June 17, 2018

June 15, 2018

Subscribe to Latest Legal News and Analysis

Weekly Data Privacy Alert August 28, 2017


Changes to Rules on Whistleblowing in France

In June 2017, the CNIL published a revised norm for reporting systems (AU-004), which covers the general whistleblower protection and the internal reporting mechanism required for anti- corruption compliance programs (both which have been recently introduced into French law by the so-called law “Sapin 2”) and to which companies can self-certify compliance. Further information is available here.


ICO Fines Nottinghamshire County Council for Exposing Personal Information Online

On 31 August 2017, the Nottinghamshire County Council was fined £70,000 because it had left vulnerable people’s personal information exposed online for five years. An online directory, which had no access restrictions, included sensitive information such as the gender, addresses and care requirements of approximately 3,000 elderly and disabled people. The directory also revealed whether they had been or were still in hospital. The ICO found that this was a serious and prolonged breach of the Data protection Act 1998, which requires organisations to take appropriate measures to keep personal data secure, especially when dealing with sensitive personal information.

NHS Staff Warned That Unlawfully Accessing Patient Records Is an Offence

A former healthcare assistant who pleaded to offences of unlawfully obtaining and disclosing personal data was ordered to pay a total of £1,715 in fines and costs by the ICO. Following a complaint by a patient, an investigation was opened and revealed that the healthcare assistant had accessed the records of 29 people and that some information had been subsequently shared with others. The ICO stated that this was a breach of patient confidentiality and a breach of the Data Protection Act 1998. The ICO has, therefore, warned NHS staff about the potentially serious consequences of prying into patients’ medical records without authorisation or a valid reason.

© Copyright 2018 Squire Patton Boggs (US) LLP


About this Author

Philip Zender, Technology Transactions, Brands Management, Intellectual Property, Squire Patton Boggs, San Fransisco

Philip R. Zender is the US practice group leader of the Technology Transactions and Brands Management groups within the firm’s Intellectual Property & Technology Practice, as well as the Media & Brands Industry Group. He also co-leads the firm’s global Data Privacy & Cybersecurity group.

415 393 9827
Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel
Senior Associate

Francesca Fellowes’ practice covers both commercial and intellectual property work. She has substantial experience in all aspects of non-contentious commercial work and specialises in both contentious and non-contentious intellectual property work.

She also has a specialist knowledge of data protection law and in particular, advising on the compliance aspects of and project-managing multijurisdictional projects for global clients.

Francesca trained at a media and entertainment law firm in London and has been at Squire Patton Boggs since qualification in 2001.

Of Counsel

Stéphanie Faber specialises in international business law, commercial law, data protection and consumer law. With 20 years of experience, Stéphanie’s legal practice encompasses advising on, drafting and negotiating contracts in the following areas:

  • Commercial contracts including distribution agreements, services and supply agreements, advertising agreements, logistic agreements, general conditions of sales and sponsoring agreements;

  • Joint ventures, transfer of businesses, assets or licenses;

33 1 5383 7400
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal...

+49 30 72616 8226
Caroline Egan, Squire Patton, Data Protection Lawyer, Privacy Matters Attorney

Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and cross-jurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

44 121 222 3386