Breach Notification , Security Operations , Video

UK Moves to 'Name and Shame' Firms for Complaints, Breaches

Attorney Edward Machin Discusses Impact of ICO's Decision to Release Breach Data
Edward Machin, associate in the data privacy and cybersecurity group, Ropes & Gray

In a surprise move, Britain's Information Commissioner's Office recently named names - lots of names - on the data breach front.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

The ICO, which enforces the country's privacy laws - including the General Data Protection Regulation - has published large data sets containing detailed information about breaches of personal data, complaints received, and civil investigations since the fourth quarter of 2021.

'Regulatory Rottweiler' Unleashed?

Attorney Edward Machin of Ropes & Gray says the ICO's move, which has unmasked incidents involving numerous organizations, shows it may be increasing its scrutiny of the business community. The ICO has never been known as a "regulatory Rottweiler," he says.

"The ICO has typically been seen as quite a business-friendly regulator. It hasn't issued the significant fines that we've seen on the continent or taken significant regulatory action against businesses. So this was a surprise - both because it's happened but also the level of detail that's in the documents," Machin says.

In order to avoid being at the heart of a GDPR data subject complaint, Machin advises organizations "not to bury one's head in the sand. These lists look like they're going to be something that the ICO does going forward." If you don't want to be on them, get "processes and procedures in place to try and address complaints and requests as quickly and as amicably as possible," he says.

In this video interview with Information Security Media Group, Machin discusses:

  • A breakdown of the data released by the ICO and the details included;
  • The implications of the ICO's oversight on U.K. businesses;
  • Steps organizations can and should take to avoid being the subject of a data subject complaint.

Machin provides clear and business-focused advice on a wide range of legal and regulatory issues in the rapidly evolving areas of privacy, data protection and security, e-commerce and marketing, and information law. Assignments at data-rich businesses in the life sciences and market research sectors have given him a deep understanding of what clients want, and these experiences inform his approach to providing practical legal and commercial solutions to organizations across Europe, the U.S. and Asia.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.