David Cook

• Advised over 150 organisations on cyber security incident response, often involving advice on regulatory investigation, government and law enforcement engagement, and engaging with affected individuals and media.
• Represented numerous organisations subject to investigation and enforcement under both the Data Protection Act 1998, the GDPR (as applicable in the EU), and the UK GDPR, including:
  • Under both voluntary audit and compulsory audit by way of Assessment Notice.
  • With respect to compliance with an Information Notice.
  • On the imposition of a Monetary Penalty Notice.
  • Providing advocacy by way of Oral Representations to the Head of Enforcement at the ICO. 
  • In appeal before the First-Tier Tribunal.

• Represented numerous organisations subject to formal investigation and enforcement for cyber security incidents, including under the data protection legislation but also by way of the FCA Handbook and PRA Rulebook, and under the Network and Information Systems Regulations 2018.
• Successfully engaged with the National Cyber Security Centre on behalf a tech vendor, which led to reform of the Cyber Essentials and Cyber Essentials Plus assessment frameworks.
• Acted for numerous FTSE100 and listed companies in relation to litigation as a result of data protection and cyber security issues, ranging from data protection compensation claims, to supply chain litigation, and by way of injunction.
• Acted for organisations in relation to traditional common law privacy torts, including breach of confidence and misuse of private information claims.
• Successfully represented organisations before the High Court, including obtaining injunctive relief and then subsequently the delivery up of unlawfully held confidential material.

Historical matters of note:

• 2009 – Acted for a party alleged to have established an online cyber crime members forum and BitTorrent tracker.  The case was discontinued on the basis of a challenge to the technical evidence.
• 2010 – Acted for a party alleged to have established an online cyber crime members forum and webtorrent-based file sharing service.  The case was discontinued on the basis of a challenge to the technical evidence.
• 2011 - Acted for a party before the Leveson Inquiry into the culture, practices, and ethics of the press.  The case against the client was discontinued without the individual having to give evidence.
• 2012 – Represented an individual alleged to have been responsible for a significant cyber security incident affecting an online retailer.
• 2013 – Provided expert evidence on behalf of a high-profile sportsperson in the top tier national division in respect of allegations of “hacking”.
• 2013 – Successfully represented a prominent politician in respect of allegations of “hacking”.
• 2013 – Successfully represented a party in the first appeal of a monetary penalty issued by the Information Commissioner’s Office under PECR. 
• 2014 – Negotiated on behalf of a white hat hacking group in securing a bug bounty from a well-known global tech platform having discovered a vulnerability in its customer gateway portal.