Myerson Logo
Home > News & Library > News and Views > Corporate Commercial

Further fines issued as ICO maintains tough stance on data breaches

At some time or another, most of us will have received one of those annoying marketing calls, texts or emails asking if we’ve been involved in a road traffic accident or been mis-sold PPI, and have no doubt responded with “how did you get this number?” or simply blocked the caller. However, what many of us don’t realise is that at some point we will have either expressly or (more likely) inadvertently given our consent to being contacted by these parties for marketing purposes. This can be, for example, when we make an online purchase or enter a competition and omit to tick that tiny box to confirm that we don’t actually want to receive such marketing communications!

Crossing the thin blue line: Greater Manchester Police fined for data security breach

Greater Manchester Police (GMP) has been fined £150,000 by the Information Commissioner’s Office (ICO) for breach of the Data Protection Act 1998 (DPA), showing that no organisation is above the law when it comes to the ICO’s tough stance on data security.

In 2015, GMP sent DVDs containing footage of interviews with named victims of violent or sexual crimes to the National Crime Agency. The DVDs were unencrypted. They were sent by recorded delivery, but were never received and have not been recovered to date.

But I intended to enter into that contract!

When entering into a business relationship, it is best practice to ensure that the parties’ obligations and arrangements are clearly defined and set out in writing. Not only does this give clarity to the terms of the agreement but also provides certainty for the parties. That being said, businesses can still form contracts by verbal agreement of the parties, where what the parties have agreed has not been set out in writing, but the following 4 elements have been satisfied:

  1. An Offer;
  2. Acceptance of the offer;
  3. Consideration (usually payment of a price); and
  4. An Intention to create legal relations – a legally binding contract will come into existence.

Have you donated more than just your money?

Charities heavily fined for misusing donor’s personal data

Last week the Information Commissioner’s Office (ICO) announced that it had fined eleven more charities for breaching the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations.  This is further to the penalties issued to the RSPCA and the British Heart Foundation in December 2016.  It acts as a stark reminder to all businesses that they must understand and comply with data protection legislation otherwise face large fines and serious reputational damage.

Directors’ Duties – How To Protect Yourself, and Your Company, From a Bully on the Board

When there is a dominant personality on the board of a company it is easy for the other directors to become sidelined, whether through choice or because matters are simply taken out of their hands. This is particularly the case where the dominant director is also the majority shareholder and runs the business as if it were his or her own personal property. The recent case of Dickinson v NAL Realisations (Staffordshire) Ltd underlined that directors cannot simply sit back and allow one dominant director to run the company, but must take an active role in the management of the company. The case also serves as a reminder of the importance of directors ensuring that they have proper authority to enter into transactions, and that they take into account the interests of all shareholders in carrying out directorial duties.

UK Signals Green Light for Driverless Cars

It is not long ago that the idea of driverless cars was confined to visions of the future portrayed in film and TV. However, driverless technology is fast becoming a reality, with companies like Google and Tesla taking the lead and many vehicles now commonly utilising features which make decisions for the driver such as cruise control, ABS and self-parking.

The technology offers many benefits to people who are leading ever increasingly busy lifestyles. Commuters may be able to check their e-mails, read a book or engage in a telephone call during their journey. However, despite the fact that the technology promises to improve road safety by reducing the risks associated with human error (which are responsible for more than 90% of current road fatalities), it remains to be seen how quickly people will adapt and place trust in the technology.

A board game’s for life, not just for Christmas – Copyright Trade Marks and Registered Designs

The top 10 family board games of 2016 included titles such as Sherlock Cluedo, Obama Llama, Penguins Pool Party, Blockbusters and Bananagrams. Hundreds of new board games are developed each year, and in a highly competitive market, only a few make it to the top of the Christmas best sellers list.

Fierce competition has prompted many board game developers to seek professional advice on how they can protect their ideas and designs, in the hope that what they have developed is the next big game! However, protecting such interests is not a simple process and in most cases the costs and time frames involved are disproportionate to the benefits that such protection brings. We discuss below a number of ways in which developers may seek to protect their board game.

Big Brother is Watching You: ICO Fines Business Owner for Failing to Register CCTV Camera

CCTV cameras are now commonplace around the UK; many businesses, public places and private homes have them installed to improve safety and security. But did you know that, as a business owner, you are required by law to register your CCTV camera with the Information Commissioner’s Office (ICO)?

Section 17 of the Data Protection Act 1998 (DPA) prohibits the processing of personal data, including footage from CCTV cameras, without having a registered entry on the ICO data protection register.

How Can I Ensure That I’m Insured?

Almost everyone has insurance that they expect (or hope!) to be able to rely on when things go wrong.  However, we’ve all heard stories about cases where insurers have not paid out, like the claim for losses suffered following a burglary that is rejected because the homeowner left a window open…despite the fact that the burglars broke in through the back door.

When entering into supply contracts, suppliers will be keen to ensure that they have insurance in place that will offset the risk (or part of the risk) of any potential liability they may have if they find themselves in breach of contract. Similarly, customers will often be keen to know that the supplier will have the means to settle any such claims and may insist on the supplier agreeing to put a certain amount of cover in place with a reputable insurer.

Could Standard Clauses In Your Contracts Affect The Value Of Your Business?

It is important in corporate and commercial transactions to ensure that contracts are drafted in a clear, concise and accurate manner and that the parties consider their wider business interests when negotiating terms. For example, boilerplate clauses (being the more standard clauses generally found in most contracts) can often be overlooked, and occasionally clauses may be drafted in an ambiguous or even contradictory way. Ultimately, parties may need to turn to the Courts to ascertain what the contract actually says. Litigation is often a costly and lengthy process, which could potentially have been avoided with more careful contract drafting.

New Cyber Security Nerve Centre Opens in London

Later today (14 February 2017) the Queen will open the National Cyber Security Centre (NCSC) in London.  The NCSC will form part of the GCHQ intelligence and security agency and will be the authority on the UK’s cyber security environment.

The NCSC forms part of the Government’s five-year National Cyber Security Strategy, published on 1 November 2016.  As part of this strategy, the Government announced that it would be investing £1.9 billion in cyber security over the next five years, demonstrating how seriously the Government views cyber security issues.

Consumer Law Update: Auto-renewal Contracts and the 14 Day “Cooling-off” Period

As consumers, we’ve all done it…signed up to a contract for a new service, perhaps to take advantage of an introductory special offer with the intention of cancelling it before the price changes or the term renews, only to forget to cancel…so, where do parties to these types of contracts stand in relation to auto-renewals?

We have previously reported on the new penalties and ‘unfair’ contract terms provisions in the Consumer Protection Act 2015 (the Act), which came into force in October 2015.

Under the Act, consumers entering into a new contract have a 14 day “cooling off” period during which time they may terminate the contract without penalty.  But does the consumer have the same right in relation to a contract which is automatically renewed after an initial fixed period?

Liability Under Contracts: When Is “Consequential Loss” Not “Consequential Loss”?

Whether you’re a supplier or a customer, when entering into a new contract there are certain concerns that are likely to be key.  Apart from making sure that you get paid (if you’re the supplier) or that your payment obligations are clearly set out (if you’re the customer), potential exposure to liability under the contract is often high on the agenda.

Parties to contracts will often seek to exclude and limit their liability under a contract.  All businesses want to ensure that they are not exposing themselves to excessive risk, yet this is an area that can be difficult to understand because the wording of limitation of liability clauses can seem overly legalistic at times.

Competition Regulator Gets Personal: First Director Disqualification By The CMA

The Competition and Markets Authority (CMA) has exercised its powers to disqualify a director for breach of competition law for the first time.  Directors are reminded that they can face personal consequences for competition law breaches, in addition to company fines.  The business community should be warned that the CMA will be “absolutely prepared” to use the power to disqualify a director again.

ICO Gets Tough: TalkTalk and RSA Receive Heavy Fines For Cyber-Security Breaches

The Information Commissioner’s Office (ICO) recently issued a record fine of £400,000 to TalkTalk Telecom Group PLC (TalkTalk) for its failure to prevent a cyber-attack resulting in a significant data breach resulting in the loss of personal data of almost 157,000 customers, sending a strong message to businesses of the importance of data security.

This is one of several heavy fines recently imposed by the ICO for data security issues. More recently, Royal and Sun Alliance has also received a fine of £150,000 following the theft of a hard drive containing the personal data of thousands of customers by an unknown employee or contractor who had access to RSA’s supposedly secure server room.

Transatlantic Data Given Shield and Shelter

As the British are dusting off their snowsuits in preparation for the cold front set to hit the UK tomorrow, data protection authorities on both sides of the pond are grabbing their brollies to provide shelter for the transatlantic exchange of personal data.

Privacy Shield for personal data in commercial transactions

In October 2015 the European Court of Justice (ECJ) ruled that the “Safe Harbour” framework could not be relied upon to protect EU citizens’ personal data being transferred outside of the European Economic Area. In response, the “Privacy Shield” framework was introduced by the US government and European Commission to govern transatlantic exchanges of personal data for commercial purpose.

No Contract, No Problem?

It can be very tempting to start providing a service or supplying goods to a client who is desperate for them, particularly when you have monthly targets to hit! But potential uncertainty around what terms will apply to such a relationship creates risk for both parties.

It is common for parties to enter into commercial transactions or arrangements without having drawn up a formal written contract. Even where contracts are drawn up, suppliers sometimes start delivering projects before contracts have been finalised or signed. It is usually at the point of a misunderstanding or disagreement between the parties that the question arises as to what terms, if any, apply to the relevant transaction or arrangements.

Nudge Nudge, Wink Wink: ISO Issues Anti-bribery Standard

The International Organisation for Standardisation (the ISO) has produced a global standard on Anti-Bribery Management Systems (ISO 37001) (the Standard) to assist organisations in maintaining effective anti-bribery programmes.

The introduction of the Bribery Act 2010 (the Act) represented the biggest change in this area of law in over 100 years. Many organisations feared that the overhaul would significantly change the way they did business due to the restrictive nature of the regime; it appeared that even relatively innocuous business-focused social engagements, such as client lunches, could potentially be caught by the Act. The practical reality is that, on the whole, this does not appear to have been the case. The Act does provide that failure by an organisation to prevent bribery is an offence, but the organisation will have a defence if it can show that it had in place adequate procedures designed to prevent bribery.

Facebook pauses for thought

Facebook has agreed to pause its data sharing activities with its subsidiary company WhatsApp.  The move is in response to the UK Information Commissioner’s Office’s (ICO) investigation following concerns raised by data protection authorities across Europe.

Sole Enterprise with Protected Assets: The Rise or Fall of Entrepreneurism?

On 3 November 2016, the Office of Tax Simplification (OTS) published a final report on its proposals for introducing a Sole Enterprise with Protected Assets (SEPA) model for sole traders. The model aims to provide sole traders with a level of limited liability, whilst retaining the more simple form of tax and regulatory regimes they currently enjoy.

Are you treating your customers unfairly?

Did you know that terms in your contract could be unenforceable if they are unfair?  The Competition and Markets Authority (CMA) has conducted research which has revealed that some businesses believe that a signed contract is final, not realising that they cannot enforce a term against a consumer that is unfair.  54% of those surveyed did not fully understand the rules on unfair terms, which directly impacts how they treat their customers.

Keep your (cross) options open on death

Setting up a business is exciting but it is important to review all eventualities and the inevitable, death!

On death, a shareholder’s shares are dealt with as part of their estate.  If there is a Will, it will be dealt with in accordance with those terms.  If there is no Will, the shares are dealt with in accordance with the intestacy rules.  For shares in a qualifying business, the shares may attract Business Property Relief (BPR) for inheritance tax purposes and this can be as much as 100% of the value.

When buying online goes wrong: European Commission encourages clarity around where to turn by requiring traders to publish links to online dispute resolution platform

Buying and selling online is becoming increasingly common, but can be risky for both traders and consumers. At some time or another, many of us have experienced disappointment following an online purchase or faced a complaint from a customer that we may feel is unjustified.

Someone has trade-marked my business name – could I be liable if I continue to use it?

Many businesses develop without registering their business name as a trade mark. For most businesses, their name is a key asset which is essential to the development and preservation of their brand and goodwill. It would be an unwelcome surprise to receive a “cease and desist” letter demanding that the business must stop using its name, on the grounds that it infringes a trade mark that has been recently registered by another person.

It’s not only Hot Sox’s socks that are distinctive: brand successfully defends HOT SOX trade mark

A recent EU General Court decision has given brand owners useful guidance on what a Court may consider when deciding whether or not a mark is distinctive in character.

Sock manufacturer, Renfro, registered the brand name of a line of socks it manufactured, “HOT SOX”, as a European Union Trade Mark No. 0962191 on 20 April 2009.

City law firm successfully defends itself in sale of football club shares case

The High Court has dismissed a claim against a City law firm for professional negligence. Antonio Caliendo, the former chair of Queens Park Rangers (QPR) football club, claimed that he had an ‘implied retainer’ with the law firm and that they did not advise him correctly on the sale of his shares in QPR. The Court found that no such implied retainer was evident, and that the law firm only owed a limited duty of care to Caliendo.

Cold callers get the cold shoulder: ICO issues record fine for nuisance calls

Good news for anyone that hates receiving those pre-recorded calls that advise you of your right to compensation for a road traffic accident that you didn’t know you’d had…

Earlier this year, the independent body set up to uphold information rights, the Information Commissioner’s Office (ICO), issued its largest ever fine of £350,000 on a lead generation firm responsible for making or instigating over 46 million automated calls without individuals’ prior consent and in contravention of Privacy laws.

No safe harbour for the EU and US: data protection watchdog strikes a blow to credibility of proposed Privacy Shield

Following the ECJ’s decision in October 2015 that the Safe Harbour framework could not be relied upon to adequately protect EU citizens’ personal data being transferred outside of the European Economic Area (EEA) (see here), the US government and the European Commission have continued discussions on a proposed ‘Privacy Shield’ framework to govern transatlantic exchanges of personal data for commercial purposes.

Court decision closes the floodgates against claims for unjustified threats?

It’s hard to believe it’s almost 50 years since Dick Van Dyke played the role of eccentric inventor, Caractacus Potts, in Chitty Chitty Bang Bang.  In the film, the inventor finds his fortune after developing a musical treat known as “Toot Sweets” and earns the money to buy an old race car that he tinkers with until it is able to fly.  It’s unlikely that Caractacus Potts worried too much about filing an application for a patent to protect his invention, but in real life, applying for a patent is an important protection for all would-be inventors.

Myerson Solicitors advises Europe’s premier live escape experience, The Escape Room, on its UK expansion and worldwide licencing

Altrincham commercial law firm Myerson Solicitors LLP continues to advise The Escape Room on its UK expansion and worldwide licencing.

The first Escape Room opened in Manchester in January 2015 and continues to be a huge success. It was also the first Escape Room in Europe to have an exclusive bar. Since the launch of the pilot in Manchester, Myerson Solicitors has continued to advise The Escape Room on various franchises across the UK, Europe and the Middle East. The latest franchises are expected to be as popular, if not more so, than the pilot.

Admin assistant fined for data theft: Information Commissioner calls for custodial sentences for data thieves

Last month, Isleworth Crown Court fined an Enterprise Rent-A-Car admin assistant £1,000 after she pleaded guilty to selling the personal data of approximately 28,000 customers, for £5,000.  Such theft is a criminal offence under section 55 of the Data Protection Act 1998 (DPA). However, the maximum penalty that an offender currently faces is a fine of up to £5,000 at the Magistrates court or an unlimited fine at the Crown Court.  This had led the Information Commissioner, Christopher Graham, to once again call for tougher punishments for those convicted of stealing personal data.

Cyber Wars: businesses must act now before The Force Awakens

A long time ago in a galaxy far away, before the Internet was invented, it would have been hard to even perceive that such a threat could exist; but, now, threats to cyber security poses one of the biggest risks faced by businesses in the 21st century. The consequences of cyber security breaches can be significant, not only in terms of financial loss, but also reputational damage. Recent developments in data protection regulation suggest that the Information Commissioner’s Office (ICO) may soon have the power to fine an organisation up to 4% of its global annual turnover. Businesses must, therefore, give careful consideration to their cyber security arrangements.

MSI Global Alliance

Myerson is the Manchester and Cheshire law firm member for MSI Global Alliance, a top 20 ranked, international association of professional firms.

Learn more...


Myerson act for a wide variety of clients across various sectors.

Learn more...


Read what a selection of our clients have to say about us.

Learn more...

Myerson Promise

We proudly offer our clients a promise which is at the cornerstone of everything we do. We always keep your specific concerns at the forefront of our minds.

Learn more...

Myerson Solicitors LLP
Grosvenor House, 20 Barrington Road, Altrincham, Cheshire, WA14 1HB

Tel: +44 (0)161 941 4000

Solicitors Regulation Authority
MSI Global
Law Society
Legal 500