About Information Law
Lexis®+ Information Law is an online practical guidance product for contentious and non-contentious lawyers dealing with Data Protection, Confidential Information, Privacy, Cybersecurity and Freedom of Information issues.
Data protection
Get a good background to data protection law and view practical guidance focused on data protection matters for commercial transactions. See also our UK GDPR compliant pro-party clauses for use in commercial agreements.
Confidential Information
Protect trade secrets and know-how using the law of confidentiality. Get information and a set of pro-party confidentiality agreements here.
Key information law developments
View a range of trackers to enable horizon scanning and monitoring of key developments. The trackers are maintained - making them useful for keeping up-to-date and for business development.
Lexis+® Information Law
It’s our online practical guidance product for contentious and non-contentious lawyers dealing with Data Protection, Confidential Information, Privacy, Cybersecurity and Freedom of Information issues.
Our Information Law Experts
Adam Gillert
Hamish Corner
Anthony Taylor
Jon Bartley
Hazel Grant
Latest Information Law News
The Council of the European Union (EU) has adopted a decision authorising the European Commission and member states to sign the United Nations...
Information Law analysis: This case involved an appeal concerning whether pseudonymised data must always be treated as personal data under Regulation...
MLex: The European Commission will issue guidelines on how the EU AI Act interacts with other EU laws such as the EU GDPR, product safety legislation,...
Commercial analysis: In today’s hyperconnected world, cyber risk is no longer a peripheral concern—it’s a central business issue for the vast majority...
The UK Upper Tribunal (UT) has ruled in favour of the Information Commissioner’s Office (ICO) in its appeal against the First-tier Tribunal (FTT)...
Latest Information Law Practice Notes
Artificial intelligence (AI) resource kitThis resource kit contains a list of the key practical guidance available across Lexis+® UK that deals with...
UK GDPR and EU GDPR—transfers of personal data internationally and to international organisationsFORTHCOMING CHANGE: On 19 June 2025, the data (Use...
Children and data protection law—the age appropriate design code (children’s code)FORTHCOMING CHANGE: On 19 June 2025, the Data (Use and Access) Bill...
Children and data protection lawFORTHCOMING CHANGE: On 19 June 2025, the Data (Use and Access) Bill received Royal Assent, becoming the Data (Use and...
List of data protection clauses and agreements for commercial transactions and personal data processing and sharingThis Practice Note is a...
Latest Information Law Precedents
Records management policy1Introduction1.1Maintaining business records in a methodical and reliable way is essential to comply with our legal and...
Data protection privacy notice (recruitment)FORTHCOMING CHANGE: The Information Commissioner’s Office (ICO) has published draft guidance on...
Data protection privacy notice (employment)[Insert name of organisation]Data protection privacy notice (employment)This notice explains what personal...
Policy—data protectionFORTHCOMING CHANGE: The Data (Use and Access) Act 2025 (DUAA 2025), which received Royal Assent on 19 June 2025, includes (among...
Records retention schedule1Introduction1.1This Record retention schedule accompanies and is incorporated into [insert organisation’s name]’s Records...
Latest Information Law Q&As
Featured Information Law content
The UK General Data Protection Regulation (UK GDPR)—Navigator [Archived]
The UK General Data Protection Regulation (UK GDPR)—NavigatorThis Practice Note serves as a reference guide to the Retained Regulation (EU) 2016/679...
Privacy law—misuse of private information
Privacy law—misuse of private informationThe tort of misuse of private information is focused on ‘the protection of human autonomy and dignity—the...
Confidentiality agreement—mutual
Confidentiality agreement—mutualThis Agreement is made on [date]Parties1[insert name of party] [of [insert details ] OR a company incorporated in...
The Information Commissioner’s Office (ICO)
The Information Commissioner’s Office (ICO)The Information Commissioner’s Office (ICO) is the UK’s independent regulator designed to uphold...
The UK General Data Protection Regulation (UK GDPR)
The UK General Data Protection Regulation (UK GDPR)This Practice Note provides a summary of the UK GDPR regime. For a higher-level introduction to UK...
Are recorded conversations between lay people legal and can they be used in legal proceedings?
Is it standard for a non-disclosure agreement to contain liability limitations (eg for loss of information and/or breach) and what arguments could be used to seek to remove any such provisions added by another party?
In the context of confidentiality agreements, what constitutes an ‘indirect’ disclosure? Is it necessary to specifically use the word ‘indirect’ to capture all types of disclosure by the main disclosing party?
Letter of claim—breach of confidence
Letter of claim—breach of confidence[Insert name and address of recipient]Dear [insert organisation name],[Name of client] and confidential...
Trade secrets and confidential information—protection and enforcement
Trade secrets and confidential information—protection and enforcementThis Practice Note sets out the protection available for trade secrets and...
Introduction to the EU GDPR and UK GDPR
Introduction to the EU GDPR and UK GDPRThis Practice Note provides a high-level introduction to the EU’s General Data Protection Regulation,...
Data protection, privacy and confidential information case law tracker
Data protection, privacy and confidential information case law trackerThis Practice Note tracks noteworthy High Court, Court of Appeal and Supreme...
Commercial use of photographs—data protection and privacy issues
Commercial use of photographs—data protection and privacy issuesThis Practice Note addresses issues affecting professional photographers taking...
Letter of claim—breach of data protection law
Letter of claim—breach of data protection law[Insert name and address of recipient]Dear [insert organisation name],[Name of client] and breach of data...
What does IP completion day mean for Information Law? [Archived]
What does IP completion day mean for Information Law? [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.11 pm (GMT) on 31...
Confidential information, privacy and injunctions
Confidential information, privacy and injunctionsThis Practice Note deals with the general principles of obtaining an injunction relating to...
The Data Protection Act 2018
The Data Protection Act 2018This Practice Note introduces the UK’s Data Protection Act 2018 (DPA 2018).For higher-level introductions to data...
Is someone’s voice personal identifiable information under GDPR? If someone is to do a voice over for content of some training for a business, would a consent form be needed?
Associated legal terms
‘Confidential Information’—one-way—pro-discloser
means all information of a confidential nature (in whatever form) which relates to the Purpose and is received or acquired (whether directly or indirectly) by [Party B][, its Authorised Persons][ or its Affiliates] including: (a) any know-how, trade secrets, financial, commercial, technical, tactical or strategic information of any kind; (b) all information produced, developed or derived from information disclosed pursuant to this Agreement; (c) all information agreed to be, or marked as, confidential; (d) the information specified in Schedule [insert Schedule number] to this Agreement; (e) any information [Party B][, its Affiliates][ or [its OR their ]Authorised Persons] knows, or could reasonably be expected to know, is confidential; and (f) [the terms and existence of this Agreement.] but excluding any information which: (a) is, or was already known or available to [Party B], otherwise than pursuant to or through breach of any confidentiality obligation owed to [Party A]; (b) is, or becomes, in the public domain other than through any breach of this Agreement (save that any publicly available information shall be classified as Confidential Information where it is compiled in a form that is not in the public domain); (c) is disclosed to [Party B] without any obligation of confidence to [Party A] by a third party who is not itself under or in breach of any obligation of confidentiality; (d) is developed by or on behalf of [Party B] in circumstances where the developing party has not had direct or indirect access to the information disclosed, provided that [Party B] provides satisfactory evidence of the same to [Party A]; (e) [Party A] agrees in writing does not constitute Confidential Information.
Banking and financial market infrastructure sector
Under the NIS Directive, organisations operating in the banking and financial market infrastructure sectors (such as banks and credit institutions, or operators of trading venues or central counterparties) were included as OESs. Article 1(7) of the NIS Directive permitted EU Member States (which at the time included the UK) to limit the scope of the NIS Directive for certain sectors where existing legislation provided equivalent measures to those specified in the NIS Directive. Therefore, the NIS Regulations have never covered the banking and financial market infrastructure sectors on the basis that firms operating in those sectors must continue to adhere to requirements and standards as set by other regulatory regimes.
Telecommunications operator
“Telecommunications operator” means a person who— (a) offers or provides a telecommunications service to persons in the United Kingdom, or (b) controls or provides a telecommunication system which is (wholly or partly)— (i) in the United Kingdom, or (ii) controlled from the United Kingdom.
CONTACT US
