7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP...
Transcript of 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP...
![Page 1: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/1.jpg)
7062664
Information Management in Retail: A Legal Perspective
Chris HillBarlow Lyde & Gilbert LLP
17 September 2009
![Page 2: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/2.jpg)
Information Management Information is a key asset of every
business
Technology has revolutionised our ability to access, create, store, search and communicate information
Information Management is in its infancy and lagging behind technological development
“the stone age was marked by man's clever use of crude tools; the information age, to date, has been marked by man's crude use of clever tools”
![Page 3: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/3.jpg)
2006 2007 2008 2009 2010 2011
500
1,000
1,500
2,000
2,500
3,000
3,500
0
2012 2013 2014 2015
4,000
4,500
8,000
10,000
6,000
Storing up trouble…
![Page 4: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/4.jpg)
![Page 5: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/5.jpg)
![Page 6: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/6.jpg)
![Page 7: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/7.jpg)
Inside of an IT storage system
![Page 8: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/8.jpg)
Why is this a problem?
The acquisition of and failure to discard, possessions that are useless or of limited value due to a fear of losing things perceived to be important.
=“PATHOLOGICAL HOARDING DISORDER”
![Page 9: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/9.jpg)
Law and Information Management
IPRs
DPA
Others e.g DDA,
Confidence etc
![Page 10: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/10.jpg)
Data Protection Act
Data Protection Act 1998
EC Directive – EEA wide application
Policed in the UK by the ICO
Protects ‘personal data’ – electronic mainly (but also paper in some cases)
‘data controllers’ must ‘process’ in accordance with the DPA
‘data subjects’ get a number of rights under the DPA
Establishes “Principles” to abide by
![Page 11: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/11.jpg)
The Data Protection Principles
Adequate, relevant and not excessive
Accurate and up to date
Rights for Data Subjects under the Act
Specific purpose
Not kept longer than necessary
Technical and organisational measures
EEA
“fairly and lawfully processed”
![Page 12: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/12.jpg)
Consequences of breaching DPA
Reputational damage
Fines
Criminal offences
ICO increasing policing and enforcement and taking a harder line
![Page 13: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/13.jpg)
5 Key Legal Impacts
1. Security/confidentiality obligations
2. What information can/must be stored
3. Exploitation of information
4. Who has a right to access information
5. Dealing with 3rd parties
![Page 14: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/14.jpg)
1. Security/Confidentiality
Common law confidentiality
Contractual – agreed standards
Data Protection Act – Principle 7
Applicable IT standards “keeping up to date” - adequate technical and organisational (= security) measures – e.g. BS 10012
Practical measures and security standards
![Page 15: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/15.jpg)
2. What Can/Must Be Stored
800+ specified retention periods fixed by statute/common law
VAT records 6 years
Contractual claims 6 years (12 years if a deed)
Data Protection Act
Processing fairly and lawfully
Adequate and not excessive
Accurate and up to date
Not for longer than necessary
IPRs
![Page 16: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/16.jpg)
3. Exploitation of Information Copyright
Arising automatically in original works
Lasts for a set number of years
Generally owned by creator – (including ‘employer’)
Database rights
Arises where "substantial investment" in obtaining, verifying or presenting the contents of the database
Owned by the maker
Data Protection
“fairly and lawfully”
![Page 17: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/17.jpg)
4. Who has a right to access?
Confidentiality – who can it be given to?
DPA
Fairly and lawfully processed
EEA
Subject Access Request
Litigation – duty to provide even if detrimental
Regulatory investigation
![Page 18: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/18.jpg)
5. Dealings with 3rd Parties See 1. to 4. above:
Security
Storage
Exploitation
Access
DPA issues need to be dealt with explicitly in contracts
Liability/Indemnity/Insurance
Right to audit/access and have information returned
Information management policies
![Page 19: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/19.jpg)
Specific retail issues (1)
Customer lists
Marketing
Credit card details
Dealing with consumers – “UCTA” and B2C contracts
Customer retention / media - e.g. TK Maxx
![Page 20: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/20.jpg)
Specific retail issues (2)
Online retailing – data in transit, Distance Selling Regs
Standards – ISO, PCI, “good industry practice”
Levels of encryption and security procedures
Good for your business – marketing and practical risk reduction
Do your suppliers comply with these standards?
![Page 21: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/21.jpg)
Information is your greatest asset, but also your biggest risk...
Not just the Data Protection Act 1998
There is no “magic bullet” solution
A multi-faceted approach is needed:
Contractual and legal protections
IT security and solutions
Practical policies and procedures
![Page 22: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/22.jpg)
Policies
Make it an employee issue not a corporate problem:
Written documents that explains practical day-to-day procedures and rules for use of the data (including communications, storage, passwords, access, home working etc etc)
Provided to all employees who have to sign and comply with them (part of employment / outsourcing contract)
Will reduce the real risk of a leak occurring
Will increase chances of compliance with law and regulation
Will reduce liability
Significantly improves PR damage
![Page 23: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/23.jpg)
Spot the difference if lost…..
and
A B
![Page 24: 7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.](https://reader036.fdocuments.in/reader036/viewer/2022062519/5697c01a1a28abf838cceea0/html5/thumbnails/24.jpg)
Questions?