UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident that put the personal data of 79,404 people at risk. In its penalty notice, the ICO found that Advanced failed to implement […]

The post UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting  how regulators are […]

The post UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

On December 17, 2020, the UK Information Commissioner’s Office (‘ICO’) published its Data Sharing Code of Practice (the ‘Code’) following a public consultation which commenced in 2019. The Code focuses mainly on data sharing among data controllers who are subject to the GDPR and the UK Data Protection Act (‘DPA’) 2018. Data controllers falling within […]

The post UK ICO Publishes New Data Sharing Code appeared first on Alston & Bird Privacy Blog.