Mark specialises in information law. He has advised public and private sector bodies on data protection (DP), freedom of information (FOI) and related laws for over 20 years both in-house (including in the Government Legal Service, Metropolitan Police Service, London Underground and Barclaycard) and in private practice. His practice covers contentious, non-contentious and regulatory work.
Mark has advised a wide range of organisations (in the UK and overseas) on compliance with the DP including under the DPA 1984, DPA 1998, GDPR and DPA 2018. He has advised public sector organisations on their obligations under FOI and Environmental Information Regulations and also private sector clients on how to use the same legislation to obtain information.
Mark has worked on complex collaborations between the private and public sector including data sharing agreements.
He has advised clients on compliance with standards and codes of practice e.g. NHS and private healthcare providers on compliance with NHS Information Governance requirements and local authorities on the Payment Card Information Data Security Standard. He has advised the private and third sector clients on compliance with standards including the Direct Marketing Association’s Code, the Advertising Standards Authority’s CAP Code, the Financial Conduct Authority’s Handbook and the Fundraising Regulator’s Code.
Mark’s contentious practice includes advising clients under investigation by regulators including the UK’s ICO, overseas data protection regulators and other bodies. His practice has involved appeals to the First-tier Tribunal, Upper Tribunal and in the courts.
Mark writes and speaks on information law. He is a member of several industry groups in the technology sector. He is a Member of the Society for Computers and Law.
Examples of experience include advising:
- numerous private, public and third sector clients on GDPR compliance projects
- financial services clients on the Second Payment Services Directive, Regulations and technical standards
- essential service provider on compliance with the Network and Information Systems Regulations and the NIS Directive
- major UK charity on GDPR and PECR compliance
- clients on the investigation, containment and management of breaches of information law
- clients under investigation by regulators, including the Information Commissioner’s Office and the Financial Conduct Authority
- private and public sector bodies on information sharing arrangements
- transport organisations on the implications of FOI and the Environmental Information Regulations
- private sector clients on disclosure of confidential information to public sector bodies including regulators
- retailers and other commercial bodies on loyalty schemes, direct marketing and use of affiliate marketing
- pharmaceutical industry on the interaction of privacy laws and drugs testing regulations.
“...highly regarded for his experience in global data compliance projects, freedom of information, cyber breaches and data projects.”