Compliance, Data collection and Personal data - Information Management Today

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be underestimated. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. Large corporations tend to have the resources to deal with compliance issues. Paths to compliance.

Data Privacy

Data Privacy Compliance Privacy GDPR

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The order also, in Section IX, set forth data destruction requirements and a data retention policy.

Personal data

Personal data Privacy Information governance Compliance

Personal data protection in the time of coronavirus (Covid-19)

Data Protection Report

FEBRUARY 25, 2020

Outbreak of the coronavirus and personal data privacy. There have been several data breach incidents which have given rise to concerns over privacy and potential discrimination against people from Wuhan and Hubei Province. Highlights of the CAC Circular.

Personal data

Personal data Big data Data Privacy Data breaches

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

DLA Piper Privacy Matters

NOVEMBER 16, 2021

The draft Network Data Security Management Regulation (“ Draft Regulation ”) was published for consultation on 14 November 2021, and is very wide-ranging in the compliance areas covered. This is a significant reminder to organisations to start data mapping and assessment of all China data sooner rather than later.

Compliance

Compliance Personal data Security Risk

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. In Order No. The disputed facts. Still, the same principles apply to any other transfer as well.

Personal data

Personal data Analytics GDPR Privacy

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. While there may be many dimensions to consider from a GDPR readiness perspective there are three steps that are particularly important in order to manage risk and ensure compliance. Step 1: Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Hunton Privacy

NOVEMBER 5, 2020

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian. Three such hubs were the three CRAs audited as part of this investigation.

Marketing

Marketing Compliance Personal data GDPR

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

DLA Piper Privacy Matters

AUGUST 17, 2022

For the past couple of years, operators of mobile apps in China have had to comply with over thirty additional, specific privacy compliance obligations (i.e. The regulators have now refreshed and combined a selection of the requirements into one standard, yet more compliance steps must be followed. Categorisation of Data Processed.

Privacy

Privacy Risk Personal data Data collection

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

Overview of Thailand Draft Personal Data Protection Act

Data Protection Report

AUGUST 6, 2018

Data protection laws in Asia continue to be introduced and updated. On 22 May 2018, the Thai Cabinet approved in principle a revised draft of Thailand’s first personal data protection act (Draft Act). Thailand currently does not have any specific law regulating data protection. Collection of personal data.

Personal data

Personal data Data collection Compliance GDPR

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Data Protection Report

MAY 21, 2020

On 14 May 2020, the Singapore Ministry of Communications and Information ( MCI ) and the Personal Data Protection Commission of Singapore ( PDPC ) announced a public consultation (the Public Consultation ) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill ) and related amendments to the Spam Control Act ( SCA ).

Personal data

Personal data Data breaches Compliance Cybersecurity

Businesses to Assist NHS Test and Trace Efforts

Hunton Privacy

JUNE 25, 2020

Establishments and companies in the UK will therefore be responsible for the additional collection and potential sharing of customers’ personal data. Any entity engaging in this kind of data collection will need to comply with the requirements of data protection law.

Data collection

Data collection Personal data Compliance Retail

Developments in Cookie Regulation: French CNIL Declares Intent to Audit Websites for Cookie Compliance

Data Matters

APRIL 26, 2021

On April 2, 2021 the French Data Protection Authority (the “ Commission Nationale de l’Informatique et des Libertés ” or “ CNIL ”) published its intent to start auditing websites for compliance with cookie regulations. Where cookies collect personal data of internet users (e.g.

Compliance

Compliance Analytics Privacy GDPR

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

DLA Piper Privacy Matters

MARCH 24, 2021

Issues to be addressed include: Data privacy: compliant privacy notices/consents must be given to/obtained from customers using or buying via e-commerce or livestreaming platforms, sites, apps and services on or before collection or use of personal data, including appropriate direct marketing opt-ins and unsubscribe functions.

Personal data

Personal data Data Privacy Marketing Compliance

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

The proposed regulations, if adopted, would add certain significant new compliance obligations on businesses. Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The CPA further provides that businesses should not place an unreasonable burden on consumers to submit data rights requests.

Privacy

Privacy Personal data Data collection Compliance

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

Hunton Privacy

MARCH 18, 2022

The complaints focused on whether the transfer of EU personal data to Google in the U.S. through the use of cookies is permitted under the EU General Data Protection Regulation (“GDPR”), following the Schrems II judgment of the Court of Justice of the European Union. through the use of the Google Analytics cookie is unlawful.

Analytics

Analytics Privacy GDPR Personal data

HONG KONG: Increased Enforcement Action?

DLA Piper Privacy Matters

NOVEMBER 17, 2022

On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”): EC Healthcare’s failure to obtain consent for the use, disclosure, and transfer of patient’s personal data across its group entities; and.

Personal data

Personal data Data Privacy Compliance Privacy

CNIL Provides Update on Compliance Pack Regarding Connected Vehicles

Hunton Privacy

OCTOBER 5, 2016

On October 3, 2016, at the Paris Motor Show, the French Data Protection Authority (“CNIL”) reported on the progress of a new compliance pack on connected vehicles. The compliance pack on connected vehicles will contain guidelines regarding the responsible use of personal data for the next generation of vehicles.

Compliance

Compliance Personal data Data collection Insurance

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

Data Protection Report

NOVEMBER 2, 2021

The Singapore High Court and the Hong Kong District Court have both considered the right to compensation for injury to feelings in two recent cases involving misuse of personal data but arrived at different conclusions. Reed, brought an action against Mr. Bellingham for contravention of Singapore’s Personal Data Protection Act 2012.

Personal data

Personal data Data collection Data Privacy Compliance

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

DLA Piper Privacy Matters

APRIL 8, 2019

The new Act codifies the relevant legislation and broadens the possibilities to, under certain conditions, utilize and combine for secondary purposes personal data collected in relation to public or private social and health care operations. The decisions on licenses are subject to an appeal.

Personal data

Personal data GDPR Healthcare Compliance

CHINA: Clarifications of data classification and grading requirements

DLA Piper Privacy Matters

OCTOBER 3, 2022

Given data classification and grading are mandatory requirements under the Data Security Law and Personal Information Protection Law, organisations should prioritise understanding their data collected and data processing activities within the coming months. Data classification. Data grading.

Data collection

Data collection Personal data Access Compliance

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

These are just some examples of how organizations support data privacy , the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate the importance of data privacy for businesses today.

Data Privacy

Data Privacy Privacy GDPR Personal data

More New York SHIELD Act guidance

Data Protection Report

JULY 12, 2022

In brief, on April 5, 2021, a security researcher contacted Wegmans about a serious flaw the left some of Wegmans’ customers’ personal data available to the public. The NYAG faulted Wegmans on five security areas: access controls, password management, asset management, logging and monitoring, and data collection and retention.

Passwords

Passwords Data collection Personal data Cloud

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

EDPB Publishes Report of Outcome of the Cookie Banner Taskforce

Hunton Privacy

JANUARY 27, 2023

Claiming reliance on the “legitimate interests” legal basis for the use of non-essential cookies ( e.g. , targeted advertising cookies) and not collecting valid consent for the use of such cookies is prohibited.

GDPR

GDPR Compliance Data collection Personal data

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

These inspections aimed to verify whether Carrefour France and Carrefour Banque were in compliance with all provisions of the GDPR and the French Data Protection Act. Loyalty program members’ data had been retained for a period of four years from their last activity. The CNIL carried out online inspections on the carrefour.fr

GDPR

GDPR Personal data Data collection Marketing

European Medicines Agency Issues Updated Good Clinical Practice Q&A

Data Matters

FEBRUARY 18, 2021

When collecting and reporting such data, the sponsor should take into account ethical considerations and all applicable laws and regulations, including data protection legislation. The sponsor is furthermore required to verify and control the accuracy and completeness of the data collected by itself or its third-party vendors.

GDPR

GDPR Personal data Access Data collection

UK Tribunal Rules on Direct Marketing ICO Case Against Experian

Hunton Privacy

FEBRUARY 23, 2023

On February 20, 2023, in the case of Experian Limited v The Information Commissioner , the First-Tier Tribunal in the UK (the “ Tribunal ”) ruled on the ICO’s action to require Experian to make changes to how it processes personal data for direct marketing purposes.

Marketing

Marketing Personal data GDPR Privacy

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. Key compliance obligations include: Classification of financial data: the data lifecycle framework introduces five levels of financial data, namely: .

Compliance

Compliance Security Financial Services Data collection

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Hunton Privacy

OCTOBER 27, 2017

On October 17, 2017, the French Data Protection Authority (“CNIL”), after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles (the “Pack”) in line with its report of October 3, 2016. 2. “IN -> OUT” scenario.

Compliance

Compliance Data collection GDPR Insurance

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

Data Protection Officers expressed the difficulties they have to accomplish their mission: to advise on and monitor compliance (as defined in GDPR Article 39). With the acceleration of digital transformation and growing cyber threats, one thing is clear: privacy compliance has never been so important, yet so complex to reach.

Cloud

Cloud Privacy Data Privacy Compliance

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Hunton Privacy

OCTOBER 5, 2017

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”).

Privacy

Privacy Personal data Data collection Data Privacy

Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

Hunton Privacy

MAY 11, 2021

Disqus collected data through cookies placed on the devices of website visitors using the widget, and subsequently passed personal data collected by those cookies to third-party advertising partners and its parent company.

GDPR

GDPR Personal data Communications Data collection

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

The CNIL’s key priorities for upcoming dawn-raids in 2021

DLA Piper Privacy Matters

APRIL 2, 2021

In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. Website security incidents are among the most common non-compliances identified by the CNIL during its dawn-raids. Health data security. W ebsites cybersecurity.

Data breaches

Data breaches Cybersecurity Compliance Data collection

China’s Data Privacy Law Poses Challenge for International Companies

eSecurity Planet

DECEMBER 1, 2021

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. Ask anyone still doing business in Hong Kong.”. Will the U.S.

Data Privacy

Data Privacy Privacy GDPR Data collection

Data Privacy Compliance Isn’t Just for Europe or California Anymore: Data Privacy Trends

eDiscovery Daily

APRIL 10, 2019

For example, Camila Tobón, a Colorado-based data privacy lawyer at Shook, Hardy & Bacon, said many countries in the Latin America follow a consent-based model, which doesn’t allow for the legitimate interest data collection case presented under GDPR. I assume that works everywhere, does it?’

Data Privacy

Data Privacy Privacy Compliance GDPR

Belgium: Belgian Data Protection Authority issues its first fine

DLA Piper Privacy Matters

MAY 29, 2019

After this hearing, the chamber came to the conclusion that the AVG had indeed been violated because of non-compliance with the principle of “purpose limitation” Purpose limitation principle. ” For further information, please contact Patrick.vaneecke@dlapiper.com.

IT

IT GDPR Personal data Compliance

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Data Protection Report

JANUARY 20, 2020

In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. Singapore’s Personal Data Protection Commission (“ PDPC ”) imposed the highest fines to date in respect of a cyber-attack on SingHealth’s patient database system affecting 1.5 million patients.

Personal data

Personal data Security Data Privacy GDPR

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

Hunton Privacy

MAY 4, 2020

On April 30, 2020, the French Data Protection Authority (the “CNIL”) published guidance on the extraction of web users’ personal data from online public spaces by web scraping tools and re-use of such data for direct marketing (the “Guidance”). Compliance with Basic Data Protection Principles. Background.

Marketing

Marketing GDPR Communications Personal data

Hong Kong: Important changes proposed to Hong Kong’s data protection law

DLA Piper Privacy Matters

FEBRUARY 28, 2020

Any organisation processing Hong Kong personal data must plan ahead to anticipate significant new compliance obligations requirements. These are proposed in a recent consultation paper to amend Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), and would – if passed – constitute the first changes to the PDPO since 2012.

Paper

Paper Personal data Data breaches Data collection

India: New Digital Personal Data Protection Act, Start Planning Now.

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Trending Sources

GDPR compliance checklist

$10,000,000 civil penalty for disclosing personal data without consent

Personal data protection in the time of coronavirus (Covid-19)

When are schools required to report personal data breaches?

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

Guest Post - Three Critical Steps for GDPR Compliance

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

How to implement the General Data Protection Regulation (GDPR)

Overview of Thailand Draft Personal Data Protection Act

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Businesses to Assist NHS Test and Trace Efforts

Developments in Cookie Regulation: French CNIL Declares Intent to Audit Websites for Cookie Compliance

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

Colorado AG Publishes Draft Colorado Privacy Act Rules

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

HONG KONG: Increased Enforcement Action?

CNIL Provides Update on Compliance Pack Regarding Connected Vehicles

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

CHINA: Clarifications of data classification and grading requirements

Data privacy examples

More New York SHIELD Act guidance

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

EDPB Publishes Report of Outcome of the Cookie Banner Taskforce

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

European Medicines Agency Issues Updated Good Clinical Practice Q&A

UK Tribunal Rules on Direct Marketing ICO Case Against Experian

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Regional privacy but global clouds. How to manage this complexity?

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

The CNIL’s key priorities for upcoming dawn-raids in 2021

China’s Data Privacy Law Poses Challenge for International Companies

Data Privacy Compliance Isn’t Just for Europe or California Anymore: Data Privacy Trends

Belgium: Belgian Data Protection Authority issues its first fine

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

Hong Kong: Important changes proposed to Hong Kong’s data protection law

Stay Connected