Blog Posts
July 2, 2025
UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack
Related News & Insights
-
Blog Posts October 20, 2025UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack
On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security measures to protect the personal data of over ~6.6 million individuals following a ransomware attack by Black Basta. The […]
The post UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
-
Blog Posts December 21, 2020UK ICO Publishes New Data Sharing Code
On December 17, 2020, the UK Information Commissioner’s Office (‘ICO’) published its Data Sharing Code of Practice (the ‘Code’) following a public consultation which commenced in 2019. The Code focuses mainly on data sharing among data controllers who are subject to the GDPR and the UK Data Protection Act (‘DPA’) 2018. Data controllers falling within […]
The post UK ICO Publishes New Data Sharing Code appeared first on Alston & Bird Privacy Blog.
-
Blog Posts May 6, 2025UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident
On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the […]
The post UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
-
Blog Posts April 4, 2025UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident
On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident that put the personal data of 79,404 people at risk. In its penalty notice, the ICO found that Advanced failed to implement […]
The post UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
-
Blog Posts November 7, 2022UK’s National Cyber Security Centre Releases 2022 Annual Review
The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the NCSC releases an annual report covering the cyber threats from the prior 12 months as well as analysis of potential […]
The post UK’s National Cyber Security Centre Releases 2022 Annual Review appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
Media Contact