Categories
Life with GDPR

Tuckers Enforcement Action


Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the UK Data Protection Authority, the Information Commissioners Office (ICO) recent announcement that it had fined a law firm, Tuckers Solicitors LLP for GDPR breaches.  Tuckers was fined £98,000 after being hit by a ransomware attack.

  1. Law firms are not unique.
  2. What about other legal regulations and regulatory bodies?
  3. The background facts.
  4. What did the ICO say?
  5. Lessons learned.

Resources
For more information on the Tuckers enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Greetings and Felicitations

Aly McDevitt on Ransomware Case Study, Part 1

Welcome to the Greetings and Felicitations, a podcast where I explore topics which might not seem to be directly related to compliance but clearly influence our profession. In this episode, we begin a two-part series with Aly McDevitt, Data & Research Journalist at Compliance Week. We take a deep dive into her series case study on a ransomware attack on a fictional company. Highlights include:

·      Why this subject matter for a deep dive?
·      The research that went into the piece. How many people interviewed and how long was the research process?
·      Writing style. Locked yourself in a room and not come out until its done or more collaborative process with an editor?
·      Story Synopsis- how common is Betty’s mistake?
·      What is the role of the CIRT and MSSP? How critical was VE’s preparation to its ability to respond?
Resources
Ransomware case study in Compliance Week
Aly McDevitt

Categories
Life with GDPR

To Pay or Not to Pay

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode the always difficult decision of whether to pay or not to pay a ransomware demand.

Some of the questions we consider include:

  1. How does a ransomware attack occur?
  2. What are the potential legal and commercial risks of paying ransoms?
  3. What about specific new laws to ban ransomware payments?
  4. What should you do if your organization is faced with a ransomware attack?
  5. What can you do to guard against a ransomware attack?

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.