Information Management Today

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

The purpose of conducting a DPIA is to identify and assess the potential impact of these risks on individuals’ rights and freedoms from your proposed processing operations. A DPIA requires a thorough review of any personal data collected and stored, including who specifically controls the data and who has access at any given time.

Data Privacy

Data Privacy Compliance Privacy GDPR

Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

Hunton Privacy

MAY 11, 2021

Disqus collected data through cookies placed on the devices of website visitors using the widget, and subsequently passed personal data collected by those cookies to third-party advertising partners and its parent company. (“Disqus”), a U.S. million Euros).

GDPR

GDPR Personal data Communications Data collection

ACLU files request over data US collected via Muslim app used by millions

The Guardian Data Protection

DECEMBER 3, 2020

‘Harvesting of data on Muslim app users worldwide is a serious threat to privacy and religious freedom,’ the ACLU says The American Civil Liberties Union is seeking the release of three years of records that could shed light on how the US government acquired cellphone location data collected through apps used by millions of Muslims around the world.

FOIA

FOIA Data collection Military Privacy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Anonymous leaked data stolen from Russian pipeline company Transneft

Security Affairs

MARCH 20, 2022

Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. While the Russian invasion of Ukraine continues and innocent people are dying, the Anonymous collective is targeting Russian government institutions and private firms.

Government

Government IT Security Data breaches

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

Hunton Privacy

JUNE 7, 2022

On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers.

Privacy

Privacy Authentication Information Security Risk

Transferring skills to a digital landscape

CILIP

NOVEMBER 13, 2023

Skills in a digital landscape Taking the skills learned as a librarian and applying them to digital projects has provided a space to learn and develop for Denice Penrose, Director, Technically Minded, is an Information Professional and Learning Technologist. I love the freedom, independence, and ability to shape my working life as I want.

Libraries

Libraries Information architecture Metadata Archiving

Germany: New 35 million fine for breaching employee privacy

Data Protection Report

OCTOBER 5, 2020

On 1 October 2020, the State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit) of Hamburg (the DPA) imposed a fine of EUR 35.3 In addition, some supervisors recorded other private information such as family problems and religious beliefs.

Privacy

Privacy Retail Data collection GDPR

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Hunton Privacy

AUGUST 5, 2021

Following an investigation into Deliveroo’s practices, the Garante found that Deliveroo had failed to provide transparent information to its riders about the algorithm used to manage riders’ work shifts. Read the Garante’s press release and decision (in Italian).

Personal data

Personal data GDPR IT

Anonymous targets the Russian Military and State Television and Radio propaganda

Security Affairs

APRIL 5, 2022

The collective continues to target Russian media that are supporting Putin’s propaganda built on lies related to the invasion. “VGTRK also runs the information agency Rossiya Segodnya / ??????? ????????, List of Russian military stationed in Bucha (51460). List of Russian military stationed in Bucha (51460).

Military

Military Cybersecurity Security Government

French CNIL fined Tiktok $5.4 Million for violating cookie laws

Security Affairs

JANUARY 14, 2023

French data protection watchdog claims that users are not able to refuse cookies, as easily as they accept them, the ByteDance-owned company also failed to sufficiently inform of the purposes of the different cookies. ” reads a statement published by CNIL. . ” continues the statement.

Security

Security IT Information Security Privacy

Copyright: The demise of ‘skill, labour and effort’?

CILIP

JANUARY 22, 2024

This criterion is not satisfied where the content of the work is dictated by technical considerations, rules or other constraints which leave no room for creative freedom”. Copyright: The demise of ‘skill, labour and effort’? Is a photograph or digital image of a 2D artwork that is itself out of copyright, protected by copyright?

Access

Access IT

Brazil Fake News Bill May Undercut Brazil’s Data Protection Gains – Bill to Be Voted on Tomorrow

Hunton Privacy

JUNE 24, 2020

Officially, this Bill establishes the Brazilian law of “freedom, responsibility and transparency on the internet.” Articles 5, 7, 24 and 28 of the new version of the Bill introduce requirements related to data collection, retention and localization. Read the unofficial English translation of the Bill.

Data collection

Data collection Privacy IT

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

This process requires the organisation to provide copies of any personal data that it holds on the individual, as well as supporting information. This process requires the organisation to provide copies of any personal data that it holds on the individual, as well as supporting information. What is the right to erasure?

GDPR

GDPR Personal data Compliance Government

How to Apply Lean Principles to Policy Writing

AIIM

APRIL 28, 2020

As important as Intelligent Information Management (IIM) policy writing is, it's probably not the only dish you have cooking on the stove. It contains information collected from legislation, regulation, facts, best practices, your experience, and policies. The best way to do that is to keep your IIM policies lean.

Paper

Paper IT Information governance Security

How eDiscovery Technology and Workflows Speed Public Records Requests Response

eDiscovery Daily

MARCH 28, 2024

By Rick Clark In the two separate worlds of legal processes and Freedom of Information Act (FOIA)/public records requests, eDiscovery technology and standard workflows have emerged as powerful ways to streamline operations and ensure compliance. Redaction of sensitive information is also common to both FOIA and eDiscovery.

FOIA

FOIA Compliance Cloud Government

CISA: “We don’t stab the wounded.”

Data Matters

MAY 5, 2022

Much of the nation’s infrastructure is privately owned, Easterly noted, rich in research and other coveted information, yet often poor in resources. “One of our best superpowers is our ability to share information very expansively while protecting privacy, civil liberties and liability,” she added. private sector.

FOIA

FOIA Cybersecurity Privacy Communications

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Additionally, there are circumstances in which schools must report breaches to the ICO (Information Commissioner’s Office) within 72 hours of their discovery. It’s most likely to occur when completed data collection sheets are sent to the wrong parents. What constitutes a personal data breach. Identity theft or fraud. Financial loss.

Personal data

Personal data Data breaches Data collection GDPR

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

Personal Data ” means any information relating to a Person, which enables the identification of a Person, whether directly or indirectly, but does not include the information of deceased Persons. Lawful bases for collection, usage and disclosure of Personal Data. The Personal Data Protection Act B.E. Definition of Personal Data.

Personal data

Personal data Compliance Privacy Access

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

China’s Personal Information Protection Law (PIPL) is legislation that aims to outline and protect appropriate uses of personal data. PIPL affects businesses located in China, that do business in China, or store the personally identifiable information (PII) of Chinese citizens. A lawful basis for the information you gather and use.

GDPR

GDPR Compliance Data Privacy Privacy

CILIP Policy Statement on COVID-19, civil liberties and professional ethics

CILIP

MAY 14, 2020

CILIP is the professional association which champions and supports people working in libraries, information and knowledge management. s primary concern is for the health and wellbeing of our members, the wider library, information and knowledge profession and of service users. Intellectual freedom, including freedom from censorship.

Libraries

Libraries Privacy Personal data Government

Records Management and FOIA: So Happy Together

National Archives Records Express

MARCH 17, 2021

Semo, Director of the Office of Government Information Services (OGIS), the Federal Freedom of Information Act (FOIA) Ombudsman’s office, discusses the vital role records management teams play in agencies’ responses to FOIA requests. As the FOIA Ombudsman, OGIS researches and shares information about FOIA practices.

FOIA

FOIA Records Management Education Government

Tech firms can't keep our data forever: we need a Digital Expiry Date

The Guardian Data Protection

MAY 19, 2018

Requiring companies to erase our information quarterly would offer us greater freedom online – without destroying profit margins It’s taken a long time, but people have finally discovered how much information companies like Google and Facebook have on them. So what are we to do?

Data collection

Data collection Privacy IT

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

The Regulation isn’t just about written details, like names and addresses; it applies to any information that can identify someone. You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. Make sure people know they’re being recorded.

GDPR

GDPR Privacy Retail Personal data

Privacy and Security of Data at Universities

Schneier on Security

NOVEMBER 9, 2018

The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection.

Privacy

Privacy Data collection Security Mining

EDPB Adopts Opinion on Draft South Korea Adequacy Decision

Hunton Privacy

OCTOBER 1, 2021

The EDPB invited the European Commission to further assess the impact of pseudonymization and how it may affect the fundamental rights and freedoms of individuals whose personal data is transferred to the Republic of Korea under the adequacy decision. Background. Key Takeaways.

Personal data

Personal data GDPR Archiving Security

A guide to the GDPR’s EU representative requirements

IT Governance

MARCH 21, 2019

Organisations whose processing activity is occasional, doesn’t include large-scale processing of special categories of data and is unlikely to result in a risk to the rights and freedoms of natural persons (see Article 27 of the GDPR for more information). Does this requirement affect all UK organisations?

GDPR

GDPR Personal data Compliance Risk

GDPR – Six key stages of the data protection impact assessment (DPIA)

IT Governance

FEBRUARY 5, 2018

Organisations must carry out a DPIA where a planned or existing processing operation –“is likely to result in a high risk to the rights and freedoms of individuals”. Describe the information flow – be able to describe how the information within the processing operation is collected, stored, used and deleted.

GDPR

GDPR Risk Privacy Data breaches

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. The Belgian DPA started an investigation into IAB Europe after receiving several complaints since 2019 regarding the TCF. in programmatic advertising.

GDPR

GDPR Personal data Marketing IT

ECJ’s ruling on the interpretation of “personal data” and “joint controller” in the context of the IAB TCF Framework

Data Protection Report

MARCH 15, 2024

The judgment of the ECJ is unsurprising given previous case law on the definitions of “personal data” and “controller” under the GDPR and the ECJ’s emphasis that the overarching objective of the GDPR is to “[ ensure] a high level of protection of the fundamental rights and freedoms of natural persons ”.

Personal data

Personal data GDPR Access Compliance

Pakistan Introduces New Draft of Personal Data Protection Bill

Hunton Privacy

MAY 14, 2020

Pakistan’s Ministry of Information Technology and Telecommunication recently introduced a new draft of Pakistan’s Personal Data Protection Bill, 2020 (the “Bill”) and launched a public consultation regarding the same. The public consultation period will end on May 15, 2020.

Personal data

Personal data Data breaches Access Risk

Canada: Changes to privacy regulations require BC public bodies to report privacy breaches and develop ?privacy management program

DLA Piper Privacy Matters

FEBRUARY 2, 2023

Author: Keri Bennett As of February 1, 2023, two new sections of the British Columbia Freedom of Information and Protection of Privacy Ac t (“ FIPPA ”) and associated regulations are in force. Public bodies will also be required to provide notice to the Office of the Information & Privacy Commissioner.

Privacy

Privacy Compliance Education Government

IG Policies: What is Good Content?

ARMA International

MAY 8, 2023

For simplicity’s sake, let’s call that collection the “office manual.” Today, you can provide people with all kinds of rule-related information in one place by pulling links to disparate sources together on one screen. Selecting Policy Content The ability to control online reading through navigation pages brings new editorial freedom.

Data Privacy

Data Privacy Paper IT Privacy

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Data Matters

NOVEMBER 12, 2019

Mactaggart, As privacy practitioners, we share your passion and dedication to the development of information privacy and data protection law in the United States. Household information. Your commitment to these issues is clear, and we commend the seriousness of your work in addressing privacy rights in accordance with your vision.

Privacy

Privacy Data breaches Compliance Personal data

Berlin Commissioner Issues Fine to Deutsche Wohnen SE

Hunton Privacy

NOVEMBER 6, 2019

On November 5, 2019, the Berlin Commissioner for Data Protection and Freedom of Information (“the Berlin Commissioner,” Berliner Beauftragte für Datenschutz und Informationsfreiheit ) announced that it had imposed a fine of €14.5 For more information, read the press release (only available in German).

GDPR

GDPR Archiving Personal data Insurance

DPIAs for retail and hospitality

IT Governance

MARCH 26, 2019

A DPIA is essentially a risk assessment that needs to be conducted before carrying out any processing activities, particularly those “using new technologies”, that are “likely” to result in a “high risk” to the rights and freedoms of natural persons. The primary aim is to reduce the possible harm to the data subject. A DPIA assesses risk.

Retail

Retail Risk GDPR Government

[NEWS] D.C. Court: Accessing Public Information is Not a Computer Crime

Architect Security

APRIL 12, 2018

Court: Accessing Public Information is Not a Computer Crime In a great win for OSINT and general Internet freedom (as the EFF says, “Good news for anyone who uses the Internet as a source of information” LOL), a DC court has ruled that automated tools can be used for collecting information on the […].

Access

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

Article 25 of GDPR stipulates that a privacy impact assessment is necessitated when” taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons”. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law.

GDPR

GDPR Compliance Data collection Privacy

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

Things get a little more complicated when you factor in that each piece of information doesn’t have to be taken on its own. Organisations typically collect and store multiple pieces of information on data subjects, and the amassed information can be considered personal data if it can be pieced together to identify an individual.

GDPR

GDPR Compliance Personal data Data breaches

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

If a consumer called the insurer, the script used by the call center did not inform the consumer that additional information regarding the insurer’s privacy policy, retention, and how to exercise rights was available at the insurer’s website or through a recording that the consumer could opt to hear. Perhaps the CNIL’s €1.75

Personal data

Personal data Insurance GDPR Record destruction

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Hence, personal data can be collected through vehicle sensors, telematics boxes or mobile applications. Vehicles, drivers and passengers are becoming more and more connected, generating increasing amounts of data. While these technologies are progressing rapidly, the EU intends to ensure common rules. geolocation data; biometric data; etc.)

Privacy

Privacy Personal data GDPR Insurance

Everything You Need to Know About AIIM+

AIIM

SEPTEMBER 21, 2021

The overwhelming response was more practical, how-to-oriented training and more opportunities to connect with other information professionals. AIIM+ offers information professionals at all levels of experience a robust collection of original educational content. And it was, without a doubt, difficult. What is AIIM+?

Cleanup

Cleanup Education Digital preservation Metadata

How to Build a Metadata Plan in Five Steps

AIIM

MARCH 16, 2021

Metadata might pertain to particular categories of information - for example, customer data - or may pertain to an asset - for example, specific to digital photographs. Metadata resides at the center of many of the essential aspects of content management. What is the business value of Metadata? How do I develop a Metadata strategy?

Metadata

Metadata ECM Customer Experience Analytics

US – Federal banking regulators issue computer-security incident notification final rule

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The Federal Deposit Insurance Corporation, Federal Reserve, and Office of the Comptroller of the Currency (collectively the federal banking regulators) have issued a final rule requiring banking organizations and bank service providers to make certain notifications in the event of a “computer-security incident.”.

Security

Security Insurance Marketing IT

Off the Record: Data vs. Information Wealth in the Public Sector, Peril of Data Management, and EPA?s Slow Release of Records

The Texas Record

JUNE 20, 2018

Tune in monthly for a curated collection of articles we found interesting on a broad range of topics; some which are directly related to records management and others which might share common themes. “Government Is Data Rich, But Information Poor” — Government Executive. But like oil, it isn’t useful until it is refined.

Records Management

Records Management Government Access IT

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

Webinars

Trending Sources

ACLU files request over data US collected via Muslim app used by millions

Webinars

Anonymous leaked data stolen from Russian pipeline company Transneft

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

Transferring skills to a digital landscape

Germany: New 35 million fine for breaching employee privacy

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Anonymous targets the Russian Military and State Television and Radio propaganda

French CNIL fined Tiktok $5.4 Million for violating cookie laws

Copyright: The demise of ‘skill, labour and effort’?

Brazil Fake News Bill May Undercut Brazil’s Data Protection Gains – Bill to Be Voted on Tomorrow

GDPR Article 17: What Is the Right to Erasure?

How to Apply Lean Principles to Policy Writing

How eDiscovery Technology and Workflows Speed Public Records Requests Response

CISA: “We don’t stab the wounded.”

When are schools required to report personal data breaches?

Thailand Personal Data Protection Law

How to Comply with GDPR, PIPL, and CCPA

CILIP Policy Statement on COVID-19, civil liberties and professional ethics

Records Management and FOIA: So Happy Together

Tech firms can't keep our data forever: we need a Digital Expiry Date

Does your use of CCTV comply with the GDPR?

Privacy and Security of Data at Universities

EDPB Adopts Opinion on Draft South Korea Adequacy Decision

A guide to the GDPR’s EU representative requirements

GDPR – Six key stages of the data protection impact assessment (DPIA)

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

ECJ’s ruling on the interpretation of “personal data” and “joint controller” in the context of the IAB TCF Framework

Pakistan Introduces New Draft of Personal Data Protection Bill

Canada: Changes to privacy regulations require BC public bodies to report privacy breaches and develop ?privacy management program

IG Policies: What is Good Content?

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Berlin Commissioner Issues Fine to Deutsche Wohnen SE

DPIAs for retail and hospitality

[NEWS] D.C. Court: Accessing Public Information is Not a Computer Crime

Guest Post - Three Critical Steps for GDPR Compliance

Wake up to the reality of the GDPR: What you need to know about compliance

Over-Retention of Personal Data

EUROPE: New privacy rules for connected vehicles in Europe?

Everything You Need to Know About AIIM+

How to Build a Metadata Plan in Five Steps

US – Federal banking regulators issue computer-security incident notification final rule

Off the Record: Data vs. Information Wealth in the Public Sector, Peril of Data Management, and EPA?s Slow Release of Records

Stay Connected