Introduction In September last year, when I presented a webinar to members of the Chartered Insurance Institute on changes introduced by the Data Use and Access Act 2025 (‘DUAA), only some of its provisions had come into force and most were due to be implemented in the twelve months beginning June 2025. In December, the ICO gave updated guidance on data subject access requests which covers amendments made by the DUAA, one of which is already in force and the other is waiting

Fear of identity theft - claims for compensation from police officers Farley and others v Paymaster (1836) Limited (trading as Equiniti)   [2025] EWCA Civ 1117   How much damage is required to make someone liable for a data breach? Does the person whose data was wrongly shared have to show actual harm? Will a realistic fear of possible harm be enough and if so what level of compensation could they receive? The Court of Appeal has recently considered these questions and on 17