Information law includes data protection, freedom of information, environmental information regulations, information governance, disclosure and confidentiality. Our well regarded and established information law practice supports clients in the public, private and third sectors, and across the health and education sectors.
We combine sector knowledge and expertise with technical excellence to provide our clients with accessible and pragmatic advice and support with all and any of their information law needs. This includes assisting with complex contentious and non-contentious legal issues, data breach claims, contract, policy and strategy review and information law issues arising during and in contemplation of litigation.
We understand that information law permeates all aspects of our clients’ operations. A sound information governance framework will assist clients in ensuring compliance with their data protection obligations and in dealing with requests for information from data subjects. While the freedom of information/environmental information regimes have opened up public sector decision making to increased transparency, our experience in working with the public sector for many years means that we understand the tensions and difficulties that those regimes can cause in what is an increasingly interconnected world.
We regularly assist clients across the sectors in meeting their data protection obligations while identifying opportunities to extract maximum value from the information held to inform their operations and objectives going forwards. We recognise the burden of compliance and work closely with our clients to alleviate this, including by providing products such as support with subject access requests and an in-house data retainer service.
Issues relating to disclosure and breach of confidence commonly arise in litigation and we’re experienced in assisting clients to navigate what can be a complex legal landscape. We act for clients and/or their insurers in responding to actual and threatened data breach claims and in devising strategies and preventative measures to minimise the risk of breaches occurring.
We have an excellent track record in securing positive outcomes from regulatory investigations and proceedings and have successfully defended clients in information law cases in the Information Rights Tribunal and the civil courts.
Assisting to resolve a backlog of subject access requests and disclosure requests.
Devised and implemented project to review all contracts to ensure compliance with the UK GDPR.
Managing consequences of leak of confidential information and associated liability and regulatory issues.
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
The Digital Services Act (the “DSA”) has today (27 October) been given the go-ahead by the EU Council and will enter into force by early 2024.
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council  EWHC 132 (QB)) has been made that is favourable to data controllers.
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.
The Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.
Cookies and similar technologies are a useful and often necessary tool for online businesses, but their use is governed by both the Privacy and Electronic Communications Regulations (PECR) and the GDPR.
Student and staff files will be full of personal data, much of which may be particularly sensitive such as health information (known under the data protection legislation as “special category” data).
In February 2021, the High Court handed down judgment London Borough of Lambeth v AM (No. 2)  EWHC 186 (QB), in which Browne Jacobson LLP acted for the Claimant Council. The judgment is critical reading for public bodies who are required to take action to restrict the use of confidential information in circumstances where that information has been inadvertently disclosed to a third-party.
The Supreme Court’s pending decision could potentially open the floodgates for data privacy litigation going forward.
Watch our on-demand video for our popular Claims Club where we discussed the risk of data sharing, risks in a changing climate, highway claims and what we can see on the horizon.
This judgment is critical reading for public bodies who need to take action to restrain the use of confidential information in circumstances where that information has been inadvertently disclosed to a third party.
UK organisations need to comply with the UK GDPR and continue to be subject to the EU GDPR where EU data is being processed, so there may be two versions of the GDPR to comply with for some personal data processing.
We talk about the key legal principles that apply when processing requests for access to confidential information and gave some practical tips on how to deal with issues that might arise when Trusts are dealing with complex information requests.
The adoption of smart technology solutions by the health and care sector has exploded in 2020. The pandemic has driven the sector to increase its use of smart phone technology solutions (“Apps”), an example of which is conducting video consultations and assessments.
Despite the lack of clarity around Brexit, there are key data issues that can be addressed now. We can help you with the steps you need to take to mitigate the risks.
In May 2019 the Government consulted on a range of options to enhance the role of Companies House and increase the transparency of companies and other legal entities. On 18 September 2020 BEIS published the Government's response following a huge response to the consultation.
On demand webinar, focusing on practical solutions to utilise from home in agreements and dealings with business, data and digital law and how covid-19 has changed legal privilege.
This year, schools are required to assess the grades students would have been likely to have achieved in their GCSE, AS and A level exams. As not all schools are fully open, we have set out guidance on both Freedom of Information, and Subject Access Requests in case you receive either or both types of requests over the next few months.
The GDPR requires all businesses to implement ‘Data Protection by Design & Default’ but what does that mean in practice and how can businesses practically comply?
Data protection law requires every business that deals with personal data to ensure that they have “Technical and Organisational Measures ” in place to keep that data secure. Losing that data could seriously damage the company’s reputation and potentially land it with a fine from the ICO and with claims for compensation.
The ICO has recently released updated guidance for businesses who are grappling with concerns around data protection compliance during the ongoing Covid-19 (Coronavirus) pandemic
One of Browne Jacobson's advisors fills us in where she recently came across a situation that reminded me of the importance of procurement and freedom of information (FOI) officers in an organisation working together.
During this short webinar our experts will deconstruct the most typically occurring contractual disputes.
Did you know that cyber attackers can use publicly available information about your business and employees to make their attacks more successful? Information is often gleaned from websites and public social media accounts.
If you provide goods or services online that might be of interest to children then you’re going to want to go through the ICO’s “Age Appropriate Design Code of Practice” - a code requiring minimum standards of any online service aimed (or which is likely to interest) children.
The Freedom of Information Act 2000 (‘FOIA’) allows members of the public to request information from public bodies. As guidance issued by the Information Commissioner explains, the main principle behind FOIA is that people have a right to know about the activities of public authorities, unless there is a good reason for them not to.
As part of our regular updates for in-house lawyers, Richard takes a look at what has changed in data protection law over the last six months
Although there is uncertainty about what arrangements will apply when the UK leaves the EU, there are a number of practical steps that can be taken now to prepare from a data protection perspective and to ensure that any data flows to and from the EU can continue post Brexit.
Following a dispute over a right of way, the parties’ solicitors agreed in an exchange of emails (constituting a single email chain) to compromise the dispute by the defendant (R) transferring to the claimants (N) a small piece of land adjacent to Lake Windermere.
This month is a Brexit special including general elections, public procurement, data protection and contract drafting.
The political situation in Westminster continues to evolve and it is unclear what will happen on October 31st – in particular whether we will remain, leave, or whether there will be a transitional arrangement to bridge the gap?
As Brexit Day inches closer there are many things for local authorities to consider. One of which is whether contracts already in place or currently being negotiated will still be accurate or support council business after Brexit.