Home / People / Dr. Loretta Pugh

Dr. Loretta Pugh

Partner

Portrait ofLoretta Pugh

Dr. Loretta Pugh

Partner

Contact
CMS Cameron McKenna Nabarro Olswang LLP
Cannon Place
78 Cannon Street
London
EC4N 6AF
United Kingdom
Languages English

Loretta is a specialist data protection and cyber security partner with a background in IT.  Advice ranges from general compliance to highly strategic and business critical matters.  These may be domestic or involve the coordination of international advice.  Loretta is known for her strong technical ability coupled with application to her clients’ specific business scenarios in a pragmatic manner. Loretta has a particular interest in the exploitation of data and the use of new technologies, including AI and other data analytic solutions. In the sphere of cyber, her work includes incident response planning, assessment of cyber solutions, and advising following a data breach.  She has been involved in several high profile ICO investigations.

Loretta has spoken on data protection and cyber and produced a number of articles, including in relation to the GDPR and the NIS Regulations.

Loretta is a member of the United Nations Legal Task Team on Privacy Preserving Techniques, the techUK Data Protection Working Group and International Association of Privacy Professionals (IAPP).  Loretta is recognised as a ‘Next Generation Partner’ and ‘Key Lawyer’ in Legal 500 for data protection, privacy and cyber security.  

more less

"Next Generation Partner."

Legal 500

"Loretta Pugh is knowledgeable in the field of new technologies, including AI."

Legal 500

"Next Generation Partner."

Legal 500

"Loretta Pugh is knowledgeable in the field of new technologies, including AI."

Legal 500

Relevant experience

  • A major technology company on its planned roll out of mobile app based COVID vaccination passes in 24 jurisdictions.  Advice was first provided for the UK and coordinated for the other jurisdictions.
  • An insurance company in relation to international data transfers in the context of a reinsurance with a US counterparty.  Advice included advising on changes to the international transfers regimes in the EU and UK, performing transfer risk assessments and accommodating future changes to transfer rules.
  • A global health brand on its online marketing operations, including in relation to AdTech and cookies.
  • A real estate company in relation to an ICO investigation on the use of facial recognition technology in public places.
  • A pharmaceutical company in the context of an investigation by the Competition and Markets Authority.
  • A high street fashion chain on data breach planning and approaches to mitigate compliance risks in relation to breach incidents.
  • A global tech company following a cyber-attack impacting 395,000 individuals in 73 jurisdictions.  Advice included from shortly after the breach had been discovered (including coordinating the various impacted jurisdictions), regulator and data subject notifications, and subsequent regulator investigations.   
  • A FTSE 100 company on its data protection policies and procedures; and the development of a data governance framework. 
  • Numerous companies following the exercise of data subject requests, including data subject access requests in the context of litigation and employee disputes.
  • An energy company in relation to requests under the Freedom of Information Act 2000 and Environmental Information Regulations 2004.
more less

Memberships & Roles

  • United Nations Legal Task Team on Privacy Preserving Techniques
  • techUK Data Protection Working Group
  • International Association of Privacy Professionals (IAPP)
more less

Publications

  • Implications of the General Data Protection Regulation (GDPR) for Detecting Infringement of Artificial Intelligence (AI) Patents; EPI Information (Publication of the European Patent Institute); Sep 2018
  • Network and Information Systems Regulations—contractual implications; LexisPSL; Aug 2018
  • GDPR and AI Patents; CIPA Journal (Journal of the Chartered Institute of Patent Attorneys), Volume 47, No. 7-8; Jul 2018
  • GDPR: Implications for Real Estate; Property Law Journal; May 2018
  • Network and Information Systems Regulations and the cloud; LexisPSL; May 2018
  • Data protection under the draft Brexit withdrawal agreement; LexisPSL; Apr 2018
  • The UK Government responds to the NDG and CQC recommendations; Digital Health Legal; Sep 2017
  • International Data Flows and the New EU-US Privacy Shield; National Outsourcing Association Yearbook 2016; Jan 2016
more less

Education

  • Postgraduate Diploma in Intellectual Property Law and Practice, University of Oxford
  • Legal Practice Course (Distinction), BPP Law School
  • Graduate Diploma in Law (Distinction), Anglia Law School
  • Ph.D. (Optoelectronics), University of Cambridge
more less

Expertise

Feed

18/04/2024
In View: Life Sciences & Healthcare - What's new in AI Regulation and Data...
 We are delighted to invite you to the CMS In View: Life Sciences & Healthcare - What’s New in AI Regulation and Data Protection? event taking place on Thursday 18 April at our London Cannon Place offices. The seminar will focus on key AI and data protection topics relevant to life sciences and healthcare where you will hear from industry and regulatory experts from the ICO, Health Research Authority, UCL, the Wellcome Trust and CMS UK specialists. If you would like to attend this event, please register via the button below.
Event Artificial Intelligence
20/11/2023
Data protection and cybersecurity laws in the United Kingdom
Data protection 1. Local data protection laws and scope The Data Protection Act 2018 (“DPA”) covers general processing of personal data in the UK. The DPA supplemented the EU General Data Protection...
Expert Guide TMT - Technology, Media & Telecommunications
Comparable
17/10/2023
UK-US data bridge now live: What do you need to know?
The UK-US data bridge (live from 12 October 2023) offers a new streamlined option for transfers of personal data from the UK to the US in the case of participating companies. This follows an assessment...
Law-Now Data Protection & Freedom of Information
15/11/2022
International transfers of personal data: ICO update on UK Binding Corporate...
In late July 2022, the office of the UK data protection regulator, the Information Commissioner’s Office (ICO), issued new guidance on applying for and receiving approval for UK Binding Corporate Rules...
Law-Now Data Protection & Freedom of Information
20/08/2021
ICO consultation on international data transfer guidance and tools
On 11 August, the ICO launched a consultation on international data transfers and published a draft ‘International Transfer Risk Assessment and Tool’, and a draft ‘International Data Transfer Agreement’...
Law-Now Data Protection & Freedom of Information
23/07/2021
GDPR 3 years on – The greatest hits (and misses)
More than three years have passed since the GDPR applied and a lot has happened in the world of data protection during that time – fines, class actions, court challenges and more. We give our “playl­ist”...
Law-Now GDPR
16/07/2021
Data protection update: latest developments on EU and UK transfers
Background On 28 June 2021, the European Commission issued two EU adequacy decisions finally bringing to an end the uncertainty over whether transfers of personal data from the EU to the UK could continue...
Law-Now Data Protection & Freedom of Information
15/07/2021
New EU Standard Contractual Clauses: 10 things to know and implications...
Last month, the EU Commission published the new standard contractual clauses for the transfer of personal data from the EU (the “New EU SCCs”). The New EU SCCs will replace the previous standard...
Law-Now Data Protection & Freedom of Information
14/07/2021
Real Estate Rebound: a tech-accelerated recovery
We invite you to join our virtual panel debate on Wednesday 14 July, where we will explore the key themes identified in our ninth annual thought leadership report: Real Estate Rebound: a tech-ac­cel­er­ated...
Event Webinar
25/05/2021
Managing investigations: planning pressures and pitfalls video series
With more internal reporting of concerns within businesses thanks to improved training and controls, and with complex regulatory, criminal and HR investigations becoming more commonplace, corporates need...
Publication
12/05/2021
Watch On-Demand - Managing Investigations Video Series: GDPR and Data Privacy
Our latest video in the Managing Investigations: Planning, Pressures and Pitfalls series is now available to watch on-demand on cms.law. Covering GDPR and Data Privacy in internal investigations, our...
Law-Now Employment & Pensions
23/02/2021
Life Sciences Quarterly Update - Brexit Implications for the MedTech Sector
We are delighted to invite you to our life sciences quarterly update webinar, ‘in view’. Our CMS team will be evaluating the wide ranging impacts of Brexit for those operating in the MedTech sector...
Event Webinar
Load more articles