Blog Archives

GDPR: New Guidelines on international data transfers

Haven’t we left the EU? Brexit may be done, but in many respects it is far from being dusted. Business relationships with the EU bloc of countries remain of critical importance to UK businesses, since the EU is still the …

Posted in Longer Reads | Tagged , , | Leave a comment


Turkish Language | An overview of our services supporting ambitious, often owner managed businesses, investors and entrepreneurs in building, operating and scaling enterprises from early stage right through to exit.


Covid update: déjà vu – working from home again

Following the Prime Minister’s announcement on 8 December 2021 (the “Announcement”), the government has once again requested that anyone who is able to work from home does so from 13 December 2021. Those who are not able to work from …

Posted in Shorter Reads | Tagged , , | Leave a comment

ESG and Data Protection

Investors and the wider public are increasingly gravitating towards businesses that prioritise Environmental, Social, and Governance (ESG) credentials. Discussions around ESG investing commonly focus on factors such as minimising carbon emissions and broadening the diversity of staff and board members. …

Posted in Shorter Reads | Tagged | Leave a comment

ESG and the Private Investor

In this recording of our recent virtual debate we discuss the extent to which the Environmental, Social and Governance (ESG) credentials of a company or investment are considered when making investment decisions. Chaired by Collyer Bristow’s Janine Alexander and Ragavan …

Posted in Videos | Leave a comment

Disputes risks for FS firms: ‘greenwashing’ and ESG reporting obligations

Companies are increasingly feeling the pressure of mounting public interest in Environmental, Social and Governance (ESG) issues. Financial services firms are no exception and in fact find themselves at the epicentre. ESG concerns are wide-ranging, spanning climate change, diversity and …

Posted in Longer Reads | Tagged , , | Leave a comment

First, sack all the IP lawyers.

In an article in the Times the argument is made that the true value and potential of intellectual property rights to the UK economy is being stifled by IP laws that are not fit for purpose, and that lawyers are in some way both ignorant of the economic value of patents to business owners and guilty of undermining entrepreneuralism.As one of the comments in response to this article notes, it is incorrect to blame patent law, which does permit the transfer, licensing and securitisation of patents (which is also true of other IP rights) and it is also incorrect to state that IP rights are not traded. Furthermore, the suggestion that (IP) lawyers are in some way complicit in this failure to realise value from IP rights is not a picture that I recognise in any way, shape or form.From my perspective, the problem is neither the law nor the lawyers. The difficulties are much more complex than the article seems to suggest. There is still a widespread under-appreciation in most businesses of the importance and value of intellectual property rights. Relatively few businesses either audit or carry out a valuation of their IP rights. If it is done at all, it tends to happen only at the point when a business, together with its IP rights, is being prepared for sale. There are a number of valuation methodologies that are used to put a price on those rights, but a full appreciation of the nuances that tend to be applied in those methodologies is rarely shared equally by valuers and rights owners. In addition, IP rights are not only time-bound (20 years for most UK patents, for example), but susceptible of having their value removed at a stroke. This can happen if a particular IP right is found to be invalid, or to require a licence from a third party, or to be an infringement of other rights. The risk of this happening clearly has an impact on value, and IP lawyers frequently advise on the scope and nature of such risks, as well as recommending steps to mitigate those risks in order to maximise value.  The article also implies that IP is not traded in the same way that commodities are traded. While this is far less common in the UK that in the US, it is untrue that it does not happen at all, but rather that the practical and economic (as well as legal) problems mentioned above make this an exercise fraught with difficulty and the risk that the stated value is or becomes illusory. Securitisation of copyright does happen in the music industry, where an established artist sells the right to the income from exploitation of recordings of their back catalogue, but even that cannot be regarded as a completely safe investment. The value of Taylor Swift’s original recordings has presumably been seriously impacted by her re-recording her early songs.The suggestions in the article that innovative companies will look to the US or South Korea for valuation, and that valuation in Europe “is even more hidebound” are too simplistic to be taken at face value. IP rights are mostly national, which means that different legal regimes apply to them in every country. The “Chanel” trade mark has to be registered in every country where branded products are sold. While there are international agreements, conventions and protocols which introduce a degree of harmonisation, the process is far from complete. So the suggestion that a single country can produce a mechanism for monetisation of IP rights that works equally well worldwide is more than a little misleading.The article does argue for early valuation of IP rights, with which I fully agree, but there also needs to be a continuing review, by means of an IP audit of what rights exist in the business; whether they are owned or licensed; whether they are susceptible to competitive threats and what their expected life might be. IP Valuers and lawyers also need to engage business owners in a continuing discussion about different opportunities to realise that value and to promote learning and understanding that different exploitation models are likely to result in different levels of risk and different levels of reward.Far from being barriers to exploitation of IP rights, IP lawyers working with IP valuers are one of the most important professional services that a business needs to engage with in order to maximise value and minimise risk.

Posted in Shorter Reads | Leave a comment

Is your personal data safe on Zoom?

Over the course of the Pandemic, Zoom, together with other video conferencing applications, has become an indispensable business tool. But the platform has been beset by reports of a number of security and privacy problems.  “Zoom bombing”, where a private Zoom meeting is hijacked by uninvited outsiders (or even invited participants), who disrupt or post offensive material within the meeting, has affected a growing number of users.Better security measures, both within the platform and applied by meeting organisers, seems to have largely resolved this particular problem but others are still only partially resolved, or not at all. A helpful article on the Tom’s guide website (Zoom security issues: Here’s everything that’s gone wrong (so far) | Tom’s Guide) provides a detailed, and quite lengthy, list of the issues and their current status.As with the recent report about the Estate Agent’s video of a house in Devon that showed a large quantity of the personal data of the house owners, using a video conference facility needs some prior thought and planning.  Apart from your personal appearance and positioning, what else is visible on screen when you have your camera on?  If it includes personal material such as family photographs or confidential documents, or items such as an asthma inhaler or a stairlift that would indicate particular heath problems, it would be very sensible to make sure that these cannot be seen.If a business wishes to introduce some new technology it should carry out a detailed data privacy impact assessment.  At a more basic level, some simple pre-planning and checks can and should be applied by individuals as well. Use of passwords and two-factor authentication are recommended.  Of course, these steps will only help if the Zoom bomber is not invited.  It seems that increasing numbers of meeting-disrupters are invited participants, so in those cases there need to be effective steps for such participants to be muted or removed from the meeting.  Since November 2020 Zoom has now improved its functionality on these issues.The article concludes that Zoom is much safer than it was, and that the problems it has experienced and had to resolve have helped to make it a safer and better video conference platform.  So the message is to carry on using Zoom, but just take some sensible precautions to minimise the risks of inadvertent or unauthorised disclosure of personal data.

Posted in Shorter Reads | Leave a comment

Firmware cyber-attacks: the next big thing?

An interesting article in the BBC news highlights a lesser-known, but potentially devastating cyber-threat for medium to larger businesses – a hack into their computer firmware.  A survey conducted by Microsoft has found that 80% of firms have experienced a firm ware attack in the past 2 years, but less than a third of security budgets are allocated to protect firmware. In addition, the US National Institute of Standards and Technology has recorded a 5 fold increase in firmware attacks in the last 4 years. Covid lockdown has created an environment where the time and trouble needed to arrange such an attack has become much less of a problem for cyber-criminals.Firmware is the inbuilt code which controls each component in a PC.  It is harder to access than software, but if infiltrated it can be almost impossible to detect, and may leave no trace. Regular patch updates for the firmware as well as the software can reduce the risk of an attack succeeding, but because it is more complicated to put in place, it may be overlooked or delayed.While the risk is only likely to be significant for medium to large size businesses, it is clearly a growing threat that should be considered as part of the data risk management strategy of all larger businesses. With more staff working from home and connecting remotely to work servers, each external device which connects provides an opportunity for hackers. Steps that should be taken include a review of how and through which devices employees connect to the central system, a reassessment of technical and organisational cyber-security measures to ensure that firmware protection is given sufficient prominence, and further training for employees to raise awareness of the risks and ensure that they take the necessary steps to keep any authorised personal devices up to standard with recommended protection measures. This last is perhaps the most important, since most cyber-breaches and data breaches occur as the result of human error, inattention or carelessness.

Posted in Shorter Reads | Leave a comment

Post-Brexit breathing space for EU-UK transfers of personal data

Even though celebrations to welcome in 2021 were rather muted in light of the ongoing pandemic, the New Year did bring some good news to businesses in the United Kingdom and the European Economic Area (EEA) in respect of personal data transfers.Prior to the end of the Brexit transition period, the issue of how to ensure ongoing personal data transfers from the EEA to the UK in 2021 was causing a headache for many businesses. Although the UK’s position was that transfers of personal data to the EEA could continue as usual without any additional legal hurdles after Brexit, this position was not mirrored by the European Union in respect of flows of personal data from the EEA to the UK.While the last-minute post-Brexit Trade and Co-operation Agreement between the EU and the UK does not grant an adequacy decision to the UK in respect of transfers of personal data, Article FINPROV.10A does provide for a grace period for transfers of personal data from the EEA to the UK. Initially this grace period will last for four months, unless in that time the UK has obtained an adequacy decision from the EU in respect of data protection. If it hasn’t, then the grace period will be extended by a further two months (provided both the UK and the EU agree) to allow further time to finalise an adequacy agreement.This is welcome news to businesses, who can now continue to transfer personal data between the UK and the EU for the next four to six months without requiring additional measures as a result of the UK having become a ‘third country’. The fact this has been agreed gives a positive indication that both sides are serious about reaching an adequacy decision as soon as possible. However, there is no guarantee an adequacy decision will be reached, and the grace period will only continue as long as the UK does not amend its own data protection legislation to diverge from rules applicable in the EU. Organisations for whom such data transfers are critical would therefore be well advised to consider alternative arrangements in case no such adequacy decision materialises by the end of the grace period.

Posted in Shorter Reads | Leave a comment