Archiving, Personal data and Risk - Information Management Today

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published. Definition of Personal Data.

Personal data

Personal data Compliance Privacy Access

Two FTC complaints that over-retention of personal data violates Section 5

Data Protection Report

FEBRUARY 13, 2024

In both cases, the FTC’s complaint alleged that the companies retained personal data for longer than was necessary, and that conduct violated Section 5 of the Federal Trade Commission Act as an unfair act or practice. Under the proposed consent orders, both companies do not confirm or deny the allegations.

Personal data

Personal data Privacy Marketing Data collection

FRANCE: NEW GUIDANCE FOR DATA RETENTION

DLA Piper Privacy Matters

SEPTEMBER 4, 2020

They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data [2]. The CNIL’s Guidelines apply to all private companies and public organizations processing personal data. An organization based on the personal data lifecycle.

Personal data

Personal data Archiving GDPR Government

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

Government regulations, such as the General Data Protection Regulation (GDPR), and industry regulations, such as the Health Insurance Portability and Accounting Act (HIPAA), oblige companies to protect their customers’ personal data. Failure to comply with these data protection laws can result in hefty fines.

Data breaches

Data breaches GDPR Compliance Encryption

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data

Personal data GDPR Access Marketing

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

DLA Piper Privacy Matters

NOVEMBER 6, 2019

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR).

GDPR

GDPR Personal data Archiving Compliance

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Data Protection Report

NOVEMBER 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 The infraction related to the over retention of personal data. Infringement of deletion obligations.

GDPR

GDPR Personal data Records Management Archiving

The Risks of Storing Documents in Self Storage

Archive Document Data Storage

APRIL 12, 2019

But self-storage facilities come with big risks for document storage. The General Data Protection Regulation (GDPR) gives regulators the power to impose penalties on companies that fail to keep personal data private. As you can see, storing your files in a self-storage unit isn’t worth the risk. Lack of Security.

Risk

Risk GDPR Records Management Archiving

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Archiving

Archiving Passwords Data collection Sales

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. The CNIL concludes that consent can be used as a legal basis for processing employee/applicant personal data only in cases where there are no consequences for them. Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

Build a Cloud-First Content Management Strategy in Three Simple Steps

AIIM

APRIL 27, 2021

Reduce Storage Costs – by getting rid of your ROT (redundant, obsolete or trivial) data BEFORE migration, plus the potential cost saving of infrastructure maintenance over license fees. You should also think about the function of the content and the data it holds. Is it personal, collaborative, or legal? Who needs to access it?

Cloud

Cloud ROT Metadata Content services

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. telephone call listening/recording.

Personal data

Personal data GDPR Compliance Archiving

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

APRIL 1, 2020

For a drill down on our discussion about how data governance has come to intersect with cybersecurity, give a listen to the accompanying podcast. The value of data connected to a live project is obvious. What many organizations fail to do is fully assess – and set policies for — data they hang on to after the fact.

Government

Government Cybersecurity Archiving Access

French DPA Releases New Guidance on Personal Data Security

Hunton Privacy

OCTOBER 11, 2010

On October 7, 2010, the French Data Protection Authority (the “CNIL”) released its first comprehensive handbook on the security of personal data (the “Guidance”). The Guidance provides general recommendations and best practices aimed at assisting data controllers with the implementation of appropriate security measures.

Personal data

Personal data Security Encryption Archiving

Catches of the Month: Phishing Scams for June 2023

IT Governance

JUNE 6, 2023

Welcome to our June 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. File Archive in the Browser scam exploiting ‘.zip’ With this phishing attack, you simulate a file archiver software (e.g.

Phishing

Phishing Archiving Risk Education

Experts found 540 Million Facebook user records on unprotected Amazon S3 buckets

Security Affairs

APRIL 3, 2019

” “The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet. “A separate backup from a Facebook-integrated app titled “At the Pool” was also found exposed to the public internet via an Amazon S3 bucket.”

Archiving

Archiving Passwords Cloud Risk

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

DLA Piper Privacy Matters

OCTOBER 22, 2020

On 28 September 2020, the Romanian National Supervisory Authority for the Processing of Personal Data (ANSPDCP) published on its website the annual activity report for 2019. Qualification of the parties involved in personal data processing activities. Biometric data – facial recognition techniques.

Personal data

Personal data GDPR Communications Compliance

FRANCE: CNIL New Security Guidelines

DLA Piper Privacy Matters

FEBRUARY 2, 2018

Article 32 of the GDPR requires data controllers and processors to “ implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk ”. Secure archiving. Maintenance and data destruction. Data sharing with third parties. Backup and business continuity.

Security

Security Personal data GDPR Compliance

Webinar: Know your rights! Smart strategies against GDPR fines

DLA Piper Privacy Matters

FEBRUARY 12, 2020

Several multimillion-euro fines have already been issued, such as a €50 million fine against Google in France (for processing personal data without legal grounds and infringement of transparency and information duties), and in Germany, a €14.5 It is still unclear what requirements many GDPR provisions impose.

GDPR

GDPR Compliance Archiving Personal data

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Data Protection Report

NOVEMBER 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 The infraction related to the over retention of personal data. Infringement of deletion obligations.

GDPR

GDPR Personal data Records Management Archiving

Documation 2022: summary of our conferences

Everteam

APRIL 22, 2022

Overview of risks and issues. It will be able to manage much larger volumes, It will allow to answer use cases that open source tools do not cover such as digital bulk analysis on silos such as SharePoint It will also address features that these tools do not offer, such as personal data detection, or the ability to perform searches.

Archiving

Archiving Records Management Paper Marketing

EDPB’s New Guidelines – Clinical Trials in the EU and COVID-19

HL Chronicle of Data Protection

MAY 1, 2020

Below are our highlights of the Guidelines: Fundamental takeaway – Data protection and, specifically, the GDPR do not hinder the fight against COVID-19. Primary or secondary use of the data – The type of uses of the personal data is relevant for the purposes of identifying the appropriate legal basis, as detailed below.

GDPR

GDPR Personal data Privacy Data collection

The GDPR and the right to be forgotten

IT Governance

APRIL 30, 2018

The new data subject right allows, in certain circumstances, individuals to request that all information held about them is permanently erased. You have processed the personal data to offer information society services to a child. You may need to let other organisations know if you receive an erasure request.

GDPR

GDPR Personal data Archiving Compliance

Media Destruction and Privacy Law Compliance

Archive Document Data Storage

OCTOBER 10, 2018

New standards for the General Data Protection Rule (GDPR) went into effect on May 25, 2018. They affect any EU business that collects data from customers. Destruction is the most reliable method for rendering data irrecoverable. Destroy Promptly. A secure destruction service promptly destroys your expired media.

Compliance

Compliance Privacy GDPR Archiving

Why Shred?

Archive Document Data Storage

DECEMBER 7, 2018

The GDPR is in full-swing and businesses are at risk of facing non-compliance fines of up to 4% company-wide annual turnover. As well as a financial hit resulting from a data breach, your business’ reputation would also be damaged beyond repair in the eyes of your clients and stakeholders. Medical data. Personal data.

Computer and Electronics

Computer and Electronics Archiving Paper Data breaches

Everything You Need to Know about Data Destruction

Archive Document Data Storage

NOVEMBER 2, 2017

If you use deletion as a final disposition solution for your media, you are opening yourself to all kinds of risk. With the technology that is readily available, thieves can recover data from hard drives and data tapes, even after files are deleted from them. Procrastination Increases Risk.

GDPR

GDPR Archiving Records Management Compliance

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

JULY 8, 2019

Finally, according to the CNIL, the breach of the security obligation was even more serious considering the nature of the personal data made available, including both identification data (surname, first name, contact details) and information likely to reveal very intimate aspects of individual’s lives, such as divorce judgments.

GDPR

GDPR Personal data Compliance Security

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

HL Chronicle of Data Protection

MAY 25, 2018

This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. The GDPR has an extended scope compared to the scope of the French Data Protection Act. The bill broadens the scope of the current Article 36 of the French Data Protection Act.

GDPR

GDPR Personal data Archiving Government

Common Document Destruction Mistakes to Avoid

Archive Document Data Storage

MAY 30, 2018

A professional file shredding service eliminates office paper shredder risks. The General Data Protection Regulation (GDPR) states, “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes.” Mistake 4: Ignoring GDPR retention rules.

Paper

Paper GDPR Archiving Privacy

The Top Reasons Your Business Needs a Document Retention Policy

Archive Document Data Storage

MARCH 28, 2018

Archival documents can be stored off-site with a file storage service at a fraction of the cost, while expired documents can be purged with a file shredding service. Privacy breach risks increase your company’s liability exposure. Filing cabinets stuffed with documents take up expensive office space. Efficiency. Compliance.

Archiving

Archiving GDPR Compliance Privacy

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

IT Governance

MAY 7, 2024

Data breached: 6,009,014 accounts. A further 381,000 New York City public school students affected by 2022 data breach In January 2022 , personal data from around 820,000 New York City public school students, both current and former, was breached. Apparently, the data belongs to tens of thousands of Australians.

Data breaches

Data breaches Education Manufacturing Retail

Commonly Overlooked Data That Should be Destroyed

Armstrong Archives

MARCH 26, 2019

In addition to reducing the sheer number of physical files that must be stored as well as the associated costs, routinely destroying documents reduces a company’s risk of liability from a privacy breach. When it comes to personal records, the law requires companies to destroy documents in a number of situations.

Record destruction

Record destruction Archiving Records Management Personal data

The True Costs of In-House Shredding

Archive Document Data Storage

SEPTEMBER 11, 2017

Although in-house file shredding may seem cheap, simple and risk-free, nothing is further from the truth. Once you consider the time, expense and risk of in-house shredding, the picture becomes clearer. In-house shredding poses big security risks for companies concerned about privacy breaches.

Paper

Paper GDPR Archiving Privacy

5 Major Reasons Document Storage Still Matters

Archive Document Data Storage

AUGUST 15, 2018

While most identity theft crimes take place online, low-tech threats still pose a risk to businesses. The General Data Protection Regulation (GDPR) gives regulators the power to impose penalties on companies that fail to keep personal data private. Reason 2: Identity Fraud Rates Are Rising. Reason 3: GDPR Compliance.

GDPR

GDPR Archiving Compliance Records Management

A guide to the GDPR for insurance companies

IT Governance

MAY 30, 2018

Insurers are data controllers: a person, public authority, agency or body that determines the purpose of processing personal data. An insurer can also be a data processor if it receives data from a third party that it is not permitted to process for its own purposes.

Insurance

Insurance GDPR Compliance Data collection

Weekly podcast: Goodbye!

IT Governance

MARCH 14, 2019

According to Aleid Wolfsen, the chairman of the AP, “If a website asks for permission for tracking cookies and if it is refused access to the website or service is not possible, people give up their personal data under pressure and that is unlawful.”. Oh, and a special mention to James Hilton, surely our most enthusiastic listener.

GDPR

GDPR Data breaches Personal data Passwords

Guest Post -- GDPR Compliance starts with Data Discovery

AIIM

NOVEMBER 16, 2017

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. Information may be located in file shares, emails, in distributed content repositories, in antiquated archival systems and in file cabinets.

GDPR

GDPR Compliance Privacy Paper

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

Data Protection Report

FEBRUARY 19, 2019

On January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”). Primary use: Legal basis for processing personal data in the course of a clinical trial. Research activities.

GDPR

GDPR Personal data Compliance Risk

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Data Protection Report

AUGUST 16, 2017

The Statement indicates that the Bill will also go beyond the GDPR in several respects, highlighting the Minister’s declaration that “the Data Protection Bill will allow the UK to continue to set the gold standard on data protection”.

Government

Government GDPR Personal data Insurance

Finding the treasure in governement information management

CILIP

DECEMBER 11, 2023

“Yes, we have to stay up to date with changes in legislation,” David says, “In September a statutory instrument came out stating the Government considers the United States of America ensures an adequate level of protection of personal data for certain transfers (US/UK data bridge) – that’s the kind of thing you have to be all over.

Government

Government Libraries Computer and Electronics Information governance

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

AI FTC accepting submissions for Voice Cloning Challenge The US Federal Trade Commission has begun accepting submissions for its Voice Cloning Challenge, which aims to develop ideas to mitigate the risk of AI-enabled voice cloning for fraud. Alternatively, you can view our full archive. The FTC will accept submissions until 12 January.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

You Know It’s Time to Outsource Shredding When…

Archive Document Data Storage

SEPTEMBER 30, 2019

Disposing of data securely is required by the General Data Protection Regulation (GDPR). The law states, “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes.” A professional file shredding service eliminates office paper shredder risks.

Paper

Paper GDPR Archiving Personal data

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

DLA Piper Privacy Matters

APRIL 11, 2019

The CNIL reminds that the rules resulting from the Regulation do not exclude the application of the general obligations under the GDPR, notably regarding compliance with the general principles for processing personal data, data subject rights and international transfers. What are the requirements set forth by the Regulation?

Personal data

Personal data GDPR Access Compliance

Over-Retention of Personal Data

Thailand Personal Data Protection Law

Trending Sources

Two FTC complaints that over-retention of personal data violates Section 5

FRANCE: NEW GUIDANCE FOR DATA RETENTION

Data protection strategy: Key components and best practices

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

The Risks of Storing Documents in Self Storage

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

CNIL’s New Guidelines on HR Processing

Build a Cloud-First Content Management Strategy in Three Simple Steps

CNIL Publishes Standard on HR Data Processing

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

French DPA Releases New Guidance on Personal Data Security

Catches of the Month: Phishing Scams for June 2023

Experts found 540 Million Facebook user records on unprotected Amazon S3 buckets

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

FRANCE: CNIL New Security Guidelines

Webinar: Know your rights! Smart strategies against GDPR fines

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Documation 2022: summary of our conferences

EDPB’s New Guidelines – Clinical Trials in the EU and COVID-19

The GDPR and the right to be forgotten

Media Destruction and Privacy Law Compliance

Why Shred?

Everything You Need to Know about Data Destruction

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

Common Document Destruction Mistakes to Avoid

The Top Reasons Your Business Needs a Document Retention Policy

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

Commonly Overlooked Data That Should be Destroyed

The True Costs of In-House Shredding

5 Major Reasons Document Storage Still Matters

A guide to the GDPR for insurance companies

Weekly podcast: Goodbye!

Guest Post -- GDPR Compliance starts with Data Discovery

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Finding the treasure in governement information management

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

You Know It’s Time to Outsource Shredding When…

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

Stay Connected