Compliance, Data collection, Personal data and Security

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. Large corporations tend to have the resources to deal with compliance issues. Paths to compliance.

Data Privacy

Data Privacy Compliance Privacy GDPR

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be underestimated. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The order also, in Section IX, set forth data destruction requirements and a data retention policy.

Personal data

Personal data Privacy Information governance Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

DLA Piper Privacy Matters

NOVEMBER 16, 2021

The draft Network Data Security Management Regulation (“ Draft Regulation ”) was published for consultation on 14 November 2021, and is very wide-ranging in the compliance areas covered.

Compliance

Compliance Personal data Security Risk

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. In Order No. The disputed facts. Still, the same principles apply to any other transfer as well.

Personal data

Personal data Analytics GDPR Privacy

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. GDPR Compliance Starts with Data Discovery. Step 1: Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Hunton Privacy

NOVEMBER 5, 2020

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian. Three such hubs were the three CRAs audited as part of this investigation.

Marketing

Marketing Compliance Personal data GDPR

Businesses to Assist NHS Test and Trace Efforts

Hunton Privacy

JUNE 25, 2020

Establishments and companies in the UK will therefore be responsible for the additional collection and potential sharing of customers’ personal data. Any entity engaging in this kind of data collection will need to comply with the requirements of data protection law.

Data collection

Data collection Personal data Compliance Retail

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. Key compliance obligations include: Classification of financial data: the data lifecycle framework introduces five levels of financial data, namely: .

Compliance

Compliance Security Financial Services Data collection

HONG KONG: Increased Enforcement Action?

DLA Piper Privacy Matters

NOVEMBER 17, 2022

On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”): EC Healthcare’s failure to obtain consent for the use, disclosure, and transfer of patient’s personal data across its group entities; and.

Personal data

Personal data Data Privacy Compliance Privacy

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

DLA Piper Privacy Matters

MARCH 24, 2021

Issues to be addressed include: Data privacy: compliant privacy notices/consents must be given to/obtained from customers using or buying via e-commerce or livestreaming platforms, sites, apps and services on or before collection or use of personal data, including appropriate direct marketing opt-ins and unsubscribe functions.

Personal data

Personal data Data Privacy Marketing Compliance

Top 5 Application Security Tools & Software for 2023

eSecurity Planet

MAY 19, 2023

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. Their main purpose is to protect applications from unauthorized access, data breaches, and malicious attacks.

Security

Security Cloud Compliance Risk

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

With that in mind, what steps can you take to ensure that your personal data is protected at all times? As a data-driven, security-focused company, we’ve rounded up our top tips inspired by World Password Day to help you improve your password game. Password overhaul.

Passwords

Passwords Security Authentication Paper

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Data Protection Report

JANUARY 20, 2020

2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. million patients.

Personal data

Personal data Security Data Privacy GDPR

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

The proposed regulations, if adopted, would add certain significant new compliance obligations on businesses. Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The CPA further provides that businesses should not place an unreasonable burden on consumers to submit data rights requests.

Privacy

Privacy Personal data Data collection Compliance

CHINA: Clarifications of data classification and grading requirements

DLA Piper Privacy Matters

OCTOBER 3, 2022

Under the Data Security Law, organisations are required to classify the data they process according to their level of significance. Data classification. When classifying data, organisations should consider (i) the industry that their data belongs to, and (ii) the business attributes of the data (i.e.

Data collection

Data collection Personal data Access Compliance

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

Its principles are the same as those of data protection—to protect data and support data availability. Data availability —ensuring critical data is available for business operations even during a data breach, malware or ransomware attack.

Data breaches

Data breaches GDPR Compliance Encryption

More New York SHIELD Act guidance

Data Protection Report

JULY 12, 2022

In brief, on April 5, 2021, a security researcher contacted Wegmans about a serious flaw the left some of Wegmans’ customers’ personal data available to the public. The NYAG faulted Wegmans on five security areas: access controls, password management, asset management, logging and monitoring, and data collection and retention.

Passwords

Passwords Data collection Personal data Cloud

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

DLA Piper Privacy Matters

APRIL 8, 2019

The new Act codifies the relevant legislation and broadens the possibilities to, under certain conditions, utilize and combine for secondary purposes personal data collected in relation to public or private social and health care operations.

Personal data

Personal data GDPR Healthcare Compliance

China Issues Draft Measures on Security Assessment of Cross-border Data Transfer

Hunton Privacy

NOVEMBER 1, 2021

On October 29, 2021, the Cyberspace Administration of China (“CAC”) released for public comment “Draft Measures on Security Assessment of Cross-border Data Transfer” (“Draft Measures”). or “sensitive” personal information of more than 10,000 individuals; or. Self-Security Assessment. Mandatory Security Assessment.

Security

Security Data collection Compliance Risk

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

These are just some examples of how organizations support data privacy , the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate the importance of data privacy for businesses today.

Data Privacy

Data Privacy Privacy GDPR Personal data

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

The CNIL’s key priorities for upcoming dawn-raids in 2021

DLA Piper Privacy Matters

APRIL 2, 2021

In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. Website security incidents are among the most common non-compliances identified by the CNIL during its dawn-raids. Health data security. W ebsites cybersecurity.

Data breaches

Data breaches Cybersecurity Compliance Data collection

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

Data Protection Officers expressed the difficulties they have to accomplish their mission: to advise on and monitor compliance (as defined in GDPR Article 39). With the acceleration of digital transformation and growing cyber threats, one thing is clear: privacy compliance has never been so important, yet so complex to reach.

Cloud

Cloud Privacy Data Privacy Compliance

China’s Data Privacy Law Poses Challenge for International Companies

eSecurity Planet

DECEMBER 1, 2021

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. Will Businesses Leave China? Bambenek told eSecurity Planet.

Data Privacy

Data Privacy Privacy GDPR Data collection

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Hunton Privacy

OCTOBER 27, 2017

On October 17, 2017, the French Data Protection Authority (“CNIL”), after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles (the “Pack”) in line with its report of October 3, 2016. 2. “IN -> OUT” scenario.

Compliance

Compliance Data collection GDPR Insurance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

These inspections aimed to verify whether Carrefour France and Carrefour Banque were in compliance with all provisions of the GDPR and the French Data Protection Act. Loyalty program members’ data had been retained for a period of four years from their last activity. The CNIL carried out online inspections on the carrefour.fr

GDPR

GDPR Personal data Data collection Marketing

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Hunton Privacy

OCTOBER 5, 2017

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”).

Privacy

Privacy Personal data Data collection Data Privacy

China: Navigating China Episode 19: China’s new Data Security Law: what multinational businesses need to know

DLA Piper Privacy Matters

JUNE 21, 2021

China’s Data Security Law (“ DSL ”) has come into force and takes effect on 1 September 2021. The speed of its passing has left multinational businesses scrabbling to understand the key compliance obligations. The DSL applies to data in general, and forms part of the broader China data framework.

Security

Security Compliance Data Privacy Risk

Make data protection a 2023 competitive differentiator

IBM Big Data Hub

JANUARY 19, 2023

Data privacy regulations, such as the General Data Protection Regulation (GDPR) in the European Union or the California Consumer Privacy Act (CCPA) in the state of California, are inescapable. The key to differentiation comes in getting data protection right, as part of an overall data strategy.

Data Privacy

Data Privacy Customer Experience Privacy Compliance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

However, as with all China laws, the PIPL is drafted as high level principles, and we anticipate additional guidelines will be published in the coming months outlining the practical compliance steps organisations will need to take when updating their China data protection compliance programmes.

Data Privacy

Data Privacy Privacy Compliance Analytics

Another fine for over-retention of data

Data Protection Report

APRIL 7, 2022

A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed. The first regulator was the French data protection authority, the CNIL, in 2021, which we wrote about here. Privacy Shield. emphasis supplied).

Privacy

Privacy Compliance Insurance Data collection

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Such a contract must stipulate that the vendor/processor will process the personal data only on documented instructions from the controller. Respect for Consumers’ Data.

GDPR

GDPR Privacy Personal data Data breaches

Hong Kong: Important changes proposed to Hong Kong’s data protection law

DLA Piper Privacy Matters

FEBRUARY 28, 2020

Any organisation processing Hong Kong personal data must plan ahead to anticipate significant new compliance obligations requirements. These are proposed in a recent consultation paper to amend Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), and would – if passed – constitute the first changes to the PDPO since 2012.

Paper

Paper Personal data Data breaches Data collection

China’s First Data Protection Measures Lifting Its Veils

HL Chronicle of Data Protection

JUNE 13, 2019

On May 28, 2019, the Cyberspace Administration of China (“ CAC “) released the draft Measures on the Administration of Data Security (“ Data Security Measures ” see our in-house English translation here ) for public consultation. The scope of application of the Data Security Measures.

Personal data

Personal data IT Data collection Compliance

Data Privacy Compliance Isn’t Just for Europe or California Anymore: Data Privacy Trends

eDiscovery Daily

APRIL 10, 2019

For example, Camila Tobón, a Colorado-based data privacy lawyer at Shook, Hardy & Bacon, said many countries in the Latin America follow a consent-based model, which doesn’t allow for the legitimate interest data collection case presented under GDPR. I assume that works everywhere, does it?’

Data Privacy

Data Privacy Privacy Compliance GDPR

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Adjacent to these initiatives, the European Data Protection Board (“EDPB”) recently published draft guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. Hence, personal data can be collected through vehicle sensors, telematics boxes or mobile applications.

Privacy

Privacy Personal data GDPR Insurance

Privacy in an open-data world: Why government agencies need to be proactive

Collibra

JUNE 23, 2023

The ever-growing digitalization of our world has raised significant concerns about data privacy and security, particularly for agencies that manage and process sensitive and confidential information. Although data brokers claim to de-anonymize data before selling it, this process is not always foolproof.

Privacy

Privacy Government Data Privacy Data breaches

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

The Report first notes that the EU General Data Protection Regulation (“GDPR”) contains necessary safeguards and rules with respect to personal data processing in a general health emergency. The Report then turns to legal bases for processing personal data in the COVID-19 context.

Personal data

Personal data GDPR Risk Insurance

China Issues Draft of Data Security Administrative Measures

Hunton Privacy

JUNE 10, 2019

On May 28, 2019, the Cyberspace Administration of China (“CAC”) released draft Data Security Administrative Measures (the “Measures”) for public comment. The Measures likely will significantly impact network operators’ compliance programs in China. Regulated Data and Activities.

Security

Security Data breaches Data collection Cybersecurity

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

India: New Digital Personal Data Protection Act, Start Planning Now.

Webinars

Trending Sources

GDPR compliance checklist

Webinars

$10,000,000 civil penalty for disclosing personal data without consent

When are schools required to report personal data breaches?

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

Guest Post - Three Critical Steps for GDPR Compliance

How to implement the General Data Protection Regulation (GDPR)

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Businesses to Assist NHS Test and Trace Efforts

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

HONG KONG: Increased Enforcement Action?

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

Top 5 Application Security Tools & Software for 2023

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Colorado AG Publishes Draft Colorado Privacy Act Rules

CHINA: Clarifications of data classification and grading requirements

Data protection strategy: Key components and best practices

More New York SHIELD Act guidance

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

China Issues Draft Measures on Security Assessment of Cross-border Data Transfer

Data privacy examples

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

The CNIL’s key priorities for upcoming dawn-raids in 2021

Regional privacy but global clouds. How to manage this complexity?

China’s Data Privacy Law Poses Challenge for International Companies

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

China: Navigating China Episode 19: China’s new Data Security Law: what multinational businesses need to know

Make data protection a 2023 competitive differentiator

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Another fine for over-retention of data

How Companies Need to Treat User Data and Manage Their Partners

Hong Kong: Important changes proposed to Hong Kong’s data protection law

China’s First Data Protection Measures Lifting Its Veils

Data Privacy Compliance Isn’t Just for Europe or California Anymore: Data Privacy Trends

EUROPE: New privacy rules for connected vehicles in Europe?

Privacy in an open-data world: Why government agencies need to be proactive

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

China Issues Draft of Data Security Administrative Measures

Stay Connected