June 26, 2019

June 26, 2019

Subscribe to Latest Legal News and Analysis

June 25, 2019

Subscribe to Latest Legal News and Analysis

June 24, 2019

Subscribe to Latest Legal News and Analysis

Weekly Data Privacy Alert August 28, 2017


Changes to Rules on Whistleblowing in France

In June 2017, the CNIL published a revised norm for reporting systems (AU-004), which covers the general whistleblower protection and the internal reporting mechanism required for anti- corruption compliance programs (both which have been recently introduced into French law by the so-called law “Sapin 2”) and to which companies can self-certify compliance. Further information is available here.


ICO Fines Nottinghamshire County Council for Exposing Personal Information Online

On 31 August 2017, the Nottinghamshire County Council was fined £70,000 because it had left vulnerable people’s personal information exposed online for five years. An online directory, which had no access restrictions, included sensitive information such as the gender, addresses and care requirements of approximately 3,000 elderly and disabled people. The directory also revealed whether they had been or were still in hospital. The ICO found that this was a serious and prolonged breach of the Data protection Act 1998, which requires organisations to take appropriate measures to keep personal data secure, especially when dealing with sensitive personal information.

NHS Staff Warned That Unlawfully Accessing Patient Records Is an Offence

A former healthcare assistant who pleaded to offences of unlawfully obtaining and disclosing personal data was ordered to pay a total of £1,715 in fines and costs by the ICO. Following a complaint by a patient, an investigation was opened and revealed that the healthcare assistant had accessed the records of 29 people and that some information had been subsequently shared with others. The ICO stated that this was a breach of patient confidentiality and a breach of the Data Protection Act 1998. The ICO has, therefore, warned NHS staff about the potentially serious consequences of prying into patients’ medical records without authorisation or a valid reason.

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Philip Zender, Technology Transactions, Brands Management, Intellectual Property, Squire Patton Boggs, San Fransisco

Philip R. Zender is the US practice group leader of the Technology Transactions and Brands Management groups within the firm’s Intellectual Property & Technology Practice, as well as the Media & Brands Industry Group. He also co-leads the firm’s global Data Privacy & Cybersecurity group.

415 393 9827
Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel

Francesca Fellowes is a senior associate our Data Privacy & Cybersecurity team based in our Leeds office. She has a wealth of experience in advising on a wide spectrum of data privacy issues, including managing large-scale projects involving multiple data flows and advising on commercial arrangements involving complex issues of data ownership and use.

She is particularly experienced in managing cross-jurisdictional data privacy compliance projects for multinational clients, which deal with the compliance required throughout the client’s group, relating for example, to global HR databases, FCPA investigations and whistleblowing hotlines.

Francesca provides clients with a full-range of data privacy advice services, including advice on how to comply with the new EU General Data Protection Regulation, GDPR compliance audits, handling complaints from the Information Commissioner, responding to contentious data subject access requests, drafting Model Clauses, privacy policies and data sharing agreements and advising on monitoring and surveillance issues. She advises clients in a wide range of industries, including financial services, pensions, retail and manufacturing, sport and leisure, direct marketing, credit reference and debt recovery agencies.

Francesca provides regular contributions to both internal and external publications, dealing with topical data privacy issues. Recent titles include “UK Data Protection Bill Published”, “European Commission Finds Privacy Shield ‘Adequate’ But Uncertainty Remains” and “Brexit – What Next for Data Privacy in the UK?”


  • Acting for a major investment management company in relation to a dispute regarding the ownership of the copyright in all of their client-facing materials.

  • Acting for National Oilwell Varco Inc., worldwide leader in the design, manufacture and sale of equipment and components used in oil and gas drilling and production operations and the provision of oilfield services, in relation to the prosecution of a company for possession of counterfeit parts.

  • Advising a global medical devices manufacturer in relation to the data protection aspects of a product recall.

  • Advising a local authority in relation to a dispute with its exiting service provider regarding the ownership of the intellectual property in a number of software applications.

  • Drafting a bespoke Manufacturing Agreement for a chemicals manufacturer.

  • Reviewing and reporting on Standard Terms and Conditions of Purchase for a global provider of wireless coverage solutions. Advising Cummins Inc., a global engineering and power solutions provider headed-up in the US, on data protection compliance in relation to the consolidation of the servers of 12 of their European offices onto servers in the US and UK. Managing the legal compliance for their in-house counsel.

Stephanie Faber Attorney Squire Patton Boggs Paris
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs

  • Data breach...

33 1 5383 7400
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal...

+49 30 72616 8226
Caroline Egan Lawyer Squire Patton Data Protection

Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and crossjurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

Caroline lectures on domestic and cross-jurisdictional data protection issues, and was named a notable...