Introduction Employees and workers assume they are protected whistleblowers, when a close reading of the Employment Rights Act 1996 (ERA 1996) confirms their disclosure of wrongdoing does not satisfy the various conditions necessary. This is a precise and technical area governed by Part IVA ERA 1996. When a disclosure is protected, the person making it acquires the right not to suffer a detriment or be dismissed because of it. It is a valuable protection with no cap on the c

Introduction The Government has just launched a campaign to encourage more businesses of every size to  lock the door on criminals by putting cyber security protections in place: https://www.gov.uk/government/news/businesses-urged-to-lock-the-door-on-cyber-criminals-as-new-government-campaign-launches Statistic Cyber threats cost UK businesses £14.7 million a year. Significant cyber incidents cost £195,000 on average. Over the past year, 82% of medium and large businesses hav

Introduction Earlier this month the ICO published guidance on the complaints handling processes organisations will be required to put in place in June 2026, when section 103 Data (Use and Access) Act 2025 comes into force. They very much hope this new statutory requirement will reduce the number of complaints they receive. Complaint parameters The section introduces a new section 164A into the Data Protection Act 2018 which allows a data subject to make a complaint to the co

Introduction The ICO’s largest fine in recent months was a combined £14 million against Capita PLC (£8 million) and Capita Pensions Solutions Limited (£6 million) in October last year. It is another wake up call to take data security seriously.   The breaches affected over 6.5 million data subjects, 3973 of whom joined a multi-party action in the High Court claiming compensation. Although compensation for data breaches is usually low, the total outlay for this number of claim

Introduction In September last year, when I presented a webinar to members of the Chartered Insurance Institute on changes introduced by the Data Use and Access Act 2025 (‘DUAA), only some of its provisions had come into force and most were due to be implemented in the twelve months beginning June 2025. In December, the ICO gave updated guidance on data subject access requests which covers amendments made by the DUAA, one of which is already in force and the other is waiting

Fear of identity theft - claims for compensation from police officers Farley and others v Paymaster (1836) Limited (trading as Equiniti)   [2025] EWCA Civ 1117   How much damage is required to make someone liable for a data breach? Does the person whose data was wrongly shared have to show actual harm? Will a realistic fear of possible harm be enough and if so what level of compensation could they receive? The Court of Appeal has recently considered these questions and on 17