Data breaches

Data breaches represent a significant and growing risk to all businesses, regardless of size or industry.

Aside from the practical and reputational implications associated with a data breach, there are also legal repercussions as set out in the GDPR. These include a requirement on businesses to notify their data protection regulator and, in some cases, the individuals affected by the breach for certain types of breaches.

In the event of a personal data breach incident we provide rapid legal support to mitigate legal risk including compliance with reporting requirements, communications to data subjects, service providers and other stakeholders, and handling legal claims.

We are experienced in working with businesses of all sizes on the steps required to mitigate legal risk.

Data breaches experience

• Advised a Fintech following a sophisticated cyber attack, involving access to borrower and lender account details including notification to ICO and data subjects.

• Advised a UK law firm on data breach investigation and response

• Advised a software provider on a data breach caused by a software glitch, including advising on liability and the company’s obligations as a data processor.

• Advised an Australian software company on a cyber hacking, and dealing with risk assessment and breach response.

• Advised an international private equity business on a cyber hacking of its systems, including assessing and mitigating the risks and advising on obligations to report to the ICO and FCA.

• Advised a US law firm on compliance and risk management issues following unlawful loss of data by departing employee sending confidential client materials to private email addresses.

• Advised a leading consultancy firm on managing a breach when personal data from one client project was accidentally sent to another client.