Keily Blair

Partner

London


Read full biography at www.orrick.com
Keily heads up the Cyber & Data Privacy Enforcement & Litigation Practice in London. Keily works with her clients to navigate crises, and to achieve better regulatory and judicial outcomes in all aspects of international data privacy enforcement and litigation. Keily is ranked as a key practitioner in data protection, privacy and cyber security in Legal 500.

As a litigator, Keily has a different perspective on cyber and data privacy issues.

Keily has led the response to investigations by the UK’s Information Commissioner’s Office, the Irish Data Protection Commission, the FCA, the SFO, the US Department of Justice, the FBI, the SEC and Parliamentary Select Committees. She has also acted as external legal counsel for regulators.

In the civil arena, Keily has led on a number of high-profile contentious matters, including multi-jurisdictional investigations into post-GDPR data breaches, judicial reviews and associated civil litigation.

Keily has represented the private sector at the United Nations and the European Criminal Bar Association. She is committed to improving diversity and social mobility in the legal sector.    

Keily sits on the Law360's 2020 Editorial Advisory Board on Cybersecurity & Privacy and also leads the IAPP Cyber & Privacy Investigations, Enforcement & Litigation Affinity Group.

Prior to joining Orrick, Keily led the Contentious Data Privacy, Law & Strategy practice at PwC having been a litigator at two international law firms before this.

Posts by: Keily Blair

ICO FINES: WHEN IS AN APPEAL APPEALING?

The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and money in responding to the regulatory investigation. As such, there is a real temptation to accept the fine and the accompanying statement from the regulator and move on.

However, in the case of recent regulatory findings, fines and intentions to fine issued by the UK’s Information Commissioner’s Office (the “ICO”) against British Airways, Marriott and Dixons Carphone, all three  companies have appealed or indicated an intention to appeal despite the significant difference in the levels of the fines/intentions to fine. In our view, this is related to the spectre of an emerging class action litigation culture in the UK that increases the stakes for any company facing negative regulatory findings.

In this UK-focused blog we explore the potential motivation behind these decisions to appeal, why we expect to see more companies taking this approach in the future, and the steps to be taken in order to appeal decisions by the ICO and we also consider whether the companies that have failed to appeal and are now facing class actions made the right decision when they elected not to appeal.

READ MORE