Education, Exercises and Personal data - Information Management Today

The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

Hunton Privacy

NOVEMBER 7, 2022

On November 2, 2022, the ICO issued to the UK Department for Education (“ DfE ”) a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service (“ LRS ”), a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for.

Education

Education Personal data Access IT

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

APRIL 18, 2023

SB 5’s protections would apply to residents of Indiana who act for a personal, family or household purpose, with express exemption for individuals acting in a commercial or employment context.

Privacy

Privacy Personal data Sales Insurance

Texas enacts comprehensive privacy law

Data Protection Report

JUNE 21, 2023

The new law has exclusions for Gramm-Leach-Bliley-covered financial institutions, HIPAA-covered covered entities and business associates, non-profits, institutes of higher education, and electric utilities, power generation companies, and retail electric providers. A similar requirement applies with respect to the sale of biometric data.

Privacy

Privacy Personal data Sales Retail

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

Security Affairs

APRIL 28, 2023

In early April, the Italian Data Protection Authority, c, temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors. The Authority pointed out that OpenAI does not alert users that it is collecting their data.

Personal data

Personal data Privacy Access Education

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

during a calendar year, control or process personal data of at least 100,000 consumers, or. control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data. Key provisions. Key provisions. business-to-business) or employment context.

Personal data

Personal data Sales GDPR Privacy

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

Among the organizations that have designated a DPO, the most represented sectors are, unsurprisingly, the public administration, education and health sectors. The DPO is the key contact for the CNIL and data subjects. The Guide is composed of four main Parts : I. The Guide starts with a section on the role of the DPO : .

GDPR

GDPR Compliance Personal data Communications

What are the Data Subject Rights under the GDPR?

IT Governance

JUNE 15, 2018

That’s certainly not the end of the world , but organisations will run into serious problems if they aren’t equipped to deal with data subject rights. The GDPR gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly.

GDPR

GDPR Personal data Compliance Access

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

DLA Piper Privacy Matters

FEBRUARY 11, 2020

Data minimisation and purpose limitation are mentioned specifically. The DPA lists three topics of high social significance and wishes to ensure compliance by data controllers and processors. health data, biometric data,…) and, if so, make sure it is processed lawfully. 3 GDPR TOPICS OF PARTICULAR ATTENTION.

IT

IT GDPR Compliance Personal data

Spanish Senate signs-off new GDPR-compliant Data Protection Act

DLA Piper Privacy Matters

NOVEMBER 21, 2018

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018.

GDPR

GDPR Personal data Access Education

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Personal data

Personal data GDPR Data Privacy Privacy

Watch out for scams as Brexit confusion intensifies

IT Governance

OCTOBER 23, 2019

Scammers and attackers are using attention-grabbing headlines about Brexit to try to trick users into handing over personal data or downloading malware. See also: Government surveys further education providers before Brexit. UK data protection law and Brexit.

Phishing

Phishing Security awareness Education Personal data

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

Hunton Privacy

OCTOBER 18, 2016

As reflected in the white paper, the participants at the roundtable agreed that a new, user-centric conception of transparency represents a multidimensional, multidisciplinary and multistakeholder challenge that is essential to effectively protect individuals and enable digital trust, innovation and beneficial uses of personal data.

Paper

Paper Education Privacy Personal data

5 things HR departments need to know about data protection

IT Governance

OCTOBER 7, 2019

HR plays a crucial role in an organisation’s GDPR (General Data Protection Regulation) compliance. The department is full of personal data, whether it’s of employees, their next of kin or candidates responding to job adverts. Let’s take a look at five issues that HR must address when handling personal data.

GDPR

GDPR Personal data Compliance Communications

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

eDiscovery Daily

NOVEMBER 26, 2017

As part of the release, the CSA also launched the CSA GDPR Resource Center , a new community-driven website with tools and resources to help educate cloud service providers and enterprises on the new GDPR. Companies worldwide are struggling to keep pace with shifting regulations affecting personal data protection.

Cloud

Cloud GDPR Personal data Compliance

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. These rights enable individuals to access the personal data organisations store on them and to challenge the way their information is used. Clearly state why you are using CCTV.

GDPR

GDPR Privacy Retail Personal data

China Issues Draft of Personal Information Protection Law

Hunton Privacy

OCTOBER 27, 2020

The definition includes information that can identify data subjects as well as information that is related to the data subjects. Departments Exercising Personal Information Protection. The data processor shall establish the mechanism for the data subject to exercise his or her rights.

Cybersecurity

Cybersecurity Data breaches Personal data Government

PIPL: A Game Changer for Companies in China

Data Protection Report

AUGUST 24, 2021

Data subjects must be notified of the following matters and give their separate consent to the cross-border transfer of their personal information: the name, contact details of the overseas recipient; the purposes and methods of the processing; the types of affected personal information; and.

GDPR

GDPR Compliance Analytics Security

Malaysian Data Protection Law Takes Effect

Hunton Privacy

NOVEMBER 19, 2013

On November 14, 2013, the Minister of the Malaysian Communications and Multimedia Commission (the “Minister”) announced that Malaysia’s Personal Data Protection Act 2010 (the “Act”) would be going into effect as of November 15, marking the end of years of postponements. The law imposes a number of generally applicable principles.

Personal data

Personal data Marketing Communications Insurance

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

All of this leads one to ask: In the midst of these heightened risks, increasing regulations and digital innovation, whose role is it to make sure that financial and personal data is kept safe? Keeping our identity and data safe needs to be a top priority, and we should educate ourselves on the best practices for doing so.

IT

IT Security Digital transformation Compliance

Article 29 Working Party Issues Joint Statement on European Values and Actions for an Ethical European Data Protection Framework

Hunton Privacy

DECEMBER 10, 2014

The Joint Statement is intended to remind all relevant stakeholders (private and public) of their joint responsibility in designing and applying such a framework to the collection and use of personal data. The principles and actions include the following: Data Protection as a Fundamental Right.

Personal data

Personal data Compliance Privacy Education

5 learnings from the “Meeting the CCPA Challenge” webinar

Collibra

MARCH 12, 2020

Businesses cannot discriminate against a consumer for exercising their rights. Consumers must submit a VCR to exercise their rights and business must respond within 45 days. Chief Privacy Officer because to contribute their deep knowledge of how to handle personal data for legal, regulatory, and business strategies.

Data Privacy

Data Privacy Privacy Government Compliance

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

Expert Insight: Cliff Martin

IT Governance

NOVEMBER 28, 2023

Before that, he taught computer systems and network technologies in further and higher education. These might be tabletop exercises or red/blue team assessments , which basically test whether the organisation can actually respond to an incident, should one occur.

Risk

Risk Compliance Government Security

eDiscovery and the GDPR: Ready or Not, Here it Comes, Part Four: eDiscovery Best Practices

eDiscovery Daily

DECEMBER 10, 2017

In preparing for GDPR, all companies should start by doing the following: Determine Their Role Under the GDPR: Any organization that decides on why and how personal data is processed is essentially a “data controller”, regardless of geographic location.

GDPR

GDPR e-Discovery IT Compliance

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although Vladimir Putin and his sympathisers assured the world that they were simply conducting military exercises, the inevitable occurred on 24 February, when troops mobilised and war was declared. Articles 24(1) and 32(1) state that organisations must implement appropriate technical and organisational measures to protect personal data.

Security

Security Data breaches Ransomware Military

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? Who Owns Our Personal Data?

Data breaches

Data breaches Personal data GDPR Data collection

French Government Secures “Right to Be Forgotten” on the Internet

Hunton Privacy

OCTOBER 21, 2010

The main objectives of the initiative were to: (1) educate Internet users about their exposure to privacy risks on the Internet; (2) encourage professionals to adopt codes of good practice and to develop privacy-enhancing tools; and (3) foster data protection and the right to be forgotten at both the national and EU level.

Government

Government Security Marketing Content services

In California, Data Privacy Foresight is 2020: Data Privacy Trends

eDiscovery Daily

JULY 5, 2018

The bill requires companies to disclose personal data collected when a consumer requests it, up to two times a year, and to delete and stop selling the personal information to third parties upon request.

Data Privacy

Data Privacy Privacy Sales Data collection

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Businesses must provide conspicuous links entitled “Limit the Use of My Sensitive Personal Information,” in the same manner Do Not Sell links are currently required, to facilitate consumers’ ability to exercise their rights with respect to sensitive personal information.

Privacy

Privacy B2B Sales Data breaches

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

Consumers will be permitted to request that a business provide the consumer with a copy of his or her personal information in a readily usable format that can be transferred to another entity easily; and. Consumers will be able to request that a business not sell personal data to third parties. Right to Opt-Out.

Privacy

Privacy Sales Education Compliance

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

Consumers will be permitted to request that a business provide the consumer with a copy of his or her personal information in a readily usable format that can be transferred to another entity easily; and. Consumers will be able to request that a business not sell personal data to third parties. Right to Opt-Out.

Privacy

Privacy Sales Compliance Government

US: In Washington State’s landmark facial recognition law, public sector practices come under scrutiny and regulation

DLA Piper Privacy Matters

APRIL 23, 2020

These are defined as “decisions that result in the provision or denial of financial and lending services, housing, insurance, education enrollment, criminal justice, employment opportunities, health care services, or access to basic necessities such as food and water, or that impact civil rights of individuals.”

Privacy

Privacy Government Insurance IT

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

The Last Watchdog

AUGUST 1, 2023

SMEs, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape. This combination of stealth, persistence, data theft, and remote control makes the malware a very potent tool in the hands of malicious actors.

Insurance

Insurance Cybersecurity Risk Education

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

We want businesses to ensure that their customers and future customers have consented to having their personal data processed, but we also need to ensure that the enormous potential for new data rights and freedoms does not open us up to new threats. How then will we secure adequacy without adhering to the charter?

GDPR

GDPR Personal data Government IT

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

4) non-discrimination for exercising the above rights (including denial of goods or services, charging different prices for goods and services, providing (or suggesting) a different level or quality of goods or services or considering the exercise of consumer rights as a basis for suspicion of criminal wrongdoing or unlawful conduct).

Privacy

Privacy Insurance Security Data breaches

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. The guidance in ISO 29151, which specifies controls that help protect personal data. Quality DPO training educates and prepares the person for the role.

Data Privacy

Data Privacy Privacy GDPR IT

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In contrast, only 70 valid data breach notifications were received under the ePrivacy Regulations and 25 notifications under the Law Enforcement Directive. Around 60% of the data breaches notified occurred in the private sector. Unauthorised disclosure of personal data continues to be the leading reason for breach notifications.

GDPR

GDPR Compliance Data breaches Marketing

Jamaica’s New Privacy Protection Bill

Data Matters

NOVEMBER 21, 2017

On 10 October 2017, Jamaica introduced into its House of Parliament a comprehensive Bill for privacy and data protection, entitled “An Act to Protect the Privacy of Certain Data and for Connected Matters.” If passed, the new law will be named the “Data Protection Act, 2017.” .

Privacy

Privacy Personal data Compliance Data breaches

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

3.

Privacy

Privacy Cybersecurity Personal data Insurance

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

Rather, to be covered by the VCDPA, an entity must either “(i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.”. Exemptions.

Personal data

Personal data GDPR Sales Privacy

The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Webinars

Trending Sources

Texas enacts comprehensive privacy law

Webinars

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

US: Virginia passes comprehensive consumer data protection law

France: The CNIL publishes a practical guide on Data Protection Officers

What are the Data Subject Rights under the GDPR?

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

Spanish Senate signs-off new GDPR-compliant Data Protection Act

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Watch out for scams as Brexit confusion intensifies

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

5 things HR departments need to know about data protection

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

Does your use of CCTV comply with the GDPR?

China Issues Draft of Personal Information Protection Law

PIPL: A Game Changer for Companies in China

Malaysian Data Protection Law Takes Effect

California Enacts Broad Privacy Laws Modeled on GDPR

Security in the finance sector: Whose role is it anyway?

Article 29 Working Party Issues Joint Statement on European Values and Actions for an Ethical European Data Protection Framework

5 learnings from the “Meeting the CCPA Challenge” webinar

California Enacts Broad Privacy Protections Modeled on GDPR

Expert Insight: Cliff Martin

eDiscovery and the GDPR: Ready or Not, Here it Comes, Part Four: eDiscovery Best Practices

2022 Cyber Security Review of the Year

Fixing Data Breaches Part 2: Data Ownership & Minimisation

French Government Secures “Right to Be Forgotten” on the Internet

In California, Data Privacy Foresight is 2020: Data Privacy Trends

California Privacy Law Overhaul – Proposition 24 Passes

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

US: In Washington State’s landmark facial recognition law, public sector practices come under scrutiny and regulation

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

The debate on the Data Protection Bill in the House of Lords

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

Jamaica’s New Privacy Protection Bill

ICYMI – Late December in privacy and cybersecurity

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Stay Connected