The Institute of Legal Research & Standards
JULY 2019 – ARTICLES & ITEMS OF INTEREST
KEY DATES – FILING OF BENEFICIAL OWNERSHIP DATA – 29-07-2019 to 22-11-2019
In previous ILRS articles we have referred to the central beneficial ownership register required under the European Union (Anti-Money Laundering Beneficial Ownership of Corporate Entities) Regulations 2019.
The Registrar of Companies has now been appointed as the Registrar of Beneficial Ownership of Companies and Industrial & Provident Societies with effect from the 29thJuly 2019.
Filing of beneficial ownership data can be made on-line through a portal on the RBO website from Monday 29thJuly 2019.
It should be noted that companies and societies have until Friday 22ndNovember 2019 to file their data with the RBO without being in breach of their statutory duty to file however newly incorporated companies will have 5 months from the date of incorporation to register their beneficial ownership data.
For more information see https://www.cro.ie/About-CRO/Contact-Us/Whats-New
ICO (UK) ISSUES ITS FIRST FINES UNDER THE GDPR.
This July, the Information Commissioners Office (ICO) (the UK equivalent to our Data Protection Commission) has issued its first fines/intention to fine under the GDPR and they are the biggest to date of any EU Data Protection Authority.
The ICO issued its intention to fine British Airways £183.39M for breaches of Data Protection Law. The ICO found that a variety of information including names, address, log in details belonging to approximately 500,000 customers were comprised by poor security arrangements. It stated organisations must take appropriate steps to protect fundamental privacy rights. The Law is clear where you are entrusted with personal data you must look after it.
British Airways has now made improvements to its security arrangements and it will have an opportunity to make representations to the ICO before the ICO makes its final decision.
The ICO also issued its intention to fine Marriott International £99,200,396 for breaches of Data Protection Law relating to a cyber incident wherein approximately 339 million guest records globally were exposed. It was held the Marriott failed to undertake due diligence when making a corporate acquisition and it should have done more to secure its systems. Elizabeth Denham the Information Commissioner said “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected”.
Aswith British Airways, the Marriott has now made improvements to its security arrangements and it will have the opportunity to make representations to the ICO before the ICO makes its final decision.
To view the above breaches and fines in more detail see https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/statement-ico-announces-intention-to-fine-british-airways/and https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/intention-to-fine-marriott-international-inc-more-than-99-million-under-gdpr-for-data-breach/
DATA BREACH CASE STUDY
As referred to previously, the Data Protection Commission’s annual report contains 19 case studies. The following details an instance where a data breach occurred and how it could have been avoided.
Case Study 10 sets out a case wherein an unencrypted USB device was lost in the post. A private sector company notified the DPC that consent forms and an unencrypted USB device had been sent by standard post and subsequently lost. The unencrypted USB devise contained images of minors participating in an organised educational event. The potential loss of personal data could have been prevented if the data controller had in place and implemented certain policies and procedures, namely an encryption policy surrounding portable memory devices and a policy governing the sending of personal data by post example registered post/courier service.
To view this case study and others see https://www.dataprotection.ie/sites/default/files/uploads/2019-03/DPC%20Annual%20Report%2025%20May%20-%2031%20December%202018.pdf
The Law Society of England and Wales has this month produced a Conveyancing Protocol which contains a set of steps to follow when acting in a sale and/or purchase of a home for an owner occupier.
The protocol aims to standardise the residential conveyancing process and make conveyancing more transparent and efficient.
To view and download this protocol see https://www.lawsociety.org.uk/support-services/advice/articles/conveyancing-protocol/
LAW SOCIETY CONVEYANCING COMMITTEE ISSUE 3 PRACTICE NOTES
For all conveyancing practitioners this month’s Law Society gazette contains three guidance notes from the Conveyancing Committee dealing with (1) NPPR – Further Clarification (2) Sharing Conditions of Sale and Documents of Title in Electronic Form and (3) Family Law Declaration and Registration of Title-Clarification.
To view these practice notes see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2019/july-2019-gazette.pdf#page=60