Hunton Privacy

JULY 9, 2020

The New DP Law will apply to companies incorporated in the DIFC, regardless of where processing takes place, or companies that, whilst incorporated elsewhere, process personal data in the DIFC as part of stable arrangements (other than occasional processing). For more detail, read the full client alert.

Personal data 127

Personal data GDPR Data breaches Compliance 127

Security Affairs

APRIL 28, 2023

In early April, the Italian Data Protection Authority, c, temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors. The Authority pointed out that OpenAI does not alert users that it is collecting their data.

Personal data 94

Personal data Privacy Access Education 94

Hunton Privacy

MAY 17, 2023

Unlike the other comprehensive state privacy laws that have been enacted, the FDBR applies to a much narrower subset of entities.

Privacy 83

Privacy Personal data Sales Government 83

Hunton Privacy

SEPTEMBER 21, 2023

362 (“Act”), a bill that would impose new requirements on data brokers and grant residents new rights designed to facilitate control over their personal data. The Act would grant California consumers the right to request that data brokers (1) delete and (2) limit the further sale and sharing of consumers’ personal data.

Insurance 69

Insurance Personal data Compliance Privacy 69

Security Affairs

SEPTEMBER 17, 2024

However, trust is not a once-off exercise; it’s a continuous process in which each interaction helps build and nurture loyalty over time. This is why it’s crucial to understand the factors contributing to trust, particularly how online brands manage consumers’ personal data.

Data collection 96

Data collection Privacy Personal data B2B 96

Hunton Privacy

SEPTEMBER 14, 2020

According to the ICO, the Accountability Framework will be of particular use to those responsible for implementing data privacy management programs, such as senior management, data protection officers and those responsible for records management and information security.

IT 114

IT Compliance GDPR Records Management 114

Hunton Privacy

FEBRUARY 2, 2022

The Attorney General’s Office then will consider whether a company has a written information security policy and a written incident response plan. Lastly, it will examine the degree to which the company vets and monitors its vendors’ data security practices.

Privacy 102

Privacy Security Data breaches Ransomware 102

Security Affairs

MAY 22, 2023

Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

GDPR 88

GDPR Personal data Privacy Data Privacy 88

Hunton Privacy

MAY 4, 2021

Decedent’s Personal Information. Article 49 adds provisions regarding the protection of personal information of decedents, whose rights provided under the Draft PIPL may be exercised by near relatives on the decedent’s behalf. Specific Data Processor. Inversion of Burden of Proof.

Personal data 94

Personal data IT Information Security Privacy 94

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

Security 117

Security Ransomware Data breaches Cybersecurity 117

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR 74

GDPR Compliance Personal data Privacy 74

DLA Piper Privacy Matters

NOVEMBER 29, 2021

Provide information and advice. The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is the key contact for the CNIL and data subjects.

GDPR 116

GDPR Compliance Personal data Communications 116

Hunton Privacy

NOVEMBER 5, 2020

During the investigation, the ICO conducted audits of the direct marketing data broking businesses of the UK’s three largest credit reference agencies (“CRAs”) – Experian, Equifax and TransUnion – and found “significant data protection failures at each” that were “deeply embedded” within the businesses.

Marketing 102

Marketing Compliance Personal data GDPR 102

Hunton Privacy

OCTOBER 2, 2018

A blockchain is a database in which data is stored and distributed over a high number of computers and all entries into that database (called “transactions”) are visible by all the users of the blockchain. It is a technology that can be used to process personal data and is not a processing activity in itself.

Blockchain 101

Blockchain GDPR Personal data Compliance 101

IT Governance

JUNE 13, 2019

If your organisation is subject to the GDPR (General Data Protection Regulation) , you’re probably aware of your requirement to “implement appropriate technical and organisational measures” to protect the personal data you hold. An essential principle of this is data protection by design and by default.

GDPR 82

GDPR Personal data Compliance Privacy 82

Security Affairs

AUGUST 21, 2021

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. The guidance aims at helping government and private sector organizations in preventing such kinds of incidents. ” reads CISA’s guideline.

Data breaches 115

Data breaches Ransomware Encryption Cybersecurity 115

AIIM

JANUARY 17, 2018

Article 30 of the GDPR requires data controllers and processors to maintain a record of processing activities. Notification processes in the event of personal data breach. Subject to specific circumstances data controllers and processors may be required to conduct a privacy impact assessment.

GDPR 84

GDPR Compliance Data collection Privacy 84

IT Governance

AUGUST 10, 2018

Although the breach was blamed on a ‘coding error’, and there is no risk to patient data, it demonstrates a blatant failure of NHS Digital’s information security management practices. It also highlights the importance of organisations knowing what information security risks they face within the supply chain.

Data breaches 43

Data breaches GDPR Personal data Risk 43

Data Matters

JULY 8, 2019

The proposed fine relates to a cyber incident which BA notified to the ICO (as BA’s lead data protection authority, DPA) in September 2018. The incident involved the theft from the BA website and mobile app of personal data relating to customers over a two-week period.

GDPR 72

GDPR Privacy Data breaches Risk 72

Hunton Privacy

APRIL 27, 2021

To address this, CIPL makes several recommendations, such as: Clarify that a VVA is only a new audio interface complementing other touch-based interfaces; Define VVAs as conversational assistance software that has natural language understanding capabilities and uses artificial intelligence to help the end-user perform certain tasks; Avoid over-simplification (..)

GDPR 77

GDPR Artificial Intelligence Privacy Personal data 77

Security Affairs

MARCH 12, 2023

We cannot demonize the use of the popular platform in the workplace, however, it is essential to spread awareness about the risks of the improper use of such technology Let me close with this question I made to the chatbot: How risky is it to provide company data to ChatGPT?

Risk 98

Risk Artificial Intelligence Privacy Personal data 98

Hunton Privacy

DECEMBER 4, 2012

On November 20, 2012, the European Network and Information Security Agency (“ENISA”) published a new report entitled “ The Right to Be Forgotten – Between Expectations and Practice.” Consider how to deal with offline storage equipment once the right to be forgotten has been exercised.

Personal data 40

Personal data Information Security Data collection Paper 40

Data Matters

JANUARY 28, 2022

Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan. While the Advisory only urges the adoption of comprehensive cybersecurity programs, an increasing number of states have begun to mandate such cybersecurity programs – especially if the organization possesses personal data.

Cybersecurity 155

Cybersecurity Financial Services Authentication Government 155

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. To comply with the data controller’s legal obligations. To protect the data subject’s vital interests.

GDPR 85

GDPR Personal data Privacy Access 85

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security 89

Security Data breaches Ransomware Artificial Intelligence 89

Hunton Privacy

MARCH 17, 2017

know where the data is being transferred and to whom, where it is hosted and for how long it’s retained. This prioritization must be carried out, taking into consideration the risks to the rights and freedoms of the data subjects. verifying the data security measures implemented.

GDPR 75

GDPR Personal data Compliance Privacy 75

Security Affairs

SEPTEMBER 15, 2023

If misused, this could lead to data loss, unauthorized modification of user files, or potential manipulation of sensitive data. Users should exercise caution when granting this permission to apps that don’t have a legitimate need for accessing external storage.

Privacy 116

Privacy Access IT Security 116

IT Governance

APRIL 12, 2018

The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures, and adopt “appropriate technical and organisational measures”, to protect personal data.

GDPR 47

GDPR Compliance Personal data Risk 47

IT Governance

OCTOBER 3, 2019

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. These rights enable individuals to access the personal data organisations store on them and to challenge the way their information is used.

GDPR 102

GDPR Privacy Retail Personal data 102

IT Governance

APRIL 3, 2018

The General Data Protection Regulation (GDPR)’s compliance deadline is looming. Every organisation that processes personal data must be in compliance with the new law by 25 May or risk substantial regulatory fines from the Information Commissioner’s Office and legal action from aggrieved data subjects.

GDPR 58

GDPR Compliance Personal data Risk 58

Hunton Privacy

DECEMBER 2, 2020

The Data Governance Act creates a framework for re-using certain categories of public sector data, including data protected on the grounds of (1) commercial or statistical confidentiality; (2) protection of intellectual property rights; or (3) protection of personal data. Data Altruism. Additional Takeaways.

Government 70

Government Personal data Compliance GDPR 70

IT Governance

NOVEMBER 16, 2018

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister. The ones that affected the unencrypted personal data of 4.2

Risk 44

Risk Encryption Passwords Government 44

IT Governance

NOVEMBER 16, 2017

If your organisation is concerned about information security, it should have an ISO 27001 -compliant information security management system (ISMS) in place. Implementing an ISMS helps organisations manage their security practices, as well as helping to monitor, audit and improve their information security.

Information Security 42

Information Security Sales Personal data Risk 42

Hunton Privacy

APRIL 12, 2017

The Working Party amended and further specified certain points of the Guidelines on the right to data portability , including the following: Data controllers answering data portability requests from data subjects are not responsible for the processing handled by the data subject or by another company receiving personal data.

Personal data 65

Personal data GDPR Metadata Compliance 65

Hunton Privacy

FEBRUARY 29, 2016

Once adopted, the adequacy decision will establish that the safeguards provided when transferring personal data pursuant to the new EU-U.S. Privacy Shield are equivalent to the EU data protection standards. government’s access to personal data. Limits and safeguards regarding access to personal data by the U.S.

Privacy 56

Privacy Personal data Access Government 56

Hunton Privacy

OCTOBER 27, 2020

The definition includes information that can identify data subjects as well as information that is related to the data subjects. Departments Exercising Personal Information Protection. The data processor shall establish the mechanism for the data subject to exercise his or her rights.

Cybersecurity 111

Cybersecurity Data breaches Personal data Government 111

IT Governance

APRIL 20, 2020

Those looking for a broader understanding of the threat landscape should take our Certified Cyber Security Foundation Training Course. This one-day course is designed and run by real-world practitioners, who help you gain an understanding of risks through practical exercises, group discussions and case studies. One virus is enough.

Security 59

Security GDPR Phishing Data breaches 59