On 21 September 2020 the Information Commissioner’s Office (ICO) published detailed guidance on how organisations should respond to data subject access requests (DSARs). The new guidance supplements the ICO’s “in brief” guidance on DSARs and is intended to provide users with a deeper understanding of how to apply the right of access in practice.
In a welcome decision for employers, the Supreme Court has ruled that an employer was not vicariously liable for a significant data breach committed by a disgruntled employee.
The Court of Appeal has provided welcome guidance for data controllers in cases concerning mixed data.
Morrisons held vicariously liable for its employee’s data protection breach February 1, 2018 Morrisons, the supermarket chain, has been held liable for a disgruntled employee’s wilful breach of data protection legislation. Mr Skelton was employed by Morrisons as a...
An employer must only conduct a proportionate search, and give a proportionate response, to data subject access requests it receives.