Risk & Compliance monthly highlights - May 2020

Risk & Compliance monthly highlights - May 2020

In this issue:


GDPR & data protection

Coronavirus (COVID-19)

The Information Commissioner’s Office (ICO) has published a series of questions for consideration by organisations using data to combat the coronavirus (COVID-19) pandemic. Several organisations are employing contact tracing and location tracking technologies, and the ICO is keen to ensure that privacy implications are appropriately considered. See: .

The ICO has also published a document explaining its regulatory approach during the coronavirus pandemic. The Information Commissioner says the ICO is taking an empathetic, pragmatic and flexible approach by focusing mainly on the greatest threats, providing advice and guidance on data protection to frontline organisations, taking action against those exploiting the current public health emergency, and providing support for businesses and public authorities recovering from the impact of the pandemic. See: .

The European Data Protection Board (EDPB) has adopted a letter concerning the European Commission’s draft guidance on apps supporting the fight against the coronavirus pandemic. The guidance on data protection and privacy implications complements the Commission's Recommendation on apps for contact tracing, published on 8 April 2020, setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the coronavirus crisis. See:  and 

The EDPB has announced that the issuing of guidance concerning data processing will be brought forward as a result of the coronavirus pandemic. Areas including the use of location and anonymisation of data, the processing of health data for research and scientific purposes and the processing of data by technologies used to facilitate remote working are all being prioritised. The EDPB also intends to issue general guidance in line with adequate legal bases and pertinent legal principles. See: .

See also our Q&As:  and 

Brexit

Most guidance on personal data transfers and Brexit has focused on the implications for transfers from the European Economic Area (EEA) to the UK. Bridget Treacy and Olivia Lee, partner and associate at Hunton Andrews Kurth, discuss the implications of Brexit for the reverse situation: personal data transfers from the UK to the EEA during and after the Brexit implementation (or â€˜transition’) period. See News Analysis: .

Vicarious liability

On 1 April 2020 the Supreme Court in WM Morrison Supermarkets plc v Various Claimants unanimously allowed Morrisons’ appeal, finding Morrisons was not vicariously liable for the actions of an employee who deliberately leaked the company’s payroll data online. See News Analysis: ,  and .

Disclosures of personal information

Claire Williams, principal associate and Samuel Ash Croft, trainee solicitor, at Mills & Reeve LLP look at the issue of oral disclosures and the GDPR in Scott v LGBT Foundation. See News Analysis: .


 

Crime prevention

COVID 19

The Organisation for Economic Co-operation’s (OECD) Working Group on Bribery has warned that the global response to the coronavirus should not be undermined by bribery. See: .

The Home Office has issued guidance for businesses on how to address and report on modern slavery risks during the coronavirus pandemic. See: . See also our Q&A: 

The coronavirus is affecting the ongoing case work of UK enforcement agencies facing constraints imposed by the countrywide lockdown and social distancing measures that are hampering their ability to push forward substantive investigations already on their books. See News Analysis: .

To help address fraudulent conduct amid a slowing of the US Department of Justice’s (DOJ) prosecution and enforcement efforts, the Coronavirus Aid, Relief, and Economic Security Act grants the DOJ some emergency powers, subject to important limitations related to defendants' constitutional rights and public access to hearings, says James Petkun at Klehr Harrison. See News Analysis: .

Anti-bribery & corruption

Airbus group's resolution of global bribery issues with UK, French and US authorities for â‚¬3.6bn can be seen as a good outcome for all concerned. See: .

Goldman Sachs’ compliance procedures worked, US enforcers said in explaining a decision not to pursue the bank over alleged bribes that a London-based executive paid to help a client win work in Ghana. See News Analysis: .

Unexplained wealth orders

The case of National Crime Agency v Baker exposes the potential limitations of unexplained wealth orders (UWOs) and warns against overreliance on the use of complex offshore arrangements as evidence of unlawful conduct. Gary Pons, a barrister at 5 St Andrew Hill, examines the case in more detail and assesses the future implications of the judgment. See News Analysis: .

Financial sanctions

The Office of Financial Sanctions Implementations (OFSI), took a big swing with its £20.5m fine on Standard Chartered PLC over loans that violated Ukraine sanctions, its most aggressive move yet that could usher in a new era of US-style enforcement in the UK. See News Analysis: .

Ed Pearson, solicitor, and Lucia Cabello, a Spanish-qualified lawyer, both of Fulcrum Chambers, consider OFSI’s decision to fine the UK bank Standard Chartered PLC. See News Analysis: .


 

AML & counter-terrorist financing

COVID-19

The UK’s money-laundering authorities insist that it's â€˜business as usual’ for banks during the coronavirus crisis, but that approach appears to be out of step with the more hands-on approach taken elsewhere. Banks and others that skimp on diligent and timely money laundering reporting and ignore the risks can’t expect an easy ride from regulators despite the unprecedented situation they face. See News Analysis: .

AML actions

The Gambling Commission’s recent AML fine against Betway Limited (Betway), illustrates companies subject to the Money Laundering Regulations 2017 (MLR 2017) must adopt a risk-based approach that concentrates resources and focus into their highest-risk areas, say Kevin Roberts, Mark Beardsworth and Duncan Grieve, lawyers at Cadwalader. See News Analysis: .


 

Information management & security

COVID-19

The Solicitors Regulation Authority (SRA) has released a cybersecurity Q&A during the coronavirus outbreak. See: . See: .

The Home Office has published guidance on steps to take to protect individuals and businesses against fraud and cybercrime during the coronavirus pandemic and where to report security breaches. See: .

The ICO has published guidance regarding the use of video conferencing during the coronavirus pandemic. See: .

The National Cyber Security Centre (NCSC) has urged all individuals to backup their data securely following an increase in coronavirus-related cyber-attacks. The NCSC sets out what factors to consider when checking your data backup regime is fit for purpose, which is vital especially with the rapid increase in the numbers of people working from home. See: .

The NCSC has released an advisory alongside the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) on the exploitation of coronavirus by cyber criminals. The advisory provides information on recorded malicious activity and tips to detect and mitigate attacks. See: .

The European Parliament has published recommendations for people to protect themselves better against coronavirus cyber-attacks. See: .

For further information and guidance, see our information management and security—coronavirus guidance and tools:

See further subtopic: , which contains guidance, Precedents, analysis and other resources for in-house lawyers and law firms relating to pandemic management, including in relation to coronavirus.


Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.