Breach Notification , Security Operations , Video
UK Moves to 'Name and Shame' Firms for Complaints, Breaches
Attorney Edward Machin Discusses Impact of ICO's Decision to Release Breach DataIn a surprise move, Britain's Information Commissioner's Office recently named names - lots of names - on the data breach front.
See Also: Cloud Security and Developers: Role of Zero Standing Privilege
The ICO, which enforces the country's privacy laws - including the General Data Protection Regulation - has published large data sets containing detailed information about breaches of personal data, complaints received, and civil investigations since the fourth quarter of 2021.
'Regulatory Rottweiler' Unleashed?
Attorney Edward Machin of Ropes & Gray says the ICO's move, which has unmasked incidents involving numerous organizations, shows it may be increasing its scrutiny of the business community. The ICO has never been known as a "regulatory Rottweiler," he says.
"The ICO has typically been seen as quite a business-friendly regulator. It hasn't issued the significant fines that we've seen on the continent or taken significant regulatory action against businesses. So this was a surprise - both because it's happened but also the level of detail that's in the documents," Machin says.
In order to avoid being at the heart of a GDPR data subject complaint, Machin advises organizations "not to bury one's head in the sand. These lists look like they're going to be something that the ICO does going forward." If you don't want to be on them, get "processes and procedures in place to try and address complaints and requests as quickly and as amicably as possible," he says.
In this video interview with Information Security Media Group, Machin discusses:
- A breakdown of the data released by the ICO and the details included;
- The implications of the ICO's oversight on U.K. businesses;
- Steps organizations can and should take to avoid being the subject of a data subject complaint.
Machin provides clear and business-focused advice on a wide range of legal and regulatory issues in the rapidly evolving areas of privacy, data protection and security, e-commerce and marketing, and information law. Assignments at data-rich businesses in the life sciences and market research sectors have given him a deep understanding of what clients want, and these experiences inform his approach to providing practical legal and commercial solutions to organizations across Europe, the U.S. and Asia.