News & Analysis as of July 30, 2025

Cybersecurity › Information Commissioner's Office (ICO) › Enforcement Actions

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

ICO Annual Report Provides Insight Into Data Protection Risks for Businesses

Paul Hastings LLP on 7/22/2025

The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more

The ICO’s Penalty Against 23andMe Brings New Emphasis on Cybersecurity Risks - Key Takeaways for U.S. Companies

Womble Bond Dickinson on 7/11/2025

The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more

UK GDPR Regulator Fines Data Processor After Ransomware Attack

Skadden, Arps, Slate, Meagher & Flom LLP on 4/1/2025

On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more

English Court reviews the ICOs first GDPR fine (again)

A&O Shearman on 12/19/2024

In December 2019, the UK Information Commissioner’s Office (ICO) imposed a fine of £275,000 on Doorstep Dispensaree Limited (DDL) for multiple contraventions of the GDPR. On December 9 2024, five years on and three judgments...more

The UK ICO Publishes Its Strategy on AI Governance

Skadden, Arps, Slate, Meagher & Flom LLP on 5/13/2024

Rather than specifically regulating artificial intelligence (AI), the UK government has opted to rely on the existing web of laws and regulations applying to technology across a spectrum of sectors in its jurisdiction. But...more

ICO and CNIL Levy Landmark Fines Against British Airways and Marriott for 2018 Data Breaches

Herbert Smith Freehills Kramer on 11/5/2020

On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more

Cyber Security Trends: Tips from recent UK enforcement activity - Part 4

BCLP on 6/3/2020

When the regulator has decided to investigate your organisation following a data breach, the remit for the investigation will be wide-ranging and go beyond the narrow circumstances of the breach. Recent decisions shed useful...more

U.K.’s Data Protection Regulator’s Updated Guidance on “Empathetic and Pragmatic” Approach

Akin Gump Strauss Hauer & Feld LLP on 4/21/2020

On April 15, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority, issued further guidance on its regulatory approach during the global COVID-19 pandemic. Following its March note that we...more

Cyber Security Trends: Tips from recent UK enforcement activity – Part 3

BCLP on 4/1/2020

Key to recent ICO decisions has been the ICO’s assessment of the extent and quality of communications with affected individuals and the regulator itself. It is clear the ICO sees certain behaviours (such as the setting up of...more

Cyber Security Trends: Tips from recent UK enforcement activity – Part 2

BCLP on 3/20/2020

In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more

ICO Fines: When Is An Appeal Appealing?

Orrick, Herrington & Sutcliffe LLP on 3/12/2020

The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more

Cyber Security Trends: Tips from recent UK enforcement - Part 1

BCLP on 3/10/2020

What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more

ICO Issues First Intentions to Fine Under the GDPR

Proskauer on Privacy on 7/25/2019

GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect. The ICO has stretched its...more

Privacy and Data Security Alert | July 2019 #2

Shook, Hardy & Bacon L.L.P. on 7/17/2019

British Data Protection Authority Flexes GDPR Enforcement Muscles - No longer is the bark of sanctions for lax data protection practices worse than its bite. The Information Commissioner’s Office (ICO)—the United Kingdom's...more

Global Privacy & Cybersecurity Update Vol. 14

Jones Day on 6/5/2017

New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more

15 Results

/

View per page

Page: of 1