Sign up to save your podcasts
Or
Share The Case of the Rogue Employee
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Case of the Rogue Employee
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:
1. What were the underlying facts of the case?
2. What was the court’s ruling?
3. Key Takeaways for the data privacy, data protection practitioner, including:
· Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization - depending on the circumstances, a rogue employee might be after a lot of data;
· Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;
· Perform a Data Protection Impact Assessment for new processes;
· Make sure that employees in trusted roles are reliable and that their access rights are reviewed.
· Put in place and rehearse a data breach notification procedure, including detection and response capabilities;
· Training staff on all of the above; and,
· Check existing insurance or taking out new insurance to cover the range of potential risks from "innocent" errors to the actions of a rogue employee.
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By Tom Fox
5
11 ratings
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:
1. What were the underlying facts of the case?
2. What was the court’s ruling?
3. Key Takeaways for the data privacy, data protection practitioner, including:
· Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization - depending on the circumstances, a rogue employee might be after a lot of data;
· Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;
· Perform a Data Protection Impact Assessment for new processes;
· Make sure that employees in trusted roles are reliable and that their access rights are reviewed.
· Put in place and rehearse a data breach notification procedure, including detection and response capabilities;
· Training staff on all of the above; and,
· Check existing insurance or taking out new insurance to cover the range of potential risks from "innocent" errors to the actions of a rogue employee.
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More shows like Life with GDPR
View all
Global News Podcast
7,744 Listeners
Economist Podcasts
4,260 Listeners
Money Talks from The Economist
925 Listeners
The Privacy Advisor Podcast
64 Listeners
Smashing Security
314 Listeners
Up First from NPR
55,962 Listeners
Darknet Diaries
7,853 Listeners
Cybersecurity Today
167 Listeners
Forklart
98 Listeners
The World in Brief from The Economist
1,078 Listeners
Serious Privacy
24 Listeners
Cyber Security Headlines
117 Listeners
Masters of Privacy
5 Listeners
PrivacyPod
0 Listeners
The Data Chronicles
9 Listeners