CyberProtect

Our prevention offering covers:

• IT Security Audit, in conjunction with IT security specialists, to identify vulnerabilities.
• Recommendations for strengthening systems and procedures against breaches.
• Training to ensure compliance with the UK GDPR, Data Protection Act 2018 and legal duties in relation to fraud.

Our team supports you throughout a cyber incident, including:

• Guidance on the immediate steps in the event of an incident.
• Advice on which regulators will be involved, their powers and how to manage regulatory investigations.
• Advice on how best to deal with clients/customers, handle any media attention and minimise reputational damage.
• Leading on internal investigations to understand what happened and to identify required remedial action.

We can advise on the consequences of a cyber incident. We provide strategic advice designed to protect reputation. BTO’s solicitors regularly conduct cases in all the Scottish courts. We can represent your interests in respect of any relevant claims or enforcement action following a cyber incident. Our Financial Crime and Investigations experts have decades of experience in advising on fraud incidents, including cyber frauds.

Our team will:

• Provide guidance through any regulatory investigation and enforcement action to best protect your business.
• Investigate how a breach occurred and provide advice on how best to mitigate losses and seek recovery of lost or misappropriated data or funds.
• Advise on recovery strategies.
• Minimise your exposure to claims for data that has been compromised.
• Advise on measures to prevent a future recurrence.

Advising clients on an urgent basis where their systems had been compromised, under particular reference to the effects of hacking or ransomware. Also advising on practical steps to be taken to minimise risk including preparing a breach response plan and penetration testing.

Advising on how to avoid / what to do in the event of an attack.

Liaising with the Information Commissioner’s Office (ICO) in respect of complaints and investigations. Acting as the interface between our clients and the ICO in terms of assessing whether a breach is self-reportable, drafting the necessary reports and advising on whether the data subjects require to be informed.

Appeals  against ICO monetary penalty and enforcement notices (DPA, UK GDPR and PECR).

Unique experience in Scotland in relation to pursuing and defending compensation claims resulting from data breaches.

Advising the private and public sectors on SARs and claims raised by data subjects.

Advising several public sector organisations in relation to complex and controversial Freedom of Information (Scotland) Act requests, supporting their governance procedures when an exemption applies. Also advising third party private organisations to provide comment when a request has been made for their information after it has been provided to a public sector body.

Regularly acting in civil claims intimated following the perpetration of a payment instruction fraud. Our specialist Financial Crime team also regularly engage with Police Scotland’s Economic Crime Unit in relation to the criminal aspects of cyber frauds.