At the end of June 2018, the California Consumer Privacy Act was passed unanimously, potentially sparking a revolution in data protection across the US. Following in the footsteps of the EU’s new GDPR laws, the privacy act will mean radical changes to how companies can gather and monetise their customers’ data in California. Below Lawyer Monthly explores with Nina Conseil, Senior Director, Product and Marketing at Affinion, the potential for GDPR like data protection law to go global.

It is not surprising that the tide is turning – for as long as we can remember Silicon Valley has had the upper hand and free rein to do whatever it pleases. But all that has changed since the furore surrounding Cambridge Analytica’s use or rather misuse of Facebook data hit the headlines. Mark Zuckerberg has been hauled in front of the US Congress to answer questions from the Senate commerce and judiciary committees on privacy, data mining, regulations. He has also been grilled by the European parliament and faces a lawsuit for allegedly misusing the personal data of more than 71 million people. While many have criticised the effectiveness of these hearings, users remain furious and US legislators are responding with the law.

Not just Facebook

The Facebook data scandal is just the tip of the iceberg. Unfortunately sensitive personal information often falls into the wrong hands - Norton’s latest global research shows that 978 million people were victims of cybercrime last year, losing an estimated $178 billion to hackers. Similarly, a hacker dubbed ‘Courvoisier’ stole 78 million usernames and passwords to sell on the dark web, infiltrating the likes of Uber, Argos and Asda. Only last month, Adidas suffered a security breach which endangered sensitive data of millions of its customers.

Data privacy is a serious issue for both businesses and their customers and regulation like GDPR and the California Consumer Privacy Act are helping to address it. But what else needs to change to ensure sensitive data remains private and consumers protect themselves?

Putting education first

Norton research shows 10% of the world’s population experience cybercrime every year – be it ID theft, financial fraud or a misuse of their data. This means that before long almost everyone will either be a victim or know someone directly impacted by cybercrime. Regardless of how it happens and who’s at fault, one mistake can have a huge impact – either personally, financially, or both.

Interestingly, Sophos research shows people are currently more worried about cybercrime than physical crime, yet a third of them admit ignoring data breach emails. Clearly businesses need to educate consumers on how to act if they fear they’ve been hacked - Symantec Internet Security Threat Report found that despite a 13% increase in data vulnerabilities, people don’t know who to turn to for help, while 41% can’t identify a phishing email and guess at its legitimacy.

Equipping customers with innovative tools

Financial institutions need to innovate and arm their customers with the tools they need to protect themselves such as technology which actively scans for potential data privacy risks. The provision of products and services that raise awareness and help improve data privacy and cyber security could become a key differentiator in driving loyalty. This way of thinking is starting the hit the mainstream and we’ve already started working with financial institutions across the world to offer cyber and ID protection to their customers.

One growing field is dark web scanning – most consumers won’t have seen or know much about the dark web, let alone considered whether their personal data has been published there. By offering dark web scanning, customers are given additional peace of mind and the option to take action before they suffer a loss or damages. In taking this approach, businesses are going the extra mile to show they truly care about the security of their customers’ cyber security and data.

Thanks to the Facebook scandal, data protection is the theme tune for 2018 and businesses across the world must keep up. Financial services businesses and customers alike should embrace the challenge to build an ecosystem in which data is as secure as possible. To make this possible, it’s vital that banks and financial institutions do all they can to educate and empower their customers to protect themselves while providing peace of mind. Failure to do so will not only result in data losses, but also trust and inevitably, profit.

When it comes to marriage, many ascribe to the philosophy of ‘what’s yours is mine and what’s mine is yours’. However, the tide can often turn when a relationship breaks down. This is particularly evident in cases where one party to the marriage is successful and has generated significant wealth because of their ‘special contribution’ or ‘genius’. In many such instances, the main breadwinner will look to minimise the contribution of their spouse, whose primary role may have been that of a homemaker. Marie Stock, Senior Associate Solicitor at Coffin Mew, talks lawyer monthly through the intricacies of said ‘special contribution’ or ‘genius’ and the impact this can have on UK divorces.

The case of White v White (2001), established the fundamental principle of ‘sharing’. In reaching a judgement, Lord Nicholls observed, ‘there is no place for discrimination between a husband and wife and their respective roles…whatever the division of labour chosen by the husband and wife or forced upon them by circumstances, there should be no bias in favour of the money earner and against the home maker and child carer’.

The court took a different view in the case of Sorrell v Sorrell (2005). In this instance, the parties, married for some 34 years, had accumulated wealth of over £73m. The court remarked on the husband’s brilliance and attributed this to the company going from strength to strength. It decided that the husband did possess the ‘spark or force or seed of genius’ and concluded that his genius had generated his fortune. The assets were therefore divided 60:40 in his favour.

Following the same approach, in Charman v Charman (2007), the court found in favour of the husband and the assets were divided 63:37. The court identified the need for an adjustment where there had been a special contribution. It was concluded that any such adjustment needed to be ‘meaningful and significant’ in its nature, not merely a token gesture.

The court also commented that a ‘threshold of wealth’ should be identified, below which, it would be unlikely to conclude that there had been a ‘special contribution’. A figure of between £30m and £50m was cited.

In the case of Cooper-Hohn v Cooper-Hohn (2014), matrimonial assets exceeded £1bn. The husband was a successful hedge fund manager.

The court decided that the husband’s ‘exceptional business acumen and financial genius’ justified a departure from equality, ruling that the wife should receive 1/3 of the matrimonial assets.

Nonetheless, the judiciary has been seen to shift its approach on occasion. In Robertson v Robertson (2016), the husband had acquired shares in ASOS, a successful online clothing company, before parties met. The court acknowledged that whilst the husband was hugely successful, he was not a genius. The court awarded the wife an equal division of the matrimonial assets in addition to a 1/3 division of the value of the husband’s shares in the company. The court commented that the wife had been an excellent home-maker and to treat the husband’s special contribution as "unmatched" would be "highly discriminatory".

In the case of Chai v Peng (2017), the court followed a similar line of reasoning.

The parties had been married for 42 years and had five children together. The husband had generated wealth of £205m and it was calculated that matrimonial assets totalled £161 million.

The court ruled that there should not be a departure from equality on grounds of special contribution, noting that the wife had contributed as a mother and homemaker.

In Work v Gray (2017) the husband had generated over £225m from his work in the private equity firm, Lone Star. In the first instance, the court stated that a ‘special contribution’ was hard to establish. On appeal, the judge Holman J commented ‘it is sufficient for the court to determine whether the contribution is wholly exceptional’. This required the court to look at both the nature of the contribution and to determine whether it derives from an ‘exceptional and individual quality’. The court dismissed the husband’s appeal.

The court has made it clear that it is not easy to identify what is ‘genius’, despite many such protestations from wealthy parties who are keen to ring-fence their ‘special contribution’ to their marriage. Whilst many of the above cases demonstrate a shift away from the ‘sharing principle’ applied in the case of White v White (2001), it is apparent that each case must still be considered with regard to its own individual facts. Although a ‘threshold of wealth’ guide has been proposed, arguably, we are a long way off a definitive ‘genius’ test in the context of matrimonial settlements.

The UK’s R&D gender balance is lagging behind EU countries not traditionally associated with being pioneering, a study by specialist tax relief firm Catax reveals.

Catax analysed the ratio of women to men working in research and development across the EU’s 28 member states and found the UK has climbed four places to 9th in the past decade.

However, Britain still trails surprisingly innovative nations such as Latvia (ranked first), Romania (second) and Slovakia (sixth).

There is some positive news, the UK’s proportion of women working in R&D has risen by 2.9% from 35.7% to 38.6% in ten years. Over the same time period, the average proportion of women in R&D across the 28 countries has risen by just 1.8%, going from 34.4% in 2005 to 36.2% in 2015.

Latvia, which took the top spot in 2005 and 2015, was the only EU country where the number of women in the workforce was greater than men, with 51.02% of researchers in R&D being female.

The UK was not the only EU giant to be caught short in the study. Germany was floundering at the bottom of the rankings, ranking 26th in 2005 and then 25th in 2015 whilst France ranked 26th and the Netherlands ranked bottom of the table in 28th place in 2015.

Catax CEO, Mark Tighe, commented: “So-called minnows on the EU industrial landscape are actually leading the way when it comes to female representation in the R&D workforce.

“Some of Europe’s big-hitters like Germany are falling short, and as Europe’s second largest economy, many will feel more needs to be done to encourage greater numbers of women into R&D in the UK too.

“Disparities like this speak to all kinds of elements that contribute to a country’s economic wellbeing, including education, equality and employment protections.

“The big question is whether we can identify what’s holding the UK back fast enough to make a difference.”

(Source: Catax)

When you need the answer to a legal question, unless you’re seriously traditional you most likely pull your smartphone out and ask Siri or Alexa. Below Tom Desmond, CEO of Law Firm digital marketing agency ApricotLaw, delves into the ever-evolving uses of technology in the legal sphere.

Voice searches are becoming increasingly popular. More than 77% of Americans use smartphones and nearly 1 in 6 Americans using smart speakers — and both of those kinds of devices come with artificial intelligence (AI) assistant technologies like Alexa and Siri.

That means many Internet users are conducting searches for lawyers via their smart devices, rather than using their desktop computers or laptops. They may not be asking Alexa to represent them in court, but they are asking her questions they might ask a lawyer, and she’s directing them to attorneys who can provide answers.

These advances in AI and voice search technology are having a significant impact on search engine optimization (SEO) for law firm websites. Is Alexa your new lawyer? No, but she might connect you with your next big client.

Traditional SEO and Law Firms

As most private attorneys know, a good SEO strategy enables law firms to generate more leads, which turn into clients. In the Internet age, SEO helps law firms thrive and dominate their markets.

Traditional law firm SEO involves choosing relevant keywords to target, creating high-quality, original content, getting diverse backlinks to your site, and ensuring that your site is mobile-friendly.

Barring any radical shifts at Google headquarters, these basic SEO principles are likely to remain important in the realm of law firm marketing. But innovations like AI-assisted voice search are changing the SEO landscape, and it’s up to law firms and their SEO providers to keep up.

How Artificial Intelligence Guides Internet Users to Lawyers

As voice searches on smartphones and smart speakers become more common, individuals looking for an attorney are more likely to use these technologies in their research.

The way AI assistants guide voice search users to attorneys is different for each system. For instance, Google Assistant will report only the top Google results, while Alexa will only provide answers that have been proven accurate. And most AIs only relay information from one or two top results to users.

The language used in these AI-assisted voice searches is drastically different from the way a searcher uses Google on a laptop.

For example, if an individual is looking for a car accident lawyer in New Orleans on his or her laptop, he or she might type in “New Orleans car accident lawyer” into Google and be given pages of the top-ranking car accident attorneys in New Orleans.

However, the same individual using Alexa will conversationally ask something like “Alexa, how do I find the top car accident lawyer in New Orleans?” That means the dialogue of voice search sounds a lot different from the text-based Boolean searches of days past.

Generally, someone conducting a voice search through an Amazon Echo or other Alexa-enabled device will want to do, know, or buy something or go somewhere. As it relates to law, that means they want to contact a lawyer, know something specific about the law, retain an attorney, or meet with a lawyer.

Alexa will seek to answer such queries in a conversational, human way. That means law firm website content should be conversational if it hopes to catch Alexa’s attention during voice searches.

How You Can Optimize Your Firm’s Site for Voice Search

There are a number of ways you can optimize your site to dominate voice search results. Answering the “who, what, when, where, and why” of the search queries related to your firm, location, and practice area can convince Alexa to select your firm over your competitor when it answers a user’s voice search command.

An easy way to match the conversational phrasing common to voice searches and hopefully rank well in the voice search results is to emphasize frequently asked questions and answers about your firm and practice areas on your site.

Another key aspect of voice requests through Alexa is assistance with navigation and location. By integrating your firm’s website with Google Maps and making in-content references to your location, you can alert Alexa to the fact that you are, indeed, nearby when a user asks her to find “personal injury lawyers near me,” for example.

Alexa’s No Lawyer, but She Can Connect Clients with Your Firm

Although Alexa is not a lawyer and is in no way able to give legal advice, her algorithm will pick up conversational language, FAQ answers, and location references when answering her voice search queries in an effort to connect users with an attorney who can help them with their legal matter.

By making sure your law firm’s website is optimized for AI-assisted voice searches, you can raise your chance of being her response of choice when she’s asked to find a lawyer for a user.

In the developing age of automobiles, technology and communications, how do requirements for Fair, Reasonable and Non-Discriminatory (FRAND) terms fit in? Below Michael Munsch and Christof Höhne of EIP, the Intellectual Property law firm, explain the intricacies of the EU’s latest legislation required for auto manufacturing.

Technology is currently undergoing an extremely disruptive stage thanks to a dramatic increase in innovation. This can be seen from the rapid increase in the number of electric cars and the work being done on autonomous vehicles. Part of this development in the technology industry is the growth in the number of electronic components in cars, including advanced telematics and navigation systems. These electronic components are being used to improve connectivity which is becoming a focus for autonomous cars. Legislation has been introduced which states that most cars type-approved after 31^st March 2018 must implement mobile communication by way of the so-called “eCall” function in the EU, which enables passengers to communicate with service providers in case of an accident.

As a result of this, we are seeing electronic and mobile communication companies entering the world of autonomous cars as their technology plays an increasingly important role in these vehicles. However, given the high level of patenting in electronics and mobile communications, will innovators have access to the necessary technology?

In order to provide car manufacturers access to this technology and consequently meet the required administrative approval, standardization is key. The importance of standardization for autonomous cars was recently emphasised by the European Commission on November 29, 2017 (COM (2017) 712), in which the conclusion was drawn that:

“Without formal standardisation and SEPs [standard essential patents], there would be, for example, no connected vehicles.”

In this article, we are going to look at interaction of patents with the future of standardization and the impact this may have on the automotive industry. The patents essential to form a standard are Standard Essential Patents (“SEPs”). SEPs are patents which have been declared by their owner to be essential to a specific formal industry standard (for example, making 4G standard across mobiles) or are essential by virtue of the market power of the underlying technology (de-facto standard). The SEPs we will focus on, have to be licensed by their owners under Fair, Reasonable and Non-Discriminatory (“FRAND”) terms. FRAND is a self-binding declaration that shall guarantee a fair balance between the interests of those who contribute in the standard-setting process of the respective technology and the interests of those who are dictated to by the market to rely on the standard.

As highlighted in our previous article in Lawyer Monthly, there has been confusion about what FRAND terms are and how a FRAND license is calculated. The courts are inundated with questions on this topic, but there is still no ruling by any of the highest courts in the UK and Germany, which can be considered as the most relevant jurisdictions in Europe for patent litigations. Taking a quick look back at the telecoms industry, which due to continuously growing SEP portfolios and developing industry standards (e. g. like 2G, 3G, 4G and, soon-to-be, 5G) is experiencing a vast license battle with lengthy and cost-intensive litigations, it becomes obvious that these fights will not stop outside of the automotive manufacturers doors. In fact, the increasing integration of information and communication technologies in vehicles will lead to a significant involvement of the automotive industry in SEP litigation in general. As one can imagine, fully connected autonomous vehicles must be able to perfectly communicate and be cross-compatible with their surroundings. To guarantee this, there will be a continuously developing playground for standardized technologies and the owners of related IP rights.

Whereas the potential licensors from the telecoms industry are used to playing this game, it will be relatively new to the automotive industry which, for the most part, is accustomed to settling their disputes behind closed doors and very rarely in any kind of public forum. In particular, the impact in economic and litigation terms will need to be considered: For example, the German network provider Deutsche Telekom paid hundreds of million Euros to settle a litigation battle relating to IPCom`s patent portfolio.

In fact, the first major electronics cases in which the automotive industry is involved are already pending in Germany: chip manufacturer Broadcom has attacked Audi and VW before the Mannheim District Court enforcing seven patents in a total sum of 13 individual actions. The patents relate to chips for wireless communication in a car. Several suppliers of Audi and VW have joined the dispute as interveners, which shows the relevance to the whole industry.

The overall relevance is further emphasised by the fact that BMW just recently (Dec 2017) took a license to the telecoms patent portfolio Avanci, which in particular pools patents relevant to the 2G, 3G and LTE standards from companies such as Ericsson, Qualcomm, Sony, ZTE, Vodafone and some further ones. We are sure that there is more to come.

Following the recent UK Construction Purchasing Managers' Index (PMI) figures, Brendan Sharkey, head of construction and real estate at accountancy firm MHA MacIntyre Hudson, says the industry has emerged from Carillion’s collapse relatively unscathed, but is slow waking up to the Brexit threat.

Today’s figures reflect a sector that’s doing well and it has proved resilient over recent months. The truth is that construction has actually done much better than most people expected following the collapse of Carillion. The carnage among second and third tier construction companies, thought to be an inevitable consequence of Carillion’s demise, has failed to materialise to any real extent, although unfortunately there have been casualties.

Below the top tier outsourcing and construction giants there are many well run firms with decent profit margins, reserves to see them through a crisis, and good relationships with the tier one firms. This should give us some degree of confidence for the future. The sector is stronger and has better management than most commentators have given it credit for.

On a less positive note, construction has been relatively slow to wake up to the dangers posed by Brexit. Given the industry doesn’t depend on exports, the potential pitfalls of a no-deal Brexit have perhaps been easier to overlook. Yet construction does depend on the import of raw materials, and crucially on the free movement of labour. Over the next few months we will see more focus on contingency planning and demand for additional information and support from the government.

The consequences of Carillion’s collapse were over-hyped but only a very foolhardy captain of industry can assume the same will be true about the consequences of a no-deal Brexit.

With the House of Lords examining the effectiveness of the Bribery Act, Aziz Rahman of business crime solicitors Rahman Ravelli argues that the Act seems unnecessarily hard on SMEs.

As the House of Lords has appointed a committee to examine what it calls confusion surrounding the Bribery Act, it seems that now is the time for the Act’s implications to be properly considered.

Putting it in the simplest terms, the Bribery Act 2010 created two basic crimes of giving and receiving bribes, as well as having provisions covering the bribery of foreign public officials and the failure to prevent bribery. The Act only applies to behaviour after 1 July 2011 – when it came into effect - although there are still prosecutions under earlier legislation for conduct dating back to before then.

The House of Lords’ ad hoc Select Committee will take evidence throughout the summer and autumn and report its findings in 2019. The Chairman of the Committee, Lord Saville of Newdigate, has said that with the majority of bribery cases being prosecuted under the Act, now is the time to scrutinise it in terms of its effectiveness in tackling and reducing corrupt behaviour. But most tellingly he talks about “confusion and uncertainty about the Act, amongst SME’s in particular’’.

This is a criticism of the Act that has been made before. Three years after the Act came into effect, the Association of Chartered Certified Accountants (ACCA) was expressing concern that less than half of its members believed SME’s were considering bribery risks when thinking of doing business across borders. A poll of ACCA members showed that just 17% believed the Act had given SME’s the confidence to tackle bribery, while half believed there was insufficient guidance for SME’s on the issue.

There has often been criticism that the Bribery Act puts pressure on companies to tackle bribery without advising them on how to do it Without any real guidance, it will be the SME’s who are most likely to struggle to be compliant with the Act. They are less likely to have the resources to put into researching and devising anti-bribery procedures that are fit for purpose.

From the moment it came into effect, the Bribery Act has covered all companies of all sizes either based in, or with a close connection to, the UK. Any such company can be prosecuted under the Act in the UK for bribery that was perpetrated on its behalf anywhere in the world. Prosecutions can be brought against a company if the bribery was by its staff, an intermediary, third party or trading partner acting on its behalf.

Companies investigated under the Act have to be able to show that they had "adequate procedures" in place to identify the risks of bribery and to prevent it happening. If they cannot show this, they face prosecution under the Act. The Act carries punishments that can include unlimited fines and see individuals sentenced to up to ten years imprisonment.

2018 has seen the first conviction under Section 7 of the Bribery Act 2010 - the failure to prevent bribery. And it wasn’t against one of the big boys.

Skansen, an office refurbishment company employing 30 people, won two contracts after its then managing director paid bribes. Skansen gave the police full cooperation during the investigation. It made it clear that it had in place policies emphasising honesty, operated a system of financial controls and had anti-bribery clauses in its contracts. But this was not considered enough. Skansen – a dormant company with no assets at the time of conviction – was found guilty of the Section 7 offence.

Do we see this case as a clear sign that prosecutors are looking at SME’s as easy targets for a bribery prosecution? Possibly. We could, however, view the Skansen case as an indicator that Section 7 may become more popular with prosecutors than the Section 1 Bribery Act offence of giving bribes because – unlike Section 1 – it does not require proof that the directing mind and will of the company was involved in the offence.

Future prosecutions will give us a clearer idea if either of those arguments are valid. But what can be said with a degree of certainty is that the prosecution of Skansen seems to be of little benefit. It even adds to the argument that the Bribery Act places a disproportionate burden on SME’s.

The Act expects all companies to have adequate procedures in place to prevent bribery. Yet, with no detailed guidance forthcoming, companies need to take the right advice on what would be considered adequate procedures. The big corporates may have the time and resources to invest in making sure they obtain the right advice and act upon it – but it is an option that may be beyond the reach of many SME’s. And that cannot be fair.

What must also be considered is that when prosecutors start to investigate bribery allegations against a major corporate – such as an aerospace or mining company – the spotlight will inevitably work its way along the supply chain. This can mean the focus being put on many SME’s; who may then have to explain their anti-bribery procedures. This has to be viewed as a heavy-handed approach. In such circumstances, SME’s are being asked to explain their conduct – often when functioning on limited budgets – as part of a bribery investigation that may have little or no direct connection to them.

The Skansen case is certainly a clear sign that many companies may need to review their existing anti-bribery procedures, as the bar seems to have been raised quite high regarding the definition of adequate procedures. We will have to see what the House of Lords makes of the Bribery Act’s effectiveness so far.

Its findings on the issue of “confusion and uncertainty’’ and SME’s may be particularly interesting. Unlike the House of Lords, SME’s seldom have the luxury of time when it comes to analysing the Bribery Act. It must be hoped that the Lords’ report includes recommendations to tackle this problem.

Week after week media outlets spout out news about large companies failing to disclose old breaches, suffering current security breaches or refusing to explain their situation surrounding a breach of data. All these scenarios carry different circumstances for each individual companies and each of them carry implications for customers and questions surrounding regulatory framework.

Over the past week we’ve seen both Dixons, a large tech company, and Reddit, one of the large online communities, disclose data breaches to the public. Below Lawyer Monthly has collated the latest comments and opinions on these breaches, with some insight into the ongoing conundrum of cybersecurity worldwide.

Gareth Oldale, Partner, Sharpe Pritchard:

The fact that an extra 9 million people than was originally envisaged have been impacted by the Dixons Carphone data breach only serves to increase the severity of the breach, and so increase the likelihood of even more stringent action being taken by the ICO. The number of data subjects impacted is one of the criteria that the ICO will consider when determining the level of any fines it issues.

It appears (although it has not yet been confirmed) that this breach will be investigated under the “old” data protection regime, as the breach occurred before the GDPR came into force on 25 May. If this is the case, then the maximum fine that could be issued by the ICO would be £500,000 (as opposed to €20million or 4% of Dixons Carphone’s annual worldwide turnover, whichever is the greater, under the GDPR). Accepting that there is a different upper limit of the fine, the fact that nearly ten times as many people as original envisaged have been impacted will almost certainly mean that this would be one factor leading towards a higher fine. On the other hand, the fact that Dixons Carphone appears to have taken steps to seek to remedy the data breach very quickly, and appears to be engaging pro-actively with the ICO, will count in its favour. Still the most damning feature of this breach, however, is the fact that it follows so soon after another quite similar breach by the same corporate group in which the company was issued with a then-record fine of £400,000.

If individuals have suffered damage as a result of the data breach, then they may be entitled to receive compensation from Dixons Carphone. It is still too early to say if such a claim for compensation would be likely to be successful, but it is certainly an area which privacy activists and consumer rights groups are watching carefully.

The ICO has seen a huge increase in the number of data breaches being reported since the introduction of the GDPR. Some of those are very benign, low risk and low impact, meaning that no formal enforcement action or fines are required. For the more serious breaches, such as this one by Dixons Carphone, however, we can expect to see the ICO using the tools available to it under the GDPR to protect the rights of data subjects and seek to encourage better privacy practices and fewer data breaches moving forwards.

Matt Middleton-Leal, general manager, EMEA, Netwrix:

Dixons’ breach is a classic example of an organisation that simply did not have sufficient visibility into its IT infrastructure, and by extension its most important asset: in this case, its customers’ confidential data. I would implore all organisations to ensure that they can track in an automated fashion all confidential data and who has access to it within the company. The faster that an organisation can detect, investigate and stop an attack in its tracks, the better its changes of preventing damage and avoiding significant financial penalties in the era of GDPR.

Unfortunately, what secured us yesterday does not seem to be securing us today; industry must take a security from the inside-out approach. We must learn from mistakes and keep security strategies up to date as users, business needs and IT infrastructures change in order to safeguard organisations and the data they’re entrusted with.

Reddit’s data breach appears to have occurred due to the inadequate protection of employee credentials. One can only assume that the insider accounts that were hijacked in this case were legitimate; it’s a cause for significant concern that this failed to raise any internal alarms before data was stolen.

Unfortunately, this is just the latest in a long line of attacks where external attackers have become de facto insiders using stolen credentials, allowing them to hide in plain sight within a network. It is essential that organisations have full visibility into their IT infrastructure, enabling them to spot potentially suspicious activity in real-time and intervene before sensitive data and systems are compromised. Without this level of control – including ensuring that users’ credentials are recorded and appropriate to their role – these kinds of breaches are set to continue.

Andrew Bushby, UK Director, Fidelis Cybersecurity:

Initial reports suggested that Dixons’ breach took quite some time to detect and mitigate, and now we’re being told that an additional nine million customers were impacted. With GDPR’s safeguarding and notification requirements, organisations really need be on top of their game with cybersecurity, so it’s rather unfortunate that such a huge discrepancy can exist.

This is a classic visibility problem that organisations everywhere can and must learn from. With the sophistication and persistence of today’s cybercriminals, security teams need to have real visibility of what’s happening to their systems at all times, providing the ability to proactively find the unknown threats, and not just in the aftermath of an attack. With this incident already being investigated by the ICO, it will be interesting to see how this error affects the final outcome - particularly with network defence being such a critical aspect of GDPR. Questions will no doubt be asked about the security measures around the data before the breach, and why so many impacted customers were missed at the time of notification.

Reddit’s is a concerning response to a data breach, as the onus has been placed on the user to first determine if they were impacted and then to evaluate the potential repercussions themselves. It’s surprising to see an organisation dismiss its duty of care in such a public way - particularly one whose reputation as a safe haven for anonymous opinions has now been jeopardised. What’s more, if European citizens were in fact impacted, it could pose a real GDPR conundrum for the organisation.

Broadly, this incident shines a light on the need for more robust, layered security measures around sensitive data. Network intrusions are now inevitable, but it’s what happens next that can really make or break an organisation. With the sophistication and persistence of today’s cybercriminals, security teams need to have real visibility of what’s happening to their systems at all times, providing the ability to proactively find unknown threats, and not just in the aftermath of an attack. Serious questions must be asked about the security measures around the data, Reddit’s reluctance to properly notify affected users and the overall response by its spokespeople.

Nigel Jones, former Head of Legal for Google and Founder, The Privacy Compliance Hub:

Dixons Carphone said that the data breach that was reported back in June affected 10 million of its customers rather than the 1.2 million it originally estimated. What will now be interesting is how the breach will be dealt with by the regulator. The regulator (the ICO) commented back in June that it was looking at whether the breach would be covered by the 1998 or 2018 Data Protection Acts. This is important as the level of fines that can be imposed under each Act is very different.

Under the 1998 Act, the maximum fine is £500,000 (which is the amount the ICO has notified Facebook that it intends to levy for the Cambridge Analytica breach). Under the 2018 Act, the maximum fine is 4% of turnover which could be an eyewateringly large sum. Dixons Carphone has got on the front foot by saying that there is no evidence of any fraud, but its shareholders will be hoping that the ICO do not use this breach as a test case for its increased regulatory powers. They will also be hoping that the 10 million customers affected by this breach don't jump ship to another provider, or bring legal actions of their own.

Ross Brewer, VP & MD EMEA, LogRhythm:

It may call itself the ‘front page of the internet’ but ‘front page of the news’ is probably more relevant today. Disclosing a data breach often goes hand-in-hand with disclosing the scale and telling those affected, but Reddit has decided that it won’t be doing that. Instead, it has advised any users who are concerned to check their own inboxes for any unusual activity between 3rd and 17th June, the period in which the hack took place. That’s not a great response. Any company that leaves customers vulnerable shouldn’t then expect them to investigate themselves. Moreover, if any European citizens are caught up in the breach, it’s in breach of GDPR.

Hackers were able to gain access to databases by intercepting the text messages sent as part of Reddit’s two-factor authentication measures. They got their hands on employee credentials, which were then used to access two databases of user data – one of which contained usernames and email addresses relied on for the company’s ‘email digest’ function.

This breach reinforces that businesses must be doing more to protect all sensitive data. Two-factor authentication can’t be the sole measure, it needs to be a part of a wider cybersecurity setup. This means automated detection through tools such as NextGen SIEM and User and Entity Behaviour Analytics (UEBA) which can quickly flag anomalous activity so that potential threats are shut down from the outset.

Feel free to offer Your Thoughts in the comment box below and tell us what you think.

When it comes to the glorious British summertime, which does not come around as much as it should, we tend to extract every second of value out of those precious daylight hours, and sun-starved Brits often throw caution to the wind in an effort to soak up those rays. Our collective over-excitement when the sun makes an appearance is also having a detrimental impact on our health; alongside dehydration and skin damage, research from the Royal National Institute for Blind People has shown that eye damage is one of the number one health problems which arise regularly every summer.

People regularly fail to take proper care of their eye health during the summer, when bright sunlight for long stretches of the day can take a heavy toll on our eyes. Furthermore, this is often compounded for those working in an office environment, who will also be staring at their computer screens when they're not out in the sun. Here are some top tips for maintaining your eye health all summer long.

Pick Up Good Habits

During the summer months, protecting your general health is about so much more than just changing what you eat or how you excercise. There's plenty of simple tips and tricks which you can easily build into your workflow in order to take the strain off your precious mind and body. It's now known that your average office worker will spend a grand total of 11 hours a day staring at screens, leading to an effect on various aspects of your health - from mental, diet, and eye health in particular.

Long days in the office can be counteractacted by building in regular breaks away from the screen, health experts recommend a 10-minute break every half an hour. as well as fighting your instincts to drink in the sunny views and close the blinds to reduce glare on your screen. This is believed to be a leading cause of dry eyeball and cornea damage.

Protect Yourself

Continuing on the theme of eye health, proper protection is key. If you're planning on spending plenty of time in the sun, make sure you have strong, UV-repellant sunglasses, and wear a visor or sun hat which affords appropriate shade cover for your face. When you're in the office, you should always be wearing high-quality contact lenses if needed, with a huge range for every prescription being sold on Vision Direct. You should also make sure that you're avoiding cheap sunglasses and checking that the ones you're wearing are right for you if they're prescription ones, so check with an optician beforehand.

Get Checked

One of the most important ways to maintain eye health is to get regularly seen by a professional. Summer is the best time to schedule in a visit with the optician to make sure your prescription is up to date, and to head to an optometrist to ensure that you're currently taking the right levels of precaution. You only ever get one pair of eyes, so make sure you're taking as much care of them as you would any other part of your body!

A few weeks back Tini Owens appealed to the Supreme Court to grant her a divorce from her husband of 40 years, who is refusing the split. The Supreme Court unanimously rejected her appeal, meaning she must remain married until 2020. The decision was a sad but legally correct outcome of a bad law. Below Stephen Bartlet-Jones, Barrister at One Pump Court, explores some of the important considerations and remaining questions surrounding this complex family law case.

The law correctly recognises that the only ground of divorce present in this case is “irretrievable breakdown of the marriage”, but as things stand that is not enough. One of five facts have to be proven: adultery, desertion, unreasonable behaviour, 2 years’ separation with consent and 5 years’ separation without consent. Under the current law, therefore, it is potentially as much as 5 years quicker to get a divorce if you blame your spouse for the end of the marriage. It is also one of the few differences between civil partnership and divorce, since a civil partnership cannot be brought to a quick end due to adultery being proven.

Very few marriages end because one person was wholly in the right and one was wholly in the wrong. Indeed, I’m not sure it can be said that marriages where one party has behaved unreasonably or committed adultery have “irretrievably” broken down: many spouses are able to forgive and move on from all sorts of appalling behaviour. It certainly cannot be said that one needs to wait two or five years to know that a marriage has irretrievably broken down just because the parties have maintained civility and remained faithful.

The need to set out “unreasonable behaviour” is a tinderbox for couples already permanently living on the edge of an argument. It is hard enough to put on a combined front to reassure children, and to avoid putting them in the position of having to choose between their parents: when reacting to an inflammatory divorce petition that has landed unexpectedly on the doormat, many parents lose their cool and it is the children who suffer. It can leave bad feeling for many years to come, and I have met many children of divorcees who can still quote lines of the divorce petition because their parents repeated them so many times during their childhood. The effect of the state determining who’s to blame for the marriage breaking down is often to make the causes of the marriage ending seem very black and white.

It must also be said that the current law forces couples to spend money on solicitors which could be better used to help them turn one household into two. Solicitors are required to negotiate who will be deemed to be at “fault" and what form that “fault” will take. They are needed to navigate the minefield of petitions, cross-petitions and riders that eventually lead to a level of “fault” being recorded on the public record that both spouses can live with.

Back in 1996, the government legislated for “no-fault divorce”. Because it was afraid of being seen to cheapen the institution of marriage, it built in a mechanism of compulsory information meetings which proved unworkable, and so the legislation was never brought into force. It was a wasted opportunity. Yet the answer may be contained within our current divorce laws, without the need for complex and specific changes that may take years to pass. Nobody would disagree with the only current ground of divorce: that the "marriage has irretrievably broken down”. If the parliament scrapped the need to prove that by means of specific “facts of divorce”, it would have achieved “no fault divorce” without the complication of introduced by the Family Law Act 1996. At the same time, it could introduce a minimum “cooling off period” before the divorce can be finalised - I would favour a period of 6 months, and certainly no more than one year. It takes that long to sort out the finances and child arrangements in most cases anyway. The mechanism for that cooling off period is already there in our law: the court currently makes a “decree nisis” (a conditional order of divorce) and won’t grant the decree absolute (the final divorce order) for a minimum of six weeks and one day. By extending this six-week period to a more politically acceptable “cooling off period” of say 6 months, a no-fault divorce could be achieved by means of very simple legislation.

When you look at the case of Tini Owens, you cannot help feeling that something must be done to help her and others in her position. The case has dominated the headlines, with commentators up and down the country questioning how we can reasonably keep somebody locked in a loveless marriage. Can we really call Tini Owens a free woman if she must wait until 2020 before she can move on with her life?