2019, Compliance and Personal data - Information Management Today

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Data Protection Report

JANUARY 20, 2020

2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. million patients.

Personal data

Personal data Security Data Privacy GDPR

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Hunton Privacy

JULY 15, 2020

After receiving multiple complaints from data subjects, the Dutch DPA investigated BKR’s management of data subjects’ access requests. In addition, Recital 59 of the GDPR clearly states that controllers should offer the possibility of accessing personal data in an electronic form when data is processed electronically.

Compliance

Compliance GDPR Personal data Paper

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

DECEMBER 2, 2019

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

GDPR

GDPR Compliance Personal data Access

61% of organisations reported a data breach in 2019

IT Governance

OCTOBER 24, 2019

The insurance firm Hiscox found that 61% of organisations were compromised in the past 12 months. This represents a 16-percentage-point increase over the past year, demonstrating how quickly the threat of data breaches is escalating. Consider that the 2019 SonicWall Cyber Threat Report identified a record-high 10.52

Data breaches

Data breaches GDPR Compliance Insurance

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

On 12 July 2018, the Kingdom of Bahrain (Bahrain) issued Law No. 30 of 2018 on the Personal Data Protection Law (PDPL). The PDPL will enter into force on 1 August 2019, giving businesses just under one year from the date of this article to prepare for the new regime. Businesses with a place of business in Bahrain; and.

Personal data

Personal data GDPR Compliance Risk

Nigeria Issues New Data Protection Regulation

Hunton Privacy

APRIL 5, 2019

On January 25, 2019, Nigeria’s National Information Technology Development Agency (“NITDA”) issued the Nigeria Data Protection Regulation 2019 (the “Regulation”). Many concepts of the Regulation mirror the EU General Data Protection Regulation (“GDPR”).

Personal data

Personal data Privacy Compliance GDPR

Online advertising targeting : a CNIL priority for 2019

Data Protection Report

JULY 12, 2019

Often questioned about online advertising targeting by both the public and professionals, the CNIL released its action plan for 2019-2020 with a view to providing further details about the applicable advertising rules and to support stakeholders in their compliance with them. Step 1 : new guidance to be released in July 2019.

GDPR

GDPR Compliance Marketing Personal data

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Mumsnet disclosed a data breach affecting 4,000 people. million (£4.2

Data breaches

Data breaches GDPR Passwords Personal data

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Hunton Privacy

JUNE 11, 2019

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Personal data

Personal data Security GDPR Archiving

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

JULY 8, 2019

Following the now famous €50m fine imposed on Google LLC in January 2019, [1] the French Data Protection Authority (the CNIL ) published a decision taken on 28 May 2019 [2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.

GDPR

GDPR Personal data Compliance Security

European Commission Issues GDPR Infographic

Hunton Privacy

FEBRUARY 1, 2019

On January 25, 2019, the European Commission (the “Commission”) issued an infographic on compliance with and enforcement and awareness of the EU General Data Protection Regulation (“GDPR”) since the GDPR took force on May 25, 2018. Three fines have been issued under the GDPR so far.

GDPR

GDPR Data breaches Personal data Compliance

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

DLA Piper Privacy Matters

OCTOBER 17, 2022

A recent decision by the Irish Data Protection Commission (“ DPC “) imposing a record €405 million fine provides clarification on the lawfulness of processing children’s personal data in accordance with the legal bases of ‘performance of contract’ and ‘legitimate interest’. Background. Analysis of Article 6(1).

GDPR

GDPR Personal data Risk Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. Loyalty program members’ data had been retained for a period of four years from their last activity. and carrefour-banque.fr

GDPR

GDPR Personal data Data collection Marketing

EDPB Publishes Guidelines on Data Protection by Design and by Default

Hunton Privacy

NOVEMBER 22, 2019

On November 13, 2019, the European Data Protection Board (“EDPB”) published its draft guidelines 4/2019 (the “Guidelines”) on the obligation of Data Protection by Design and by Default (“DPbDD”) set out under Article 25 of the EU General Data Protection Regulation (“GDPR”). on how to handle personal data.

Personal data

Personal data GDPR Compliance Risk

Dutch DPA to Approve Netherlands Code of Conduct for ICT

Hunton Privacy

AUGUST 13, 2019

On August 12, 2019, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , the “Dutch DPA”) announced its intent to approve Nederland ICT’s Data Pro Code (the “Code”), a code of conduct for the ICT sector. Nederland ICT represents data processors from the IT sector.

GDPR

GDPR Personal data Data breaches Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

million individuals was exposed, including approximately 98,632 New Yorkers.The AG began an investigation based on New York’s Executive Law § 63(12) [deception] and General Business Law §§ 349 [deception] and 899-bb. The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act.

Passwords

Passwords Financial Services Authentication Insurance

Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

DLA Piper Privacy Matters

JULY 29, 2020

The case against Google Belgium SA was initiated by a complaint filed with the Belgian DPA by a Belgian resident on 12 august 2019. The complainant, an executive at an unnamed large company, had requested the removal of 12 URLs which he considered to be harmful to his reputation. The case against Google Belgium.

GDPR

GDPR Compliance IT Privacy

ICO Publishes Final Version of Its Age Appropriate Design Code

Hunton Privacy

JANUARY 22, 2020

It applies to providers of information services likely to be accessed by children in the UK, including applications, programs, websites, social media platforms, messaging services, games, community environments and connected toys and devices, where these offerings involve the processing of personal data.

IT

IT Personal data Compliance Privacy

CNIL Publishes Action Plan Regarding Online Targeted Advertising

Hunton Privacy

JULY 1, 2019

On June 28, 2019, the French data protection authority (the “CNIL”) published its action plan for 2019-2020 to specify the rules applicable to online targeted advertising and to support businesses in their compliance efforts. Background. Action Plan. These draft recommendations will be open for public consultation.

GDPR

GDPR Marketing Personal data Privacy

Action Required: Privacy Shield Participants Must Update Privacy Policies for Brexit

HL Chronicle of Data Protection

APRIL 5, 2019

With the deadline for a no-deal Brexit looming—the UK’s exit date from the European Union is now slated for April 12—companies certified to the EU-U.S. Privacy Shield should update their Privacy Shield privacy policies if they have not done so already to ensure that they are able to lawfully receive personal data from the UK post-Brexit.

Privacy

Privacy Compliance Personal data Government

Commission Publishes Report on the Second Annual Review of the Functioning of the EU-U.S. Privacy Shield

Hunton Privacy

DECEMBER 20, 2018

On July 12, 2016, the Commission adopted an adequacy decision on the basis that the EU-U.S. Privacy Shield ensured an adequate level of protection to personal data transferred from the European Economic Area (“EEA”) to the participating companies in the U.S. government will fill the position by February 28, 2019.

Privacy

Privacy Compliance Personal data GDPR

Why law enforcement data processing is more complicated than you might think

IT Governance

MAY 30, 2019

Just when you thought you were getting the hang of the GDPR (General Data Protection Regulation) , you learn that things are even more complicated. That’s been the reaction of many law enforcement bodies that have recently learned about their compliance requirements under the DPA (Data Protection Act) 2018.

GDPR

GDPR Personal data Government Compliance

Update: Vietnam’s New Cybersecurity Law

HL Chronicle of Data Protection

NOVEMBER 15, 2018

On June 12, 2018, the Vietnamese National Assembly passed the Law on Cybersecurity (the “ Cybersecurity Law “), which will take effect on January 1, 2019. Localized storage and retention of personal data. Data created by a user (e.g. Data retention periods depend on the type of data being stored.

Cybersecurity

Cybersecurity Personal data Compliance Government

Dutch DPA Updates Policy on Administrative Fines

Hunton Privacy

MARCH 26, 2019

On March 14, 2019, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , the “Dutch DPA”) published a press release announcing its policy (in Dutch ) for calculating administrative fines (the “Policy”). In certain cases, the Dutch DPA may also consider the financial situation of the data controller or processor.

GDPR

GDPR Personal data Authentication Compliance

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Data Matters

NOVEMBER 12, 2019

As submitted for the comment period on Initiatives – Active Measures for Initiative 19-0021 on November 8, 2019. Dear Mr. Mactaggart, As privacy practitioners, we share your passion and dedication to the development of information privacy and data protection law in the United States. Household information.

Privacy

Privacy Data breaches Compliance Personal data

FRANCE: A new phase in European privacy law enforcement – CNIL fined Google LLC 50 million euros!

DLA Piper Privacy Matters

JANUARY 24, 2019

On 21 January 2019, the restricted committee of the French Data Protection Supervisory Authority (CNIL) fined Google LLC 50 million euros for breaching GDPR for lack of transparency, inadequate information and lack of valid consent regarding personalized advertising. . Lack of transparency and breach of information requirements.

Privacy

Privacy GDPR Personal data Compliance

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR? million Euro as was too high.

GDPR

GDPR Authentication Compliance Personal data

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. This personal data was still being held by late May 2018 and had been subject to unauthorised use by a third party.

GDPR

GDPR Personal data Privacy Information architecture

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

HL Chronicle of Data Protection

JULY 9, 2019

The ICO intends to use its own Sandbox to support organisations that are looking to use personal data in innovative ways through the use of new technologies and approaches. These organisations will participate in the beta phase which is due to run from July 2019 until September 2020.

GDPR

GDPR Personal data Privacy Financial Services

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

The European Data Protection Board (“EDPB”) reported a total of 281,088 national enforcement actions being initiated as of May 22, 2019 (approximately one year after the GDPR’s entry into application). Since then, data protection authorities across the EU have been initiating enforcement and fines on a daily basis.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

The European Data Protection Board (“EDPB”) reported a total of 281,088 national enforcement actions being initiated as of May 22, 2019 (approximately one year after the GDPR’s entry into application). Since then, data protection authorities across the EU have been initiating enforcement and fines on a daily basis.

GDPR

GDPR Personal data Privacy Manufacturing

Senator Markey Introduces Privacy Bill of Rights Act

Hunton Privacy

APRIL 16, 2019

On April 12, 2019, Senator Edward J. Under the Act, the FTC regulations also would have to require covered entities to “establish and maintain reasonable data security practices to protect the confidentiality, integrity, and availability of personal information.”.

Privacy

Privacy Sales Compliance Access

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

The FTC will accept submissions until 12 January. NIST identifies “adversarial machine learning” threats New guidance from NIST offers approaches to mitigate AI malfunctions caused by exposure to untrustworthy data. KSV’s website urges people to buy an ‘InfoPass’ instead of letting individuals get a free copy of their data.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines ). Categories of personal data affected (e.g. A fine is considered effective where it re-establishes compliance with the rules, punishes unlawful behaviour or both. German Data Protection Conference.

GDPR

GDPR Compliance Personal data IT

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. Dixons Carphone admitted suffering a major data breach in July 2017, involving 5.9 million personal data records, and a second breach, in which customers’ names, addresses and email addresses were accessed.

Data breaches

Data breaches Personal data Access GDPR

GERMANY: Data Protection Authorities Issue GDPR Fining Guidelines

DLA Piper Privacy Matters

OCTOBER 24, 2019

On 16 October 2019 – after weeks of rumors and speculations – the German data protection authorities (‘DPAs’) published their guidelines (‘ Guidelines’ ) for calculating administrative fines under Article 83 General Data Protection Regulation (‘ GDPR’ ). 12 to 14.4 (= 4 %). Minor violation. Medium violation.

GDPR

GDPR Compliance Personal data IT

California Consumer Privacy Act: The Challenge Ahead – CCPA and Employee Data

HL Chronicle of Data Protection

OCTOBER 26, 2018

As part of our ongoing series on the CCPA, this post lays out why the issue of CCPA applicability to employees is controversial and nevertheless offers potential strategies to address CCPA compliance requirements as they may relate to personnel records. Opt-Out for Sale of Personal Information. Why the Uncertainty?

Privacy

Privacy Sales Compliance Personal data

Nevada, New York and other states follow California’s CCPA

Data Protection Report

JUNE 6, 2019

On May 29, 2019, Nevada enacted an amendment to its online privacy law, requiring businesses to offer consumers a right to opt-out of the sale of their personal information. The law also does not limit the number of times a consumer can make the request in a year, while CCPA limits requests to two (2) within 12 months.

Sales

Sales Privacy Insurance Manufacturing

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Data Protection Report

MAY 16, 2019

On 15 April 2019, the ICO opened a public consultation on a draft code of practice titled Age Appropriate Design (the “Code” ). The Code will remain open for public consultation until 31 May 2019. 10-12: transition years. 0 – 5: pre-literate and early literacy. 6 – 9: core primary school years. 13-15: early teens.

Personal data

Personal data Privacy GDPR Access

CIPL President Bojana Bellamy Honored with 2019 IAPP Privacy Vanguard Award

Hunton Privacy

MAY 8, 2019

On May 3, 2019, the International Association of Privacy Professionals (“IAPP”) honored Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy with the 2019 IAPP Privacy Vanguard Award during its Global Privacy Summit in Washington, D.C. I am delighted that Bojana received the Vanguard award this year.

Privacy

Privacy Data Privacy Compliance Personal data

And then there were five: CCPA amendments pass legislature

Data Protection Report

SEPTEMBER 17, 2019

The California legislative session for 2019 ended on September 13 and the following five amendments to the California Consumer Privacy Act (CCPA) were passed: AB 25, 874, 1146, 1355, and 1564. In subsections (a)(2) and (b)(12), businesses can offer different prices, rates, quality, etc. – § 1798.125.

B2B

B2B Privacy Communications Encryption

One Year After GDPR: Significant Rise on Data Breach Reporting from European Businesses

Thales Cloud Protection & Licensing

MAY 24, 2019

It’s been one year since the European Union (EU) enforced the General Data Protection Regulation (GDPR) 1 , a legislation designed to protect the personal data of EU citizens and lay specific rules and guidelines on how their data is collected, stored, processed and deleted by various entities.

Data breaches

Data breaches GDPR Personal data Compliance

The CNIL publishes new guidelines on cookies and other similar technologies

Data Protection Report

AUGUST 13, 2019

On 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies , repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. iii) the personal data collected must not overlap with other processing operations (e.g. Measures on how to obtain consent.

Computer and Electronics

Computer and Electronics GDPR Personal data Data collection

What’s new in OpenText Axcelerate

OpenText Information Management

JANUARY 31, 2024

Now supports 2016 and 2019 Outlook versions. In litigation, investigations and regulatory compliance matters, legal teams are under intense pressure to deliver superior results on time and within budget. To mitigate risk to the organization, swift and accurate identification of personal data is critical. Axcelerate CE 21.4

Analytics

Analytics Cloud Data Privacy Compliance

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Trending Sources

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

61% of organisations reported a data breach in 2019

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

Nigeria Issues New Data Protection Regulation

Online advertising targeting : a CNIL priority for 2019

2019 end-of-year review part 1: January to June

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

European Commission Issues GDPR Infographic

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

EDPB Publishes Guidelines on Data Protection by Design and by Default

Dutch DPA to Approve Netherlands Code of Conduct for ICT

New York SHIELD Act $600,000 settlement

Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

ICO Publishes Final Version of Its Age Appropriate Design Code

CNIL Publishes Action Plan Regarding Online Targeted Advertising

Action Required: Privacy Shield Participants Must Update Privacy Policies for Brexit

Commission Publishes Report on the Second Annual Review of the Functioning of the EU-U.S. Privacy Shield

Why law enforcement data processing is more complicated than you might think

Update: Vietnam’s New Cybersecurity Law

Dutch DPA Updates Policy on Administrative Fines

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

FRANCE: A new phase in European privacy law enforcement – CNIL fined Google LLC 50 million euros!

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

GDPR – The Year in Review

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

Senator Markey Introduces Privacy Bill of Rights Act

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

EDPB publishes guidance on calculating GDPR fines

Weekly podcast: 2018 end-of-year roundup

GERMANY: Data Protection Authorities Issue GDPR Fining Guidelines

California Consumer Privacy Act: The Challenge Ahead – CCPA and Employee Data

Nevada, New York and other states follow California’s CCPA

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

CIPL President Bojana Bellamy Honored with 2019 IAPP Privacy Vanguard Award

And then there were five: CCPA amendments pass legislature

One Year After GDPR: Significant Rise on Data Breach Reporting from European Businesses

The CNIL publishes new guidelines on cookies and other similar technologies

What’s new in OpenText Axcelerate

Stay Connected