Analysis and Personal data - Information Management Today

Malaysia introduces watershed amendments to Personal Data Protection Act 2010

Data Protection Report

JULY 26, 2024

On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill 2024 (the PDP Bill ). Data processors will also be potentially subject to the direct imposition of penalties for breach of their obligations.

Personal data

Personal data Data breaches Compliance GDPR

India Passes Digital Personal Data Protection Act

Hunton Privacy

AUGUST 22, 2023

reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. Grounds for Collection and Processing Consent continues to be the primary legal ground for the processing of personal data.

Personal data

Personal data Data breaches GDPR Government

Navigating Compliance: Understanding India's Digital Personal Data Protection Act

Thales Cloud Protection & Licensing

MAY 8, 2024

Navigating Compliance: Understanding India's Digital Personal Data Protection Act madhav Thu, 05/09/2024 - 05:30 In August 2023, the Indian Parliament passed a piece of landmark legislation, the Digital Personal Data Protection (DPDP) Act, marking a significant shift in India's data protection landscape.

Personal data

Personal data Compliance Encryption Cloud

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

ECJ’s ruling on the interpretation of “personal data” and “joint controller” in the context of the IAB TCF Framework

Data Protection Report

MARCH 15, 2024

The judgment of the ECJ is unsurprising given previous case law on the definitions of “personal data” and “controller” under the GDPR and the ECJ’s emphasis that the overarching objective of the GDPR is to “[ ensure] a high level of protection of the fundamental rights and freedoms of natural persons ”.

Personal data

Personal data GDPR Access Compliance

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Data Protection Report

MARCH 28, 2023

In a recent decision (the Decision ), [1] the Personal Data Protection Commission ( PDPC ) considered for the first time a company’s reliance on the Legitimate Interests Exception (as defined below) under the Personal Data Protection Act 2012 ( PDPA ) when the consent procured is invalid.

Personal data

Personal data Risk Access IT

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

AUGUST 26, 2021

” According to the investigation published by the Le Temps daily this week, the attack was discovered on May 30, experts involved in the analysis defined the documents as “personal and extraordinarily sensitive.” The criminals have posted internal and confidential documents on Darknet, as research by Watson shows.”

Personal data

Personal data Ransomware Data breaches Education

Ireland: Irish Court of Appeal Clarifies Boundaries of Concept of Personal Data

DLA Piper Privacy Matters

JULY 21, 2020

The Irish Court of Appeal has clarified the scope of the definition of personal data – noting that, while the definition is deliberately very broad, it does not facilitate access by an individual to reports stemming from a complaint for the sole reason that the complaint was made by that individual. Submissions.

Personal data

Personal data Access Compliance Privacy

Selling and utilising personal data in an insolvency situation

Data Protection Report

JUNE 1, 2020

For example, in February of this year, the FCA and ICO issued a joint statement warning regulated firms and insolvency practitioners of their responsibilities when dealing with personal data. What are the legal mechanisms to sell or utilise personal data in an insolvency situation? Asset sales.

Personal data

Personal data Sales Marketing GDPR

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. The disputed facts. Code § 1881(b)(4), which subjects the company to the surveillance of U.S.

Personal data

Personal data Analytics GDPR Privacy

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

Data Protection Report

JUNE 26, 2023

The Guidance sits alongside the ICO’s recommendation that organisations should, if they haven’t already, start using PETs to share personal data safely, securely and anonymously. The Guidance clarifies that there is no definition of PETs within data protection law and that the concept covers various technologies and techniques.

Personal data

Personal data Privacy Security Compliance

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants. However, this intensive ingestion of personal data points — in the absence of reasonable oversight — has triggered consumer anxiety , and rightly so.

Privacy

Privacy Data Privacy GDPR Personal data

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

DLA Piper Privacy Matters

APRIL 27, 2023

In the course of this cyber-attack, personal data – mainly tax and social security information – of approximately 4 million Bulgarian citizens (or approximately 6 million citizens in total, including foreign citizens) had been accessed and published on the Internet.

Personal data

Personal data GDPR Access Data breaches

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. Retention period. The need for a DPIA.

Personal data

Personal data GDPR e-Delivery Communications

Ten steps to a GDPR gap analysis

IT Governance

MAY 8, 2019

Most GDPR (General Data Protection Regulation) compliance projects start with a gap analysis. A gap analysis is a popular method of assessing compliance against the requirements of the Regulation. What does a gap analysis involve? Can I use a free GDPR gap analysis tool? What gap analysis options are available?

GDPR

GDPR Compliance Personal data Risk

Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam

Security Affairs

JUNE 30, 2020

A joint investigation of Group-IB’s Threat Intelligence and Brand Protection teams revealed 248,926 sets of personally identifiable information exposed in what turned to be a complex three-stage fraud designed to drag people into a shady bitcoin investment scheme. Every message contained a unique short link. Pierluigi Paganini.

Personal data

Personal data Blockchain Data breaches Phishing

No Surprise: China Blamed for 'Big Data' Hack of Equifax

Data Breach Today

FEBRUARY 11, 2020

Analysis: Equifax Failed on Security, But Only Governments Can Hold Each Other to Account Who's surprised Chinese military hackers allegedly hacked Equifax?

Big data

Big data Military Personal data Government

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain. The attack took place on May 23, 2023 and the Play ransomware gang claimed responsibility for the data breach. Threat actors stole and leaked roughly 1.3

Ransomware

Ransomware Data breaches Unstructured data Personal data

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

FEBRUARY 29, 2024

It filed a breach report with OCR in February 2019, which then investigated the organization’s data practices starting in December 2019. Develop an enterprise-wide Risk Management Plan to address any risks and vulnerabilities identified, which is to be provided to HHS for review within 90 days of HHS approval of the risk analysis.

Ransomware

Ransomware Personal data Risk Privacy

EDPB Advises on Lawful Grounds for Processing Personal Data in Clinical Trials

HL Chronicle of Data Protection

FEBRUARY 13, 2019

So, with that in mind, the EDPB has issued an influential opinion on the lawful grounds for the processing of personal data in the context of clinical trials. The opinion covers the justification for both the primary use of data for the clinical trial protocol itself and the secondary use of such data for other scientific purposes.

Personal data

Personal data GDPR Compliance IT

ICO Publishes Guidance on Content Moderation

Hunton Privacy

FEBRUARY 21, 2024

The ICO defines content moderation in the guidance as the analysis of user-generated content to assess whether it meets certain standards, and any action a service takes as a result of this analysis. On February 16, 2024, the UK Information Commissioner’s Office (the “ICO”) published its first piece of guidance on content moderation.

Personal data

Personal data Communications Risk IT

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Security Affairs

SEPTEMBER 10, 2023

The analysis of the code revealed that most packages of the trojanized version of Telegram look the same as the standard ones. ” reads the analysis published by Kaspersky. ” concludes the analysis. The malicious code hidden in the apps can harvest sensitive information from compromised Android devices.

File names

File names Personal data Encryption Security

Russian national sentenced to 40 months for selling stolen data on the dark web

Security Affairs

AUGUST 16, 2024

The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on the dark web marketplace, Slilpp.

Sales

Sales Retail Personal data Passwords

FRANCE: CNIL publishes initial analysis on Blockchain and GDPR

DLA Piper Privacy Matters

OCTOBER 15, 2018

The CNIL is one of the first EU data protection supervisory authorities to provide guidance on the compliance of Blockchain with GDPR. What solutions for a responsible use of Blockchain involving personal data? a) Data controllers. The participant is a legal entity and writes personal data on the blockchain.

Blockchain

Blockchain GDPR Personal data Encryption

European rulings on the use of Google Analytics and how it may affect your business

Data Protection Report

FEBRUARY 14, 2022

At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. Many of our clients are using the firm’s technical tool suite, NT Analyzer , to assist with their data protection and privacy efforts. An Important Reminder. www.website.com/pg1/? www.website.com/pg1/?

Analytics

Analytics GDPR Personal data IT

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

Data Protection Report

NOVEMBER 2, 2021

The Singapore High Court and the Hong Kong District Court have both considered the right to compensation for injury to feelings in two recent cases involving misuse of personal data but arrived at different conclusions. Reed, brought an action against Mr. Bellingham for contravention of Singapore’s Personal Data Protection Act 2012.

Personal data

Personal data Data collection Data Privacy Compliance

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

EDPB Publishes Guidelines to Clarify Scope of EU “Cookie” Notice and Consent Requirements

Hunton Privacy

NOVEMBER 20, 2023

To achieve this purpose, the EDPB carries out an analysis of the various components of Article 5(3) of the ePrivacy Directive, namely: (1) information; (2) terminal equipment; (3) electronic communications network; (4) gaining access; and (5) stored information and storage.

Personal data

Personal data IoT Access Communications

CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification

Hunton Privacy

MARCH 10, 2021

On March 2, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on examples regarding data breach notification (the “Guidelines”).

Data breaches

Data breaches GDPR Personal data Risk

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Security Affairs

OCTOBER 12, 2023

It offers various statistical insights into data, the ability to determine attack perpetrators, and incorporates filtering by country, industries, time span, and other parameters for journalistic investigations. “With Ransomlooker, you can proactively safeguard your business or personal data from ransomware attacks.

Ransomware

Ransomware Personal data Access Cybersecurity

Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany

Data Protection Report

JULY 28, 2021

At first instance the claimant referred to pre-GDPR laws and lost the case; at second instance he based his DSAR on Article 15 GDPR and requested information on all personal data actually held by the defendant, specifying his requirements in more detail. Knowledge of the data subject of information is irrelevant.

Access

Access GDPR Personal data Insurance

Video Conferencing Apps Sometimes Ignore the Mute Button

Schneier on Security

APRIL 29, 2022

A Privacy Analysis of Mute Buttons in Video Conferencing Apps “: Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. New research: “ Are You Really Muted?:

Paper

Paper Privacy Personal data Access

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

AUGUST 11, 2024

Day: Exploiting Localhost APIs From the Browser BlackHat USA 2024 – Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections E.U.

Security

Security Ransomware MDM Personal data

How situational analysis helps your school become #BreachReady

IT Governance

AUGUST 17, 2018

In this blog, we’ll consider situational analysis, how to assess what’s happening in the school and how to support staff to protect the data in their care. Situational analysis – understand what’s happening now. There are several ways to reduce the likelihood and severity of data breaches. Review the email culture.

GDPR

GDPR Encryption Data breaches Compliance

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The proposed regulation provides the people of Colorado with a mechanism to protect their personal data rights by making requests directly to data controllers, or businesses who control their personal data.

Privacy

Privacy Personal data Data collection Compliance

EDPB Guidelines on international transfers: 6 key takeways

Data Protection Report

MARCH 13, 2023

Chapter V sets out the rules on transfers of personal data to third countries outside of the EU. The Guidelines note that the GDPR does not contain a legal definition of the notion “ transfer of personal data to a third country or to an international organisation ”. The most notable points are as follows: 1.If

GDPR

GDPR Personal data Data Privacy Risk

Minnesota enacts comprehensive privacy law

Data Protection Report

JUNE 24, 2024

The new law defines personal data as any information linked or reasonably linked to an identified or identifiable consumer; personal data does not include deidentified data or publicly available information. States have started to include a right to opt out of automated decisions and profiling (e.g.,

Privacy

Privacy Personal data Data Privacy Sales

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

IT Governance

MAY 25, 2023

Given the scale and nature of its operations, Meta is obviously something of a special case, but the wider implications for personal data transfers from the EU to the US are clear: this case is surely going to be another nail in the coffin of the new EU-US DPF (Data Privacy Framework).

GDPR

GDPR Compliance Personal data Data Privacy

Texas enacts comprehensive privacy law

Data Protection Report

JUNE 21, 2023

The new law also gives controllers certain rights to use the data, including to “prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity” as well as to “conduct internal research to develop, improve, or repair products, services, or technology.”

Privacy

Privacy Personal data Sales Retail

Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report

Security Affairs

JULY 30, 2022

of all the stolen data contains GDPR personal data based on this analysis; In 95.3% of all the stolen data contains GDPR personal data based on this analysis; In 95.3%

Ransomware

Ransomware GDPR Personal data Encryption

EDPS Issues Decision on EU Parliament’s Cookie Violations

Hunton Privacy

JANUARY 19, 2022

The case resulted from a complaint submitted by certain Members of the European Parliament (“MEPs”) who alleged that the Parliament’s use of cookies violated data protection law, including requirements regarding the transfer of personal data outside of the EU. where the cookie provider was located and hosted all relevant data.

Personal data

Personal data Analytics Compliance IT

Updating your data protection documentation following Brexit

IT Governance

APRIL 16, 2021

Although this may appear to be a surface-level change, it means that data transfers to some organisations need to be reviewed, as both pieces of legislation require additional measures to secure personal data transfers to international organisations. Do you have appropriate security mechanisms for data transfers?

GDPR

GDPR Personal data Compliance Encryption

Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

Hunton Privacy

MAY 11, 2021

Disqus collected data through cookies placed on the devices of website visitors using the widget, and subsequently passed personal data collected by those cookies to third-party advertising partners and its parent company. Numerous Norwegian online newspapers used its services through the Disqus plugin (the “widget”).

GDPR

GDPR Personal data Communications Data collection

Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence

DLA Piper Privacy Matters

APRIL 12, 2022

The Hungarian Data Protection Authority ( Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH ) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million).

Artificial Intelligence

Artificial Intelligence GDPR Privacy Risk

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

“Based on VF’s preliminary analysis from its ongoing investigation, VF currently estimates that the threat actor stole personal data of approximately 35.5 VF immediately began taking measures to remediate the attack and launched an investigation into the security breach. million individual consumers.”

Data breaches

Data breaches Passwords Retail Insurance

Malaysia introduces watershed amendments to Personal Data Protection Act 2010

India Passes Digital Personal Data Protection Act

Webinars

Trending Sources

Navigating Compliance: Understanding India's Digital Personal Data Protection Act

Webinars

ECJ’s ruling on the interpretation of “personal data” and “joint controller” in the context of the IAB TCF Framework

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Personal Data and docs of Swiss town Rolle available on the dark web

Ireland: Irish Court of Appeal Clarifies Boundaries of Concept of Personal Data

Selling and utilising personal data in an insolvency situation

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Ten steps to a GDPR gap analysis

Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam

No Surprise: China Blamed for 'Big Data' Hack of Equifax

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

EDPB Advises on Lawful Grounds for Processing Personal Data in Clinical Trials

ICO Publishes Guidance on Content Moderation

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Russian national sentenced to 40 months for selling stolen data on the dark web

FRANCE: CNIL publishes initial analysis on Blockchain and GDPR

European rulings on the use of Google Analytics and how it may affect your business

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

EDPB Publishes Guidelines to Clarify Scope of EU “Cookie” Notice and Consent Requirements

CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany

Video Conferencing Apps Sometimes Ignore the Mute Button

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

How situational analysis helps your school become #BreachReady

Colorado AG Publishes Draft Colorado Privacy Act Rules

EDPB Guidelines on international transfers: 6 key takeways

Minnesota enacts comprehensive privacy law

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

Texas enacts comprehensive privacy law

Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report

EDPS Issues Decision on EU Parliament’s Cookie Violations

Updating your data protection documentation following Brexit

Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence

VF Corp December data breach impacts 35 million customers

Stay Connected