You would think that if a company was found both by the relevant regulatory authorities and by the courts to have taken all reasonable steps to protect personal data, it would have a complete answer to a data breach claim. Not so. That was the surprising (to some) outcome of a recent Court of Appeal decision claim in a case concerning a well-known UK supermarket chain. The judgment can be found here. The implications of this case for all companies and for the boards which preside over them should not be ignored.
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedIn