has impacted compliance programs, and what is new in the world of GDPR and data privacy.

Jonathan is also known for his ability to connect and build relationships. and talks about how he builds his network and his approach. Lisa and Mary like to think that one of the highlights of Jonathan’s career is that he won the GWICie for Comic Relief, and not only will you understand why after listening to this episode.

As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Everything Compliance

Episode 91, the Year End Review Edition


Welcome to the only roundtable podcast in compliance. The entire gang was also thrilled to be honored by W3 as a top talk show in podcasting. In this episode, we have the sextet of Karen Woody, Jonathan Armstrong, Matt Kelly, Jonathan Marks, and Jay Rosen, with host Tom Fox also weighing in on this episode. We also discuss our favorite story of 2021. We end with a veritable mélange of shouts outs and rants.

1. Karen Woody reviews the increase in SEC enforcement that the regulators have told us throughout the year that is coming. Karen shouts out to starting early Emmy buzz for Ted Lasso.

2. Jay Rosen reviews the Activision imbroglio from the missteps of the CCO to the disseminations of the CEO. Rosen shouts out to civility.

3. Matt Kelly reviews the latest iteration of ransomware attacks and contrasts it with data privacy breaches from the past. Kelly shouts out to the NJ sandwich shop Hometown International, which with $35K in annual sales resulting in a $100MM market cap evaluation.

4. Jonathan Armstrong goes back to consider the long running soap opera, sage and story that is Carlos Ghosn and Nissan. Armstrong shouts out to who show true leadership in a crisis and the Spirit of Christmas.

5. Jonathan Marks reviews the increase Caremark duties for Boards of Directors coming out of the Delaware courts. Marks expands on his rant about Hall of Fame horse trainer Bob Blaffert.

6. Tom Fox reviews the year in ESG and why compliance is the most well-suited corporate function to lead a corporate ESG effort. shouts out to John Lee Dumas, who as a college senior on 9/11, knew that night he was going to war, and to all the men and women who served in combat in America’s 20-year war in Iraq and Afghanistan.   

The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Everything Compliance

Episode 90, the Happy Holidays Edition


Welcome to the only roundtable podcast in compliance. The entire gang was also thrilled to be honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Karen Woody, Jonathan Armstrong, Matt Kelly and Jay Rosen. We end with a veritable mélange of shouts outs and rants.

1. Karen Woody looks at a recent panel of two consisting of the current and most recent chair of the SEC, Gary Gensler and Jay Clayton respectively. Karen shouts out to the Indianapolis Motor Speedway.

2. Jay Rosen considers telemedicine and telehealth coming out of the pandemic. Rosen rants about Tampa Bay receiver Antonio Brown who misrepresented his vaccination status by presenting a fraudulent shot card to the Bucs.

3. Matt Kelly looks at recent imbroglios involving SPACs, their inherent conflicts of interest and corporate governance issues. Kelly has a Shout Out to the Women’s Tennis Association for their pulling their tennis tournaments out of China in the wake of the Chinese government’s treatment of Peng Shuai after she raised issues of sexual harassment against a high-ranking Party member.

4. Jonathan Armstrong takes look at a recent UK data privacy enforcement action against the UK government due to the release of Personal Identifiable Information. Armstrong shouts out to the EU Public Prosecutors Office.

5. Tom Fox has his first dual rant/shout out. He rants about MLB locking out the players, particularly the inanity of doing so during the offseason. He shouts out to Houston Chronicle sports columnist Brian Smith for editorializing that MLB should use this time to fix the game of baseball, instead of trying to simply save a few pennies.  

The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
FCPA Compliance Report

Jonathan Armstrong on Herbalife from a UK Perspective


In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this concluding Part 5, I am joined by Jonathan Armstrong and we discuss the enforcement action from the UK perspective under the UK Bribery Act.
Some of the highlights include:

  • China is a known high-risk business venue.
  • Licenses are required in China for direct sales.
  • UK Bribery Act not as concerned with the blurring of public and private officials.
  • Scottish cases provide some interesting analogies.
Categories
FCPA Compliance Report

Jonathan Armstrong on the UKBA, GDPR and Modern Slavery Compliance

The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Jonathan Armstrong, co-founder of Cordery Compliance. We take a look back at the evolution of UK and EU laws around bribery, data privacy/data protection and modern slavery and the compliance response.
Some of the highlights include:

  • The UK Bribery Act was a seminal law for international anti-corruption enforcement which brought another sheriff to town.
  • How tech monopolies have led to greater enforcement in the UK and EU.
  • How one person can make a change. Max Schrems was a law school student in 2011.
  • How the US model of FCPA enforcement influenced regulators across the globe.
  • The evolution of DPAs in the UK and elsewhere.
  • Armstrong believes the fight against slavery is a job only half well done.

Lineup 
I hope you will listen in to each episode over this week. The lineup will be:
Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement.
Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective.
Thursday August 27-, August Episode 498-Jay Rosen in changes in compliance from the business development perspective.
Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit.
Monday, August Episode 500-the Anniversary Episode.