2017, Exercises and Personal data - Information Management Today

UK ICO Fines Equifax for 2017 Breach

Hunton Privacy

SEPTEMBER 24, 2018

Recently, the UK Information Commissioner’s Office (“ICO”) fined credit rating agency Equifax £500,000 for failing to protect the personal data of up to 15 million UK individuals. The data was compromised during a cyber attack that occurred between May 13 and July 30, 2017, which affected 146 million customers globally.

Personal data

Personal data Passwords Compliance Risk

CNIL Unveils 2017 Inspection Program and 2016 Annual Activity Report

Hunton Privacy

MARCH 29, 2017

On March 28, 2017, the French Data Protection Authority (“CNIL”) published its Annual Activity Report for 2016 (the “Report”) and released its annual inspection program for 2017.

Personal data

Personal data Healthcare GDPR Insurance

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

The breaches included various instances of inappropriate system access, accidental and inappropriate disclosure of personal data by email and unauthorised disclosure of data. Tusla collects and processes highly sensitive, often special category data concerning children, vulnerable women and families across Ireland.

GDPR

GDPR Personal data Government Paper

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

HL Chronicle of Data Protection

FEBRUARY 28, 2018

During the occasion, Roskomnadzor officers presented on the authority’s 2017 enforcement activities. 2017 Roskomnadzor Enforcement Highlights. The Roskomnadzor looked into the data subjects’ complaints and found violations of applicable data protection laws in 5.4% We summarize the key takeaways below.

Personal data

Personal data Data Privacy Privacy Risk

Update of Japan’s Privacy Law Approved by Cabinet

HL Chronicle of Data Protection

MARCH 31, 2020

On Tuesday, March 10, the Japanese Cabinet approved a bill to revise the Act on the Protection of Personal Information (“APPI”), which would require companies to take certain additional measures to protect personal data of data subjects. The last update came into force in May 2017.

Privacy

Privacy Personal data Big data Data collection

China’s evolving data laws: PIPL likely to be passed soon

Data Protection Report

AUGUST 5, 2021

The PIPL – which will add another layer of compliance obligations on processors of personal information – will supplement and further strengthen the developing regulatory regime, which consists of the 2017 Cyber Security Law ( CSL ) and the DSL once enacted.

Privacy

Privacy Compliance GDPR Personal data

CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach

Hunton Privacy

DECEMBER 27, 2018

On December 20, 2018, the French data protection authority (the “CNIL”) announced that it levied a €400,000 fine on Uber France SAS, the French establishment of Uber B.V. for failure to implement some basic security measures that made possible the 2016 Uber data breach. On November 21, 2017, Uber Technologies Inc. Background.

Data breaches

Data breaches Personal data Security Access

Working Party Adopts Revised Guidelines on Data Portability, DPOs and Lead SA

Hunton Privacy

APRIL 12, 2017

On April 5, 2017, the Article 29 Working Party (“Working Party”) adopted the final versions of its guidelines (the “Guidelines”) on the right to data portability, Data Protection Officers (“DPOs”) and Lead Supervisory Authority (“SA”), which were first published for comment in December 2016.

Personal data

Personal data GDPR Metadata Compliance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”.

GDPR

GDPR Personal data Compliance Privacy

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

Finally, the controversial provisions regarding legitimate interest, introduced with the Budget Law at the end of 2017 are in fact repealed, so that the notification obligation to the Garante shall apply only in case of change of the name of minors. The provisions relating to specific processing of personal data (e.g.

GDPR

GDPR Personal data Privacy Communications

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

Data Matters

OCTOBER 20, 2017

On 4 October 2017 the Article 29 Working Party (“ WP29 ”) published its final Guidelines on Data Protection Impact Assessment (“ DPIA ”) which were initially released in draft form in April 2017.

GDPR

GDPR Personal data Risk Data collection

Avoiding, Managing And Responding To Cyber Incidents

Data Protection Report

NOVEMBER 2, 2023

In 2017, Equifax Inc, suffered a cybersecurity breach, with hackers able to access the personal data of around 13.8 million individuals, including dates of birth, phone numbers, partially exposed credit card details and residential addresses.

GDPR

GDPR Risk Cybersecurity Compliance

European Commission Publishes its First Annual Review of EU-U.S. Privacy Shield

Data Matters

NOVEMBER 6, 2017

Privacy Shield has survived its infancy, although the October 18, 2017 European Commission report on its first annual review of the functioning of the EU-U.S. continues to ensure an adequate level” of protection for personal data transferred under the Privacy Shield from the EU to the U.S. The EU-U.S. Privacy Shield if the U.S.

Privacy

Privacy IT Compliance Personal data

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

Turkey continues to develop a legal framework on data protection. The Regulation was then followed by a set of guidelines detailing the process and methods of deletion, destruction and anonymization of personal data (the “ Guidelines ”). Establishment of the Data Protection Board & Early Board Activity. Definitions.

Personal data

Personal data Paper Encryption Cloud

German BGH Ruling On Consent For Cookies And Third-Party Advertising

Hunton Privacy

JUNE 1, 2020

In October 2017, the BGH suspended its proceedings and submitted questions to the Court of Justice of the European Union (“CJEU”) for a preliminary ruling regarding the effectiveness of obtaining consent for the use of cookies through a pre-ticked checkbox. Read the BGH’s press release (in German).

Marketing

Marketing Personal data Analytics Communications

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

*This post originally appeared in Law 360 on October 24, 2017. Securities and Exchange Commission has issued specific guidance on disclosures related to cybersecurity risk and incidents[2] and the manner in which boards exercise responsibility for overseeing and managing risk.[3] We’ve seen it happen time and again. 1] The U.S.

Compliance

Compliance Cybersecurity Risk Government

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

HL Chronicle of Data Protection

JUNE 17, 2019

On 6 June, 2019, the Privacy Commissioner for Personal Data (the “ PCPD “) issued an enforcement notice against Cathay Pacific Airways (and its affiliate Hong Kong Dragon Airlines) (together, “ Cathay Pacific “) in respect of a data breach concerning unauthorized access to the personal data of some 9.4

Personal data

Personal data Data breaches Security Compliance

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4]. Following-up the adoption of the GDPR, the French Law No.

GDPR

GDPR Personal data Communications Government

BELGIUM: NEW DATA PROTECTION COMMISSIONER

DLA Piper Privacy Matters

MARCH 28, 2019

For this reason, it was decided that the members of the former Belgian Privacy Commission would perform the tasks and exercise the power of the BDPA on an interim basis during this transitional period. However, most candidates lacked sufficient knowledge of German, Belgium’s third national language (next to Dutch and French).

GDPR

GDPR Privacy Analytics Personal data

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

Also in January, the ICO (Information Commissioner’s Office) fined Carphone Warehouse £400,000 – one of the largest fines it issued under the DPA (Data Protection Act) 1998 – for multiple security inadequacies that led to a 2015 data breach in which three million customers’ personal data was compromised.

Data breaches

Data breaches Personal data Access GDPR

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The European Commission Fact Sheet and Q&A includes statistics that nine out of ten Europeans have expressed concern about mobile apps collecting their data without their consent, and seven out of ten worry about the potential use that companies may make of the information disclosed. Challenge #1. Challenge #3.

GDPR

GDPR Personal data Compliance Data breaches

Transfer data outside of China: New security review regulation companies should know

Data Protection Report

NOVEMBER 11, 2021

The Cyberspace Administration of China ( CAC ) released the draft Security Review Measures for Cross-Border Data Transfer (the Draft Security Review Measures ) for public comments on 29 October 2021 – shortly before the effective date of the Personal Information Protection Law ( PIPL ), 1 November 2021.

Security

Security Risk Personal data IT

New Belgian Data Protection Act Takes Effect

Data Matters

SEPTEMBER 7, 2018

Since December 2017, however, Belgium has had in place a law implementing many of the more procedural provisions of the GDPR, namely the Act on the Establishment of the Supervisory Authority (the SA Act ). The post New Belgian Data Protection Act Takes Effect appeared first on Data Matters Privacy Blog. Children’s Consent.

GDPR

GDPR Archiving Privacy Compliance

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

The Guidelines supplement the Article 29 Working Party’s Guidelines on the application and setting of administrative fines ( WP253 ) adopted in October 2017 and recommends that the two are read together. Categories of personal data affected (e.g.

GDPR

GDPR Compliance Personal data IT

Trusting your supply chain with personal information

CGI

MARCH 3, 2019

Late in 2017, CGI UK commissioned and directed the Centre for Economics and Business Research (CEBR) and Opinium to conduct a survey and research around attitudes towards and preparedness for GDPR. You should also check the insurance cover of all parties with regard to personal data breaches. Suppliers and GDPR. Conclusion.

GDPR

GDPR Insurance Data breaches Personal data

UK: No ICO notifications, but fees continue under GDPR

DLA Piper Privacy Matters

OCTOBER 6, 2017

The ICO has provided some clarity on how its notification and fee regime will change when the General Data Protection Regulation (“ GDPR “) enters into force from May 2018. The ICO aims to communicate the fees to data controllers by the end of 2017.

GDPR

GDPR Risk Personal data Compliance

One week into GDPR – what you need to know

Data Protection Report

JUNE 4, 2018

billion – roughly 4 percent of each company’s revenue for 2017, the maximum penalty allowed under the GDPR. In statements, both companies defended their data collection practices, saying they fully complied with the new European regulations.

GDPR

GDPR Compliance Personal data Privacy

Singapore proposes changes to cybersecurity and data protection regimes

Data Protection Report

SEPTEMBER 25, 2017

In a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime.

Cybersecurity

Cybersecurity Data breaches Personal data Compliance

FTC Posts Eleventh Blog in Its “Stick with Security” Series

Hunton Privacy

OCTOBER 3, 2017

On September 29, 2017, the Federal Trade Commission published the eleventh blog post in its “Stick with Security” series. This week’s post, entitled Stick with Security: Secure paper, physical media, and devices , highlights the importance of adopting a 360 degree approach to protecting confidential data.

Security

Security IT Paper Encryption

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

The first draft of the ePrivacy Regulation was approved by the European Commission in 2017 and has since been under discussion in the Council. The GDPR also supplements the ePrivacy rules on the protection of personal data.

GDPR

GDPR Metadata Communications Privacy

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

Data Protection Report

OCTOBER 1, 2019

In January 2009, the OPC issued Guidelines for processing personal data across borders setting out its interpretation that a “transfer” of personal information by an organization for processing is a “use” and not a “disclosure” of that personal information. What’s Old is New Again. and Equifax Canada’s Co.’s

Privacy

Privacy Risk Compliance Personal data

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

In the aftermath of the Cambridge Analytica scandal, and in the footsteps of Europe’s General Data Protection Regulation (“GDPR”), California privacy advocates introduced a ballot initiative on October 12, 2017 called “The Consumer Right to Privacy Act of 2018” (No. Right to Opt-Out. New Business Obligations.

Privacy

Privacy Sales Compliance Government

EUROPE: ECJ and responsibility for personal data processing on Facebook fan pages

DLA Piper Privacy Matters

JUNE 13, 2018

In June 2018 the European Court of Justice’s Grand Chamber decided [1] on a long awaited case [2] regarding the responsibility of the administrators of Facebook fan pages, relating to the personal data of visitors to fan pages. 5] [link]. [6] 6] See case C?

Personal data

Personal data GDPR Privacy Risk

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

In the aftermath of the Cambridge Analytica scandal, and in the footsteps of Europe’s General Data Protection Regulation (“GDPR”), California privacy advocates introduced a ballot initiative on October 12, 2017 called “The Consumer Right to Privacy Act of 2018” (No. Right to Opt-Out. New Business Obligations.

Privacy

Privacy Sales Education Compliance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

We want businesses to ensure that their customers and future customers have consented to having their personal data processed, but we also need to ensure that the enormous potential for new data rights and freedoms does not open us up to new threats. How then will we secure adequacy without adhering to the charter?

GDPR

GDPR Personal data Government IT

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

Relatively recent advances in technology — smartphones and social media, in particular — have allowed businesses to collect, store, and find ways to monetize far more personal data than ever before. social security and credit card numbers, employee and patient health data, and customer financial records).”43

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

Hunton Privacy

APRIL 30, 2019

percent compared to the number of complaints in 2017). This upward trend was confirmed in the first few months of 2019, and may be due to the media impact of the EU General Data Protection Regulation (“GDPR”) and increased public awareness. percent of complaints); the banking/credit sector (8.9 percent of complaints); and.

GDPR

GDPR Personal data Data breaches Marketing

EU and Japan Agree on Reciprocal Adequacy

Hunton Privacy

JULY 17, 2018

On July 17, 2018, the European Union and Japan successfully concluded negotiations on a reciprocal finding of an adequate level of data protection, thereby agreeing to recognize each other’s data protection systems as “equivalent.” Privacy Shield)—which allow personal data to flow safely from the EU to these countries.

Personal data

Personal data Communications Access Privacy

Japan Granted Adequacy Deal on Data Protection by the EU

Data Matters

AUGUST 8, 2018

As part of the agreement, the Commission has established that Japan provides a comparable level of protection of personal data to that of the European Union, enabling the personal data of individuals in the EU to be lawfully transferred from the European Economic Area (EEA) to Japan, without further safeguards or authorisations.

Personal data

Personal data Privacy GDPR IT

Jamaica’s New Privacy Protection Bill

Data Matters

NOVEMBER 21, 2017

On 10 October 2017, Jamaica introduced into its House of Parliament a comprehensive Bill for privacy and data protection, entitled “An Act to Protect the Privacy of Certain Data and for Connected Matters.” If passed, the new law will be named the “Data Protection Act, 2017.” .

Privacy

Privacy Personal data Compliance Data breaches

EU Commission Releases Report on First Annual Review of the EU-U.S. Privacy Shield Framework

Hunton Privacy

OCTOBER 18, 2017

On October 18, 2017, the EU Commission (“Commission”) released its report and accompanying working document on the first annual review of the EU-U.S. The Report states that the Privacy Shield framework continues to ensure an adequate level of protection for personal data that is transferred from the EU to the U.S.

Privacy

Privacy Personal data Compliance Marketing

A Decade of Have I Been Pwned

Troy Hunt

DECEMBER 3, 2023

” Anyone can type in an email address into the site to check if their personal data has been compromised in a security breach. But looking at passwords through the lens of how breach data can be used to do good things, a list of known compromised passwords disassociated from any form of PII made a lot of sense.

Data breaches

Data breaches Passwords Sales IT

UK ICO Fines Equifax for 2017 Breach

CNIL Unveils 2017 Inspection Program and 2016 Annual Activity Report

Webinars

Trending Sources

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

Webinars

IRELAND: First GDPR fine issued in Ireland

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

Update of Japan’s Privacy Law Approved by Cabinet

China’s evolving data laws: PIPL likely to be passed soon

CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach

Working Party Adopts Revised Guidelines on Data Portability, DPOs and Lead SA

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

GDPR Italian Implementing Decree Has Been Published

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

Avoiding, Managing And Responding To Cyber Incidents

European Commission Publishes its First Annual Review of EU-U.S. Privacy Shield

Data Protection Regime in Turkey Takes Shape

German BGH Ruling On Consent For Cookies And Third-Party Advertising

When And How Cos. Should Address Cyber Legal Compliance

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

BELGIUM: NEW DATA PROTECTION COMMISSIONER

Weekly podcast: 2018 end-of-year roundup

GDPR is upon us: are you ready for what comes next?

Transfer data outside of China: New security review regulation companies should know

New Belgian Data Protection Act Takes Effect

EDPB publishes guidance on calculating GDPR fines

Trusting your supply chain with personal information

UK: No ICO notifications, but fees continue under GDPR

One week into GDPR – what you need to know

Singapore proposes changes to cybersecurity and data protection regimes

FTC Posts Eleventh Blog in Its “Stick with Security” Series

EU Council Agrees on Proposed ePrivacy Regulation

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

EUROPE: ECJ and responsibility for personal data processing on Facebook fan pages

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

The debate on the Data Protection Bill in the House of Lords

The Burden of Privacy In Discovery

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

EU and Japan Agree on Reciprocal Adequacy

Japan Granted Adequacy Deal on Data Protection by the EU

Jamaica’s New Privacy Protection Bill

EU Commission Releases Report on First Annual Review of the EU-U.S. Privacy Shield Framework

A Decade of Have I Been Pwned

Stay Connected