Presentation materials from an In-House Lawyer Seminar hosted by Squire Patton Boggs in association with Michael Page Legal

1. In House Lawyer Seminar
In association with Michael Page Legal
Thursday 25 June 2015
Manchester Office

2. Welcome & Introduction
Rob Elvin
Office Managing Partner
Squire Patton Boggs

3. 3squirepattonboggs.com 3squirepattonboggs.com
Agenda
8.30am Breakfast & Registration
9.00am Welcome & Introduction – Rob Elvin
9.05am Update on the legal Recruitment Sector – Michael Page Legal
9.15am Labour & Employment – key employment law developments – Paula Cole
9.45am Update on Competition Law – Diarmuid Ryan
10.05am Interpreting & Drafting Contracts in English Law – keeping up with the modern approach – Ben Holland
10.35am Coffee Break
10.50am Cyber Liability – Victoria Leigh and Sebastiaan Pronk
11.20am Speaking with confidence and influence – Esther Stanhope
12.15pm Questions & Conclusions
12.30pm – 1.30pm Networking Lunch

4. An update on the legal Recruitment Sector
Michael Page Legal

5. Labour & Employment
Key employment law developments
Paula Cole
Partner, Squire Patton Boggs

6. 6squirepattonboggs.com 6squirepattonboggs.com
Holiday Pay – a reminder of how we got here
 Article 7 of the Working Time Directive – four weeks’ “paid” leave
 Regulation 16 of the Working Time Regulations 1998 – a “week’s pay” for
each week’s leave is calculated in accordance with sections 221 – 224 of the
ERA 1996
 ERA provisions are complicated and vary depending on whether an
employee works “normal working hours” or not

7. 7squirepattonboggs.com 7squirepattonboggs.com
Holiday Pay – a reminder of how we got here
 “Normal working hours” – an employee is entitled to be paid his normal basic
weekly pay (Section 221) – would not normally include overtime (except
compulsory overtime), bonuses, commission, etc.
 No “normal working hours” – an employee is entitled to be paid his average
weekly pay in the applicable 12 weeks (Section 224) – would include
overtime, bonuses, commission, etc.

8. 8squirepattonboggs.com 8squirepattonboggs.com
But then it all changed!
Case Ruling Status
BA Plc v Williams [2012]
Supreme Court ruled that workers
are entitled to receive their “normal
remuneration” during annual leave –
includes remuneration “intrinsically
linked to the performance of the
tasks”
Bear Scotland [2014]
EAT ruled that a worker’s holiday
pay should take into account non-
guaranteed overtime
Lock v British Gas Trading
Ltd [2015]
ECJ ruled that commission should
be taken into account for holiday
pay purposes
Leicester ET ruled that
WTR can be amended
so as to reflect
European law – decision
now being appealed to
the EAT

9. 9squirepattonboggs.com 9squirepattonboggs.com
Lock v British Gas – in more detail
 ECJ’s decision: 4-week statutory holiday that derives from the Directive
should take into account commission payments
 Leicester ET’s decision: WTR should be amended to include a provision
that “… a worker whose remuneration includes commission or similar
payment shall be deemed to have remuneration which varies with the amount
of work done…”
 Lots of questions around commission still remain unanswered, including what
is the relevant reference period (12 weeks? 12 months?)

10. 10squirepattonboggs.com 10squirepattonboggs.com
Holiday Pay Update
So where does this leave employers?
 What should now be included in holiday pay for WTR purposes?
 Voluntary overtime?
• (NB Patterson v Castlereagh Borough Council, due to be heard in NI CA on 19 June)
 Bonuses?
 Allowances?

11. 11squirepattonboggs.com 11squirepattonboggs.com
Holiday Pay Update
So where does this leave employers?
 What is the correct reference period for averaging pay?
 Historical liability for unlawful deductions
 Bear Scotland – any break of 3 months between deductions could break the chain
for time limit purposes
 2-year cap on claims for backdated holiday pay – 1 July 2015

12. 12squirepattonboggs.com 12squirepattonboggs.com
Holiday Pay - What should employers be doing?
Employers should be:
 Carrying out a review of their holiday pay arrangements in light of the recent
cases
 Monitoring ongoing developments
 Assessing potential risk/impact to business (forwards and backwards)

13. 13squirepattonboggs.com 13squirepattonboggs.com
Hot Employment Law Topics (Case Law)
Recent case law developments
 USDAW v Ethel Austin, ECJ, 30 April 2015 (the “Woolworths case”)
 Duty to collectively consult where 20 or more redundancies are proposed
“at one establishment” within a 90 day period
 Previous EAT decision on meaning of “establishment”
 ECJ’s decision – “‘Establishment’ means the entity to which the workers
made redundant are assigned to carry out their duties.”

14. 14squirepattonboggs.com 14squirepattonboggs.com
Hot Employment Law Topics (Legislation)
Recent legislative developments – effective 5 April 2015
 Shared parental leave and pay
 Age limit on unpaid parental leave increased from 5 to 18 years
 Statutory adoption leave – now a “Day One” right and increase in amount of
Statutory Adoption Pay to bring into line with Statutory Maternity Pay

15. 15squirepattonboggs.com 15squirepattonboggs.com
Hot Employment Law Topics – On the horizon
Forthcoming legislative developments
New Government Fit for Work Service
 Free health and wellbeing advice to assist with absence prevention
 Free occupational health assessment
 £500 per employee annual tax exemption

16. 16squirepattonboggs.com 16squirepattonboggs.com
Hot Employment Law Topics – On the horizon
Forthcoming legislative developments
 Small Business, Enterprise and Employment Act 2015
 Employers of 250 or more employees to be required to publish their gender pay
information
 Outlawing exclusivity clauses in zero hours contracts

17. Competition Law Update
Diarmuid Ryan
Partner (Antitrust & Competition)

18. 18squirepattonboggs.com 18squirepattonboggs.com
Contents
 Update on CMA enforcement activity 2014 – 2015
 Cartel offence
 CA98 cases
 Market investigations
 Mergers
 Update on European Commission activity

19. 19squirepattonboggs.com 19squirepattonboggs.com
Cartel offence
 Galvanised Steel Tanks:
• Mr Peter Nigel Snee, Managing Director of Franklin Hodge Industries
Limited, pled guilty on 17 June 2014 to the criminal cartel offence
• Prosecution of Messers Dean and Stringer
 Indicates successful prosecutions were possible under old test

20. 20squirepattonboggs.com 20squirepattonboggs.com
 Inherited from OFT
Concluded
Sports Bras RPM – “no grounds for action”
Road Fuel Distribution in Western Isles – Ch.II (exclusive supply) commitments
Vehicle service etc platforms – Ch.II (switching restrictions) commitments
Hampshire estate agents – Ch.I (agreement not to advertise fees) fine £735K (10%
settlement discount and 5% compliance discount); 18 months probe (1 year to issue SO)
Mastercard/Visa Interchange Fees: on hold – December 2014 decision not to impose
interim measures; file closed May 2015 (administrative priorities)
Ongoing
Galvanised Steel Tanks
Paroxetine pay-for-delay (Ch.I and Ch.II)
Hotel online booking: OFT commitments decision quashed (Skyscanner) (ongoing)
Supply of Pharmaceutical Products (Ch.I and Ch.II)
CA98 enforcement 2014/2015

21. 21squirepattonboggs.com 21squirepattonboggs.com
CA98 enforcement 2014/2015
 CMA originated
Ongoing
Bathroom fittings vertical agreements (Ch.I)
Commercial catering equipment vertical agreements (Ch.I)
Clothing/footwear/fashion conduct (Ch.I)
Healthcare sector (Ch.I)
Pharmaceutical sector (Ch.II)
Commentary:
 Hardly any fines in Year 1
 Improve robustness and speed of decision making (CMA annual plan)? too
early to say
 Use of new powers (CMA annual plan): CMA has conducted compulsory
interviews; not yet imposed interim measures
 Insufficient attention to extent of burden (esp. on small businesses)

22. 22squirepattonboggs.com 22squirepattonboggs.com
Market studies and investigations
 Inherited from OFT/CC
Concluded investigations
Statutory audit services
Private motor insurance
Aggregates, cement and ready-mix concrete
Concluded studies
Residential property management services
Ongoing investigations
Payday lending (remedies)
Private healthcare: 15.12.14 CAT quashed CMA report (procedural error – failure to
re-consult on insured pricing analysis) and remitted to CMA

23. 23squirepattonboggs.com 23squirepattonboggs.com
Market studies and investigations
 CMA originated
Concluded
Competition and regulation in higher education in England project
Commercial use of consumer data report
Ongoing
Groceries pricing super-complaint
Retail banking market investigation: provisional findings September 2015
Energy market investigation: provisional findings June 2015
Commentary
 CMA is certainly taking on “strategically significant” cases
 CMA’s ability to deliver high quality and robust reports within new statutory
time limits?
 Concern about CMA willingness to impose divestiture remedies: “in
principle…the selling firm…should be indifferent between holding this asset
and selling it at a fair price ” Chisholm, September 2014

24. 24squirepattonboggs.com 24squirepattonboggs.com
Merger control
 References
Closed
Pure Gym/The Gym (cancelled)
Pork Farm/Kerry (cleared)
Ongoing
Xchanging/Agency (provisionally cleared)
Reckitt Benckiser/K-Y (SLC provisional
finding)
Sonoco/Weidenhammer (provisionally
cleared)
Ashford and St Peter’s Hospitals/Royal
Surrey
Pennon/Sembcorp Bournemouth Water
Poundland/99p
BT/EE
 UILs
 Diageo/United Spirits
 Immediate/Future Publishing
 Motor Fuel/Murco
 GTCR/Gorkana
 Intercity Railways/Intercity East
Coast
 Greene King/Spirit

25. 25squirepattonboggs.com 25squirepattonboggs.com
Mergers
Commentary
CMA response to statutory 40 working day Phase I review period – much
longer pre-notification process, much heavier information burden (new Merger
Notice)
Hold-separate regime for completed mergers much more intrusive and
effectively automatic
Represents significant cost on UK business – may have deterrent effect,
particularly on small mergers (CMA considering new guidance on de minimis
discretion)
Improved Phase I process (access to decision-maker)

26. 26squirepattonboggs.com 26squirepattonboggs.com
CMA before the courts
Some reverses
HCA –v- CMA (Dec 2014): HCA denied adequate opportunity to comment
Skyscanner (September 2014): no proper consideration of objections
AC Nielsen –v- CMA (July 2014): material error of fact
Eurotunnel (CA; May 2015): acquisition of assets not a “merger”
Some successes
AXA PPP Healthcare –v- CMA (March 2015): upholding exercise of CMAs
discretion that consultant groups did not lead to AEC
Tobacco (January 2015): Admin court refused to order CMA to repay Gallaher
fines (but highly critical of payment to TMR)
Ryanair; AkzoNobel
Commentary
CAT provides robust judicial review – great merit of UK system
Shows importance of effective systems/processes, particularly with new
accelerated statutory deadlines (market investigations; Phase I mergers)

27. 27squirepattonboggs.com 27squirepattonboggs.com
European Commission
 Continues to actively sanction cartels (envelopes; trucks)
 Major abuse of dominance investigations:
 Google
 Gazprom
 Amazon
 E-commerce sector enquiry
 ECN
 Directive on antitrust damages actions

28. Interpreting & Drafting Contracts
in English Law
Ben Holland
Partner, Squire Patton Boggs

29. 29squirepattonboggs.com 29squirepattonboggs.com
Introduction
 Summary of where we stand
 Traditional approach - now passed
 New approach - how it works
 The future - where are we going
 Examples from recent contracts
 Drafting tips

30. 30squirepattonboggs.com 30squirepattonboggs.com
Summary of current law
 Contractual interpretation is an OBJECTIVE exercise
 The SUBJECTIVE intention of a party is IRRELEVANT to questions
of interpretation
 The OBJECTIVE interpretation of a contract = REASONABLE
PERSON
 REASONABLE PERSON with the factual background available to the
parties (including general commercial considerations)
 Where a REASONABLE PERSON would consider that there was
more than one meaning, English law favours the construction
consistent with BUSINESS COMMON SENSE (or COMMERCIAL
SENSE)

31. 31squirepattonboggs.com 31squirepattonboggs.com
Traditional approach
 Four corners of the contract
“nothing could be more dangerous than to go out of the four corners of a
contract, and endeavour to find out the meaning of the parties from other
circumstances not mentioned or alluded to in the contract itself” (Hall v Ross
[1813] 3 E.R. 672 – House of Lords)
 Construction has a strong legal bias
 Latin legal maxims as an aid to construction

32. 32squirepattonboggs.com 32squirepattonboggs.com
The new approach
 Objective: The objective nature of interpretation (unchanged)
 Contextual: Increased emphasis on context – the objective meaning
of the words set against “the factual background”
 Commercial: A new policy of commercial sense (reasonable result)
 Unitary exercise: The above is a single exercise

33. 33squirepattonboggs.com 33squirepattonboggs.com
Lord Hoffmann enters the House of Lords
 Charter Reinsurance Co v Fagan [1997] AC 313
 “actually paid” interpreted to mean “actually payable”
 Lord Hoffmann said “the notion of words having a natural meaning is not a
very useful one. Because the meaning of words is not sensitive to syntax
and context…”
 Mannai v Eagle Star Assurance [1997] AC 749
 “12th
January” interpreted to mean “13th
January” in the context of an
otherwise invalid notice
 Lord Hoffmann said “It is a matter of consistent experience that people can
convey their meaning unambiguously although they have used the wrong
words”

34. 34squirepattonboggs.com 34squirepattonboggs.com
Investors Compensation Scheme Ltd v West Bromwich
Building Society (No. 1) [1998] 1 W.L.R. 896
 Clause in dispute:
“any claim (whether sounding in rescission for undue influence or otherwise)
that you have against the…society in which you claim an abatement of sums
which you would otherwise have to repay to the society…”
 Should the clause be interpreted to mean:
“any claim sounding in rescission (whether for undue influence or otherwise)
…”?

35. 35squirepattonboggs.com 35squirepattonboggs.com
Investors Compensation Scheme Ltd v West Bromwich
Building Society (No. 1) [1998] 1 W.L.R. 896
 Hoffmann sets out his 5 principles of contractual interpretation:
 Interpretation is the ascertainment of the meaning which the document
would convey to a reasonable person having all of the background
knowledge that would reasonably have been available to the parties in the
situation in which they were at the time of the contract
 Background (or factual matrix) includes absolutely everything which would
affect the way in which the language of the document would have been
understood by a reasonable man
 English law excludes evidence of negotiations and subjective intent
 The meaning which a document would convey to a reasonable man is not
the same thing as the meaning of its words
 The “rule” that words should be given their “natural and ordinary meaning”
reflects the common sense proposition that we do not easily accept that
people have made linguistic mistakes

36. 36squirepattonboggs.com 36squirepattonboggs.com
Lord Hoffmann’s last big case
 Chartbrook Limited v Persimmon Homes Limited [2009] UKHL 38
 Confirmed objective nature of interpretation: negotiations are
irrelevant
 Confirmed active approach to construction and interpretation:
“What is clear from these cases is that there is not, so to speak, a limit to
the amount of red ink or verbal rearrangement or correction which the
court is allowed. All that is required is that it should be clear that
something has gone wrong with the language and that it should be clear
what a reasonable person would have understood the parties to have
meant. In my opinion, both of these requirements are satisfied.”

37. 37squirepattonboggs.com 37squirepattonboggs.com
Rainy Sky v Kookmin Bank [2011] UKSC 50
 In 1997, Lord Steyn wrote in “Contract law: Fulfilling the reasonable
expectations of honest men” 113 LQR 433, 441:
“Often there is no obvious or ordinary meaning of the language under
consideration. There are competing interpretations to be considered. In
choosing between alternatives a court should primarily be guided by the
contextual scene in which the stipulation in question appears. And speaking
generally commercially minded judges would regard the commercial purpose
of the contract as more important than niceties of language. And, in the
event of doubt, the working assumption will be that a fair construction best
matches the reasonable expectations of the parties.” (emphasis added)

38. 38squirepattonboggs.com 38squirepattonboggs.com
Rainy Sky v Kookmin Bank [2011] UKSC 50
“The language used by the parties will often have more than one
potential meaning. I would accept the submission made on behalf of the
appellants that the exercise of construction is essentially one unitary
exercise in which the court must consider the language used and
ascertain what a reasonable person, that is a person who has all the
background knowledge which would reasonably have been available to
the parties in the situation in which they were at the time of the contract,
would have understood the parties to have meant.
In doing so, the court must have regard to all the relevant surrounding
circumstances.
If there are two possible constructions, the court is entitled to prefer the
construction which is consistent with business common sense and to
reject the other.”

39. 39squirepattonboggs.com 39squirepattonboggs.com
Rainy Sky v Kookmin Bank [2011] UKSC 50
Supreme Court affirms the legacy of Lords Steyn and Hoffmann
Objectivity
Contextual
Commercial
Iterative process
Confirms importance of commercial sense
But when are there more than two meanings?

40. 40squirepattonboggs.com 40squirepattonboggs.com
Napier Park European Credit Opportunities Fund
v Harbourmaster [2014] EWCA Civ 984
 Trial judge held that language was clear/unambiguous on its ordinary
meaning, so he did not need to go on to consider commercial
context
 Court of Appeal held that, where possible, the court should test any
interpretation against the commercial consequences
 Beware adopting an unduly narrow grammatical reading of the
clause or failing to take account of its obvious purpose and context
“It follows in my judgment that, where possible, the court should test
any interpretation against the commercial consequences. That is part
of the iterative exercise of interpretation. It is not merely a safety valve
in cases of absurdity.” (Lewison LJ)
 Place the rival interpretations of a phrase within their commercial
setting and investigate their commercial consequences
 So, how does this apply to recent contracts?

41. 41squirepattonboggs.com 41squirepattonboggs.com
The future: Greater judicial licence to intervene?
Using the commercial background to “create” more than one “natural
meeting” – “actually paid” interpreted to mean “actually payable”
Using commercial reasonableness to select the correct meaning
Extending commercial reasonableness beyond the express terms of
the contract through implied terms and a revised remoteness test
Rewriting each contract’s history?
Reconstructing the commercial “factual matrix” at a time and distance
from contract formation that makes the exercise inherently unreliable

42. 42squirepattonboggs.com 42squirepattonboggs.com
Drafting – Points to beware
 Areas for particular care
 Terms that may appear “uncommercial” to a third party at a time
and distance from when the contract is made
 Reliance on traditional “legal” rules or maxims of construction to
give words meaning e.g. “consequential loss”
 Is a “condition” a condition in law or is it an innominate term?

43. 43squirepattonboggs.com 43squirepattonboggs.com
Drafting – How to manage this new landscape
 Drafting
 Recording the commercial “background”: Recitals
 Setting out your own meaning: Defined terms
 Selecting your own “maxims”: “Interpretation clause”
 Termination provisions that are a complete code (dealing with the
“condition” issue)
 Deal management
 Ambiguity gets the deal signed, but it creates risk: Absent clear
agreement with the counterparty there is a risk that a court will not
agree with your interpretation
 Keep papers from deal, as some will help with “factual matrix”

44. Coffee Break

45. FEEL
FREE
A NEW APPROACH
TO CYBER SECURITY
Sebastiaan Pronk
KPMG Cyber

46. TH
E
RIS
KRANKIN
G2011
LOSS OF CUSTOMERS/CANCELLED
ORDERS
TALENT AND SKILLS SHORTAGE
REPUTATIONAL RISK
CURRENCY FLUCTUATION
CHANGING LEGISLATION
COST AND AVAILABILITY OF
CREDIT
PRICE OF MATERIAL INPUTS
INFLATION
CORPORATE LIABILITY
EXCESSIVELY STRICT
REGULATION
1
2
3
4
5
6
7
8
9
10
1
2
3
4
5
6
7
8
9
10
HIGH TAXATION
LOSS OF CUSTOMERS/CANCELLED
ORDERS
CYBER RISK
PRICE OF MATERIAL INPUTS
EXCESSIVELY STRICT
REGULATION
CHANGING LEGISLATION
INFLATION
COST AND AVAILABILITY OF
CREDIT
RAPID TECHNOLOGICAL
CHANGES
INTEREST RATE CHANGES
201
3
Source: Lloyd’s board risk index – http://www.lloyds.com/news-and-insight/risk-insight/lloyds-
risk-index
CHANGES
IN
CYBER: A HOT TOPIC

47. VALUES AND BEHAVIOURS: TECH
TRENDS
Always on
Always available
Quick to deliver
Easy to adapt
DIGITAL SOCIETY EVERYTHING JOINS UP
Making use of big
data
BIG INSIGHTS

48. WHY
INFORMATION
PROTECTION & PRIVACY
48
HYPERCONNECTIVI
TY
CLOUD
SOCIAL MEDIA
MOBILE
BIG DATA
THE INTERNET OF
THINGS
CYBE
R?
CYBERSPACE DESIGNED FOR
INFORMATION SHARING
LARGELY ANONYMOUS
MAY NOT KNOW YOU HAVE BEEN
TARGETED
ATTRIBUTION IS NOT STRAIGHT FORWARD
CYBER: SECURITY

49. TH
E
THRE
ATACTORS
HACKTIVISM
HACKING INSPIRED BY
IDEOLOGYMOTIVATION: SHIFTING ALLEGIANCES – DYNAMIC,
UNPREDICTABLE
IMPACT TO BUSINESS: PUBLIC DISTRIBUTION,
REPUTATION LOSS
ORGANISED CRIME
GLOBAL, DIFFICULT TO TRACE AND
PROSECUTEMOTIVATION: FINANCIAL ADVANTAGE
IMPACT TO BUSINESS: THEFT OF INFORMATION
THE INSIDER
INTENTIONAL OR UNINTENTIONAL?
MOTIVATION: GRUDGE, FINANCIAL GAIN
IMPACT TO BUSINESS: DISTRIBUTION OR
DESTRUCTION, THEFT OF INFORMATION,
REPUTATION LOSS
STATE-SPONSORED
ESPIONAGE AND SABOTAGE
MOTIVATION: POLITICAL ADVANTAGE, ECONOMIC
ADVANTAGE, MILITARY ADVANTAGE
IMPACT TO BUSINESS: DISRUPTION OR
DESTRUCTION, THEFT OF INFORMATION,
REPUTATIONAL LOSS
CYBER: THREATS

50. • SECTORS: WHO IS BEING
TARGETED?
AUTOMOTI
VE
AEROSPAC
E
ENERGY
PROVIDERS
BANKS PROFESSIONA
L & LEGAL
SERVICES
DEFENCE ADVANCED
MANUFACTURI
NG
RENEWABLE
ENERGY
BUILDING
SOCIETIES
RESEARCH
INSTITUTES
PHARMACEUTICA
LS &
BIOTECHNOLOG
Y
MINING &
NATURAL
RESOURCES
COMMUNICATI
ONS
WIDER
FINANCIAL
SERVICES
ACADEMIA
50

51. WHAT IS BEING
STOLEN/LOS
T?
INFORMATION THAT IS
VALUABLE
BUSINESS CRITICAL
INFORMATION
CRITICAL TRANSACTIONS
INTELLECTUAL PROPERTY -
RESEARCH
BUSINESS PROCESSES – FINANCE
AND PERSONAL
PARTNERS, SUPPLIER AND STUDENT
DATA
CYBER: SECURITY

52. CYBER: LEGAL
ico
.Information Commissioner’s
Office
EUR810,000 or10 percent of an
organization’s annual worldwide
turnover
Mandatory Breach Disclosure

53. REGULATIONS: PRO-ACTIVE ATTITUDE?

54. CYBER IN YOUR
SECTORS
The vectors remain the same but the risk rises exponentially
What are your ‘Crown
Jewels’ that do you need
to protect?
Are you investing your
money efficiently in your
cyber controls?
Who is accountable for
managing your cyber risk?
Do you know what
information is leaving your
business and how?
What are your regulatory
obligations and are you
compliant?
How do you balance digital
opportunity and cyber risk?
How do your cyber security
capabilities compare to your
peers?
How would you handle a cyber
breach or attack?
How are you managing your
suppliers to ensure they are
not a weak point in your
security?
CYBER: IN YOUR
COMPANY

55. THANK
YOU
PRESENTATION BY
Sebastiaan Pronk

56. Cyber Liability
Victoria Leigh
Partner, Litigation
Squire Patton Boggs

57. 57squirepattonboggs.com 57squirepattonboggs.com
 Why Data Loss Matters – UK Regulatory Regime
 Europe - The Future
 Network and Information Security Directive
 General Data Protection Regulation
• Litigation Risks
 10 Things Not To Do
Cyber Liability
INTRODUCTION

58. 58squirepattonboggs.com 58squirepattonboggs.com
 ICO Sanctions
 Fines of up to £500k per breach
 Undertakings
 Name and shame
 Orders
– information notices
– assessment notices
– enforcement (‘stop-now’) orders
• Other Regulators – FCA, tPR
WHY DATA LOSS MATTERS
REGULATORY IMPACT

59. 59squirepattonboggs.com 59squirepattonboggs.com
• Claims
 Credit card companies/banks
 Individuals
• Damage to Data & Systems
• Business Interruption
• Increased Costs
• Loss of Reputation/Goodwill
 Existing customers
 New customer generation
 Shareholder value
WHY DATA LOSS MATTERS
OTHER ISSUES INCLUDE

60. 60squirepattonboggs.com 60squirepattonboggs.com
• Currently under review and trialogue with Parliament, Council & Commission
• Possible Adoption 2015?
• Implementation in to Member State’ law 2017?
• Aims
• Approach
• Potential Impact
The Network and Information Security Directive
(NISD)

61. 61squirepattonboggs.com
 What is it?
 Single regulation planned to replace existing EU data protection laws
 When will it come into force?
 Still being debated in EU but may finally be passed in late 2015
 2 years to implement if passed so 2017 at earliest
EU Draft General Data Protection Regulation
(‘GDPR’)

62. 62squirepattonboggs.com
Key Points
Significant increase in potential fines
 Up to Euro1m and/or 2% of global turnover
Compulsory breach notifications
 Regulator
 Affected individuals
Extension to non-EU companies targeting EU
One-stop-shop for businesses operating across multiple EU countries
Mandatory data protection compliance officers
Privacy-by-design
Expanded ‘right to be forgotten’
EU Draft General Data Protection Regulation
(‘GDPR’)

63. 63squirepattonboggs.com 63squirepattonboggs.com
Litigation risks
• Increased regulatory scrutiny, both at domestic and EU level
• FCA Regulation – eg Zurich fined £2.27M
• Disclosure and Transparency Rules (DTR 2.2.1R)
• Section 92 Financial Services and Markets Act 2000
• Breach of contract – force majeure/frustration?
• Negligence – comply with "best practice" guidance
• UK claims – class actions/individuals v companies
• Consequential losses – eg NatWest and RBS Banking Services in 2012:
£125 million of customer compensation
• Ensuring business continuity – check the contract!
• Notification to ICO – serious breach?
• Intellectual property/knowledge risks
• Proceeds of Crime Act 2002

64. 64squirepattonboggs.com 64squirepattonboggs.com
 No legal obligation to report breach but consider:
 Potential detriment to data subjects (individuals)
 Volume of personal data lost/released/corrupted
 Sensitivity of data lost/released/corrupted
“Appropriate technical and organisational measures shall be taken against unauthorised or
unlawful processing of personal data and against accidental loss or destruction of or damage to
personal data” – 7th
Principle
ICO – To Report Or Not To Report

65. 65squirepattonboggs.com 65squirepattonboggs.com
1. LEAVE DATA BREACH PLANNING UNTIL YOU BREACH
• Data breaches never happen at convenient times
• Easy to forget things in heat of moment
• Immediate commercial decisions required
 Notifications
 PR position
• Assistance needed from third parties
 e.g. insurers, PR agencies, forensic IT
• Staff need to be trained on responses
• Need plan to safeguard systems & preserve
evidence
TEN THINGS NOT TO DO

66. 66squirepattonboggs.com 66squirepattonboggs.com
2. FORGET WHAT DATA YOU HOLD
• Critical to assess risk/plan strategy following breach
• What data is held
 Catalogue specifics e.g. if bank details or sensitive personal data
 Problems can arise when data acquired but never assimilated
• Where is it held
 Physical locations and systems
• How it is stored & protected
 CSV file, proprietary format etc…
 Encryption, password protection etc…
• Who holds/has access to it
 Can assist in identifying cause of breach
TEN THINGS NOT TO DO

67. 67squirepattonboggs.com 67squirepattonboggs.com
3. KEEP UNENCRYPTED DATA ON YOUR LAPTOP/TABLET
• ICO’s bête noir & guaranteed fine generator
• Password protected ≠ encrypted
• Caution if data is transferred to any personal advice
• Ensure personal data is permanently deleted
 Deleting from trashcan ≠ permanently deleted
• Dangerous locations/lengthy travel
 Consider switching hard drives before travel
TEN THINGS NOT TO DO

68. 68squirepattonboggs.com 68squirepattonboggs.com
4. LEAVE SECURITY PLANNING TO THE IT TEAM
• ICO invariably asks for copies of security policies
• IT teams usually great at technical security.
Not necessarily so good at documenting it
• Consider in particular
 Type & location of data
 Physical security
 Logical security
 Security in flight and at rest
 Access controls
 Data destruction
TEN THINGS NOT TO DO

69. 69squirepattonboggs.com 69squirepattonboggs.com
5. LET MARKETING TEAMS/AGENCIES DO THEIR OWN THING
• Many breaches we have dealt with have come from marketing, particularly
use of external marketing agencies
• Tend to be less aware of issues/need for security than HR/finance
• Large numbers of external contractors involved
• Consider
 Data security/use training & policies
 Contracts with external providers
TEN THINGS NOT TO DO

70. 70squirepattonboggs.com 70squirepattonboggs.com
6. IGNORE LOW VALUE CONTRACTS
• Many breaches we have dealt with were due to lapses at contractors rather
than internal security.
• Data contracts can be low value but high risk
 e.g. online payment gateways, customer verification services, apps, social media
management services
• Legal obligation to have written contract in place
• ICO will inevitably ask for contract details
• Importance of ongoing due diligence on suppliers
TEN THINGS NOT TO DO

71. 71squirepattonboggs.com 71squirepattonboggs.com
7. ACT BEFORE YOU HAVE A CLEAR VIEW OF THE SITUATION
• First instinct is frequently to assume the best – e.g.
 there is no breach
 breach poses no/little risk
 little data involved
• Small changes in circumstances can have a large impact on actions
 e.g. data encrypted vs unencrypted
• Difficulty in changing course once you go public/notify individuals
• If you decide to notify, ICO will require detailed information about breach
TEN THINGS NOT TO DO

72. 72squirepattonboggs.com 72squirepattonboggs.com
8. USE DEFAULT PASSWORDS/UNPROTECTED WIFI
• Default passwords
 Much easier to retrieve
 Change in accordance with password policy
 Don’t use information easily obtained from social media sites – e.g. birthdays
 Password length is key -
• Unprotected WIFI
 Frequent source of hacks
 Hard to track users
TEN THINGS NOT TO DO

73. 73squirepattonboggs.com 73squirepattonboggs.com
9. IGNORE IT – NO-ONE WILL EVER KNOW
• If unclear whether breach has occurred, suspect it has and investigate
 Must be able to explain actions to ICO with justifiable reasons
 If fail to investigate properly, immediately on back-foot with ICO
• People talk – particularly if they find themselves with information they
shouldn’t have
• Internal memos have a habit of leaking
• Delays in responding cause serious reputational
damage
TEN THINGS NOT TO DO

74. 74squirepattonboggs.com 74squirepattonboggs.com
10. MAKE A BAD THING WORSE
• Involvement of staff who do not have adequate data security training
• Own investigations can trigger further breaches
• Loss of privilege
• Failure to preserve evidence
TEN THINGS NOT TO DO

75. 75squirepattonboggs.com 75squirepattonboggs.com
Contact
Victoria Leigh
Partner
+44 (0)161 830 50058
victoria.leigh@squirepb.com

76. The Impact Coach – who gives you extra oomph!
@estherstanhope1
esther@estherstanhope.com
“Speaking with Confidence and Influence”

77. Questions & Close