Presentation is loading. Please wait.

Presentation is loading. Please wait.

7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.

Published byPiers Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009."— Presentation transcript:

1 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009

2 Information Management Information is a key asset of every business Technology has revolutionised our ability to access, create, store, search and communicate information Information Management is in its infancy and lagging behind technological development “the stone age was marked by man's clever use of crude tools; the information age, to date, has been marked by man's crude use of clever tools”

3 20062007 20082009 2010 2011 500 1,000 1,500 2,000 2,500 3,000 3,500 0 20122013 20142015 4,000 4,500 8,000 10,000 6,000 Storing up trouble…

4

5

6

7 Inside of an IT storage system

8 Why is this a problem? The acquisition of and failure to discard, possessions that are useless or of limited value due to a fear of losing things perceived to be important. = “PATHOLOGICAL HOARDING DISORDER”

9 Law and Information Management IPRs DPA Others e.g DDA, Confidence etc

10 Data Protection Act Data Protection Act 1998 EC Directive – EEA wide application Policed in the UK by the ICO Protects ‘personal data’ – electronic mainly (but also paper in some cases) ‘data controllers’ must ‘process’ in accordance with the DPA ‘data subjects’ get a number of rights under the DPA Establishes “Principles” to abide by

11 The Data Protection Principles Adequate, relevant and not excessive Accurate and up to date Rights for Data Subjects under the Act Specific purpose Not kept longer than necessary Technical and organisational measures EEA “fairly and lawfully processed”

12 Consequences of breaching DPA Reputational damage Fines Criminal offences ICO increasing policing and enforcement and taking a harder line

13 5 Key Legal Impacts 1.Security/confidentiality obligations 2.What information can/must be stored 3.Exploitation of information 4.Who has a right to access information 5.Dealing with 3 rd parties

14 1. Security/Confidentiality Common law confidentiality Contractual – agreed standards Data Protection Act – Principle 7 Applicable IT standards “keeping up to date” - adequate technical and organisational (= security) measures – e.g. BS 10012 Practical measures and security standards

15 2. What Can/Must Be Stored 800+ specified retention periods fixed by statute/common law VAT records 6 years Contractual claims 6 years (12 years if a deed) Data Protection Act Processing fairly and lawfully Adequate and not excessive Accurate and up to date Not for longer than necessary IPRs

16 3. Exploitation of Information Copyright Arising automatically in original works Lasts for a set number of years Generally owned by creator – (including ‘employer’) Database rights Arises where "substantial investment" in obtaining, verifying or presenting the contents of the database Owned by the maker Data Protection “fairly and lawfully”

17 4. Who has a right to access? Confidentiality – who can it be given to? DPA Fairly and lawfully processed EEA Subject Access Request Litigation – duty to provide even if detrimental Regulatory investigation

18 5. Dealings with 3 rd Parties See 1. to 4. above: Security Storage Exploitation Access DPA issues need to be dealt with explicitly in contracts Liability/Indemnity/Insurance Right to audit/access and have information returned Information management policies

19 Specific retail issues (1) Customer lists Marketing Credit card details Dealing with consumers – “UCTA” and B2C contracts Customer retention / media - e.g. TK Maxx

20 Specific retail issues (2) Online retailing – data in transit, Distance Selling Regs Standards – ISO, PCI, “good industry practice” Levels of encryption and security procedures Good for your business – marketing and practical risk reduction Do your suppliers comply with these standards?

21 Information is your greatest asset, but also your biggest risk... Not just the Data Protection Act 1998 There is no “magic bullet” solution A multi-faceted approach is needed: Contractual and legal protections IT security and solutions Practical policies and procedures

22 Policies Make it an employee issue not a corporate problem: Written documents that explains practical day-to-day procedures and rules for use of the data (including communications, storage, passwords, access, home working etc etc) Provided to all employees who have to sign and comply with them (part of employment / outsourcing contract) Will reduce the real risk of a leak occurring Will increase chances of compliance with law and regulation Will reduce liability Significantly improves PR damage

23 Spot the difference if lost….. and A B

24 Questions?

Download ppt "7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009."

Similar presentations

Preventing Infringement of Intellectual Property (IP) Rights in the Workplace Awareness raising to how to prevent infringement within [business name] September.

Preventing Infringement of Intellectual Property (IP) Rights in the Workplace Awareness raising to how to prevent infringement within [business name] September.
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd.

Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Data Protection Act

The Data Protection Act
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.

Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Similar presentations

Ads by Google