London Market Brief October 2019: cyber insights

A roundup of recent cyber-related developments including: non-material damages under the GDPR; data protection laws in Asia-Pacific; cyber attacks in the education sector; regulation of cryptoassets; blockchain in the pharmaceutical industry; challenges presented by autonomous vehicles; and algorithms as a new emerging risk.

Group litigation - into the breach

Claims by data subjects have been labelled “the new PPI”, particularly following the ratification of the right to non-material damages in the GDPR. Worryingly, the latest decision of Lloyd v Google [02.10.19] appears to have made it even easier for claimants to bring such claims, particularly en masse.

The Court of Appeal, in reversing the High Court’s decision entirely, held that: (1) there should be no requirement to prove pecuniary loss or distress for a claimant to recover compensation successfully under the Data Protection Act; and (2) that Mr Lloyd had met the requirements of a representative action on the basis that those he sought to represent did have the “same interest” in the claim.

Contacts: Tom Pelham, Ollie Dent, Cameron Carr, Barnaby Winckler, Arran Roberts

Related item: Group litigation - into the breach

Moving towards Europe: recent trends in Asia-Pacific data protection law

The Asia-Pacific region appears to be on the verge of a minor revolution in data protection regulation. In the wake of the European Union’s General Data Protection Regulation (GDPR), which set a new standard for the protection of personal data, several Asia-Pacific countries have strengthened, or have proposed to strengthen, their data protection laws by borrowing various concepts from the GDPR.

For businesses in Asia-Pacific, it is becoming increasingly important and increasingly difficult to maintain compliance with the region’s data protection laws. Not only do businesses need to comply with the data protection laws of their home jurisdiction, but as more jurisdictions adopt data protection laws with extraterritorial effect, they will increasingly also need to comply with the laws of other countries in which they deal with consumers or employees. Following a data breach, it can be a complex exercise to determine which countries require notification to regulators and individuals.

Contact: Nicholas Blackmore

Related item: Moving towards Europe: recent trends in Asia-Pacific data protection law

The education sector is prone to cyber attacks but is it prepared?

Cyber crime and inadvertent data breaches are increasing and these pose substantial commercial and reputational risks for schools, colleges and universities. In May 2019, the education sector was listed in the top five most vulnerable to cyber attack, but it was not in the top five for greatest take up of cyber insurance.

Schools and universities hold substantial amounts of personal data, often on aging IT systems. There is a real risk of personal data being retained for too long and without proper security mechanisms in place. Such systems are prone to attack and to human error, resulting in potentially disastrous consequences in respect of damage to reputation, loss of intellectual property and substantial exposure to fines and claims.

Contacts: Barnaby Winckler, Geoffrey Shreeve

Related item: The education sector is prone to cyber attacks but is it prepared?

Cryptoassets: FCA publishes Guidance on regulation of cryptoassets

The Financial Conduct Authority (FCA) has issued its Final Guidance on Cryptoassets to clarify which cryptoassets fall within the UK regulatory perimeter, and in doing so has identified a new category of cryptoasset.

The FCA has clarified that it considers two categories of cryptoasset tokens to fall within the regulatory perimeter: “Security” tokens and “E-Money” tokens.

The FCA’s Guidance is limited to whether certain cryptoassets fall within the current regulatory perimeter. HM Treasury is consulting on whether legislative changes are required in order to regulate cryptoassets to a greater degree, as currently a considerable proportion of cryptoassets fall outside the scope of current regulation.

Contacts: Jenny Boldon, Ben Loechner

Related item: Cryptoassets: FCA publishes Guidance on regulation of cryptoassets

Blockchain: practical application in the pharmaceutical industry

IBM recently announced its latest blockchain initiative in partnership with KPMG, Merck and Walmart. The consortium’s goal is to develop a pharmaceutical blockchain platform that can track drugs as they move through the global supply chain, from manufacturer to end user.

This is welcome news for insurers. On the underwriting side, a transparent and efficient supply chain will allow insurers to more accurately assess risk and improve their review of supply chain activity.

On the complaints management side, the use of blockchain technology will allow insurers to track back through an insured’s supply chain by utilising the easy-to-follow audit trail. A centralised platform will also assist in record management and complaints logs, resulting in lower investigatory and legal costs.

Contact: Cameron Carr

Related item: Blockchain: practical application in the pharmaceutical industry

Autonomous vehicles will stretch the limits of liability

The way in which people and goods travel is changing rapidly. The shift towards transport in which machines are increasingly taking control from humans raises fundamental considerations around public safety, ethical dilemmas and where liability rests when accidents occur. It also means a major shift in the amount of data that is collected by vehicles, and how that data is stored and used.

Gearing up for this new era of transportation presents many challenges. The application of autonomous vehicle technology across the motor insurance market and the cargo and freight markets will present unique obstacles and opportunities.

Contacts: Rachel Moore; Chris Chatfield

Related item: Autonomous vehicles will stretch the limits of liability

Algorithms: from claims automation to emerging risk

As we move through the world, we leave in our wake a rapidly growing sea of data, tracking our every move, our every click, our every transaction, our driving, our preferences, our health, our desires. And as this store of data has grown, so algorithms to process this data have become widespread.

The explosion of data and the growth of algorithms are also having an impact in claims. Ironically, however, the rise of algorithms may also be seen as a new emerging risk. The standardisation of process, claims or legal, may, in the end, reduce the diversity of approach. And it is diversity that ensures a variety of cognitive approaches that, in turn, guarantees our ability to solve problems.

Contact: Karim Derrick

Related item: Algorithms: from claims automation to emerging risk

Read more items in London Market Brief - October 2019