UK Information Commissioner’s Office Issues Warning on Ransomware Payments
On July 8, 2022, the UK Information Commissioner’s Office (UK ICO) together with the UK National Cyber Security Centre (NCSC), published a joint letter asking the Law Society of England & Wales to remind its members that they should not advise clients to pay ransomware demands should they fall victim to a cyber-attack. The Law Society of England & Wales is the professional body for all solicitors in England & Wales.
The letter clarifies that the UK ICO does not consider that payment of a ransomware demand protects the affected personal data, and that the UK ICO will not take into account such payments as a mitigating factor when considering the type or scale of enforcement action, such as the imposition of monetary penalties.
