Category: DPO Blog

Cyber Security - Resilience - Data Protection

Policy Folders

We need to talk about Information Security Policy…

I’m sure you’re already well on the way to planning your 2021…what it’s December already? Yup, the annus horribilis that is 2020 is coming to an end. With multiple vaccines in the pipeline, 2021 should [hopefully] be a year where we can get things back to normal. Well, a new normal! Whilst 2020 has placed a number of restrictions…
Read more

Ticketmaster Fine – ICO may hold you to PCI-DSS…and most likely Cyber Essentials and ISO 27001 too!

On an Ominous Friday the 13th, the UK Data Protection Regulator, the ICO, fined Ticketmaster UK Ltd £1.25million for a data protection breach that occurred over 9 weeks in 2018. In an interesting twist, some of the breach occurred pre-GDPR and some occurred post-GDPR. The 7-figure fine reflects the part of the breach that occurred…
Read more

The Nightmare [Cyber Attack] before Christmas

We’re now in the period between Halloween and Christmas. The Christmas music is now in the supermarkets (as they’re the only things open at the moment) and people are looking towards cobbling together some semblance of a family get-together subject to the local Coronavirus restrictions. Some people have already put up their decorations whilst others…
Read more

Angkor Wat

Cascading Risk – What can we learn from the economic collapse of Angkor Wat

Now I don’t know about you but, after months of Covid restrictions, there is now little left to watch. Having whistled my way through the entire MCU and the Star Wars nonet during lockdown I found myself flicking through the documentaries looking for something new to watch to decompress after a long day. I’ve avoided…
Read more


UK Test and Trace – How to avoid failing at risk management

The UK Test and Trace system has, again, come under fire for IT Glitches. The latest “glitch” is the manifestation of an obvious data quality risk. The test and trace system is overriding address information provided by student end users with data held in a central source. This issue has occurred because some bright spark…
Read more

Schrems II – Putting a Privacy Shield cat amongst the Data Protection Pigeons!

This is general legal information, nothing in this article should be considered advice. The Court of Justice for the European Union has just this week published its decision on Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (C-311/18) or, as many in the data protection world will better know it as, Schrems II. The…
Read more

Baby Crying

Risk Management – It’s a bit like a hungry baby!

First things first – I am no parenting expert! Up until very recently, I thought that when a baby cries, they need one of four things…cuddles, feeding, nappy change or medical attention. Now it is still true that when a baby cries they most likely need one [or more] of those things. It is also…
Read more

Application Security

Application Security – Zoom is a Knife Crime!

The news ebbs and flows and so too do people’s attitudes to the world around them. We are all influenced by the media. Take knife crime. In 2019, knife crime was a significant problem in London. So we should ban knives! Knives are dangerous! Knives should not be used under any circumstances. Why are you…
Read more

Shopping Trolley

Morrisons NOT vicariously liable for employee data protection breach says UK Supreme Court

Firstly – This is legal information of general interest and does not constitute legal advice of any kind. On April 1, 2020, the UK Supreme Court today handed down their judgement in the case of WM Morrisons Supermarkets plc (Appellant) v Various Claimants (Respondent), case UKSC 2018/0213. The Supreme Court unanimously ruled that Morrisons were not…
Read more

calculating risk

Calculating Risk – Where’s your Confidence?!

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is…
Read more