On 21 September 2020 the Information Commissioner’s Office (ICO) published detailed guidance on how organisations should respond to data subject access requests (DSARs). The new guidance supplements the ICO’s “in brief” guidance on DSARs and is intended to provide users with a deeper understanding of how to apply the right of access in practice.
In a welcome decision for employers, the Supreme Court has ruled that an employer was not vicariously liable for a significant data breach committed by a disgruntled employee.
The Court of Appeal has provided welcome guidance for data controllers in cases concerning mixed data.
Employment Law News Morrisons, the supermarket chain, has been held liable for a disgruntled employee’s wilful breach of data protection legislation. Mr Skelton was employed by Morrisons as a senior IT internal auditor. This role gave him access to sensitive...
An employer must only conduct a proportionate search, and give a proportionate response, to data subject access requests it receives.