Abstract
ABSTRACTAs data breaches continue to increase, data controllers face persistent obstacles in maintaining the security of personal data. The existing literature has focused on the rules creating the legislative architecture, with limited attention on evaluating the means and results of enforcement. In this work, regulatory action of the data protection authorities is evaluated using the legal and regulatory information, particularly with respect to (a) the quantum and type of cases reported to the data protection authority; (b) the types of data breach instances that are chosen to intervene by the regulator; and (c) the threshold of liability that has been established in these types of cases by the courts. This study uses public data provided by the Information Commissioner's Office, the data protection authority in the United Kingdom, with specific focuses on its provision of penalties and enforcement notices. An empirical analysis of penalties is provided, giving novel insight into regulatory outcomes. Furthermore, semi-structured interviews are undertaken with case workers to understand their considerations when investigating. Responses from case workers highlight the complexity in discerning which organizational and technical measures should give rise to liability.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Review of Law, Computers & Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
