Speechly Bircham | Inform IP, Technology & Commercial

March 2008



Inform IP, Technology & Commercial

Speechly Bircham

 

 

Welcome to March's issue of Inform IP, Technology & Commercial

 

This month we look at The Companies (Trading Disclosures) Regulations 2008 which come into force on 1 October 2008. In addition, we will look in to a number of information security breaches by UK companies investigated by the Information Commissioner, as well as new data protection and information security rules on manual data recently introduced in Spain.

 

Robert Bond,

Head of IP, Technology and Commercial, Speechly Bircham


robert.bond@speechlys.com


Useful links

- ICO

- FSA


www.speechly.com
subscribe
forward this email

Top Stories

UK publishes the Companies (Trading Disclosures) Regulations 2008

The Companies (Trading Disclosures) Regulations 2008 ("CTDR") come into force on 1 October 2008.  Apart from requiring companies to show their main registered office and place where the company books are kept there is also an obligation that where a company wishes to disclose the names of its Directors then all Directors names must be disclosed. The CTDR apply to company communications including letters, notices, cheques, terms and conditions, invoices, receipts, license applications, emails and websites.

 

Most companies are required to supply this level of information as part of the e-commerce regulations and distance selling regulations but now would be a good time to revisit company paper work and electronic communication text in time for 1 October 2008. The CTDR will be of particular importance to companies who use a strong brand or identity which is not directly reflected by the name under which the company is incorporated and this will mean a re-think of their paper and electronic documentation. 

Skipton Financial Services breaches the UK Data Protection Act

Recently, Skipton Financial Services was investigated by the UK Information Commissioners Office following the theft of an unencrypted laptop which contained the personal information of 14,000 of its customers.

 

The unencrypted information contained data such as dates of birth, national insurance numbers and other financial information and there should have been adequate technical measures in place to protect such data in line with the seventh principle of the UK Data Protection Act 1998. 

This latest investigation and "naming and shaming" by the Information Commissioners Office is further warning to businesses that they must fully implement compliance with the Data Protection Act.

UK Information Commissioner orders Marks & Spencer to upgrade their information security including use of encryption

Recently the UK retail chain, Marks & Spencer plc lost a laptop containing the information of 26,000 employees with the data on the laptop being unencrypted. An investigation by the Information Commissioner's office found that the company had failed to implement adequate security procedures in order to protect personal data as required by the seventh principle of the UK Data Protection Act 1998.

 

The Information Commissioners Office has issued an Enforcement Notice on Marks & Spencer requiring them to upgrade their information security.  Failure to do so would be a criminal offence. The current action by the Information Commissioner highlights the continuing focus on information security and data breaches and as we have previously indicated, tougher laws are likely to follow this year.

Spain publishes new Data Protection and Information Security Rules for Manual Data

Spain has recently published amendments to its existing Data Protection laws in order to address consent by data subjects in relation to the processing of manual data. Amongst other things, the new law extends information security processes to the physical protection of manual data.  Spain has had some of the most detailed law on information security measures in relation to electronic personal data and now imposes specific requirements on the physical protection of manual data held in filing cabinets and offices.

 

In addition to the changes in relation to manual data, the Spanish Data Protection laws have been updated to include more requirements as regards the levels of data security to be imposed on information relating to mental health and disabilities and further protections have been given for personal data belonging to minors as well as rights in favour of relatives of the deceased.  Data Protection laws in Europe do not apply to personal data relating to the deceased but Spain has now given relatives of the deceased certain rights to control the accuracy of personal data about a deceased relative.

 

For further information please contact Robert Bond.

 

Speechly Bircham LLP is a limited liability partnership registered in England and Wales (registered number OC321620) and is regulated by the Solicitors Regulation Authority. A list of members' names is open to inspection at our registered office, 6 St Andrew Street, London EC4A 3LX

Speechly Bircham LLP 6 St Andrew St London EC4A 3LX
Tel +44 (0)20 7427 6400 Fax +44 (0)20 7427 6600

 


To unsubscribe visit:
http://info.speechlys.com/vtu/666088XC9761R8261N74


Concep | Our interactive email partner