Compliance and Personal data - Information Management Today

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Hunton Privacy

OCTOBER 31, 2023

In addition, the forms used by the company’s commercial partners to collect personal data were silent about the fact that personal data would be shared with Groupe Canal+ for marketing purposes. In light of these infringements, the CNIL imposed a €600,000 fine on Groupe Canal+.

GDPR

GDPR Marketing Personal data Communications

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Hunton Privacy

JULY 15, 2020

After receiving multiple complaints from data subjects, the Dutch DPA investigated BKR’s management of data subjects’ access requests. In addition, Recital 59 of the GDPR clearly states that controllers should offer the possibility of accessing personal data in an electronic form when data is processed electronically.

Compliance

Compliance GDPR Personal data Paper

Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns

Security Affairs

APRIL 1, 2023

The Italian Data Protection Authority, Garante Privacy, has temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors. The Authority pointed out that OpenAI does not alert users that it is collecting their data. ” continues the press release.

Privacy

Privacy Personal data GDPR Compliance

Hong Kong Company Director Convicted Under Personal Data (Privacy) Ordinance

Data Protection Report

JULY 19, 2017

A director of a Hong Kong company has been convicted of an offence under the Personal Data (Privacy) Ordinance (“PDPO”). A complaint was filed against the employment agency for transferring personal data without consent. To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.

Personal data

Personal data Data Privacy Privacy IT

How to Manage Your Cyber Risks

IT Governance

OCTOBER 11, 2022

Whether they’re taking small steps, such as installing antivirus software, or large ones, such as a GDPR (General Data Protection Regulation) compliance campaign, they consider it ‘job done’ when the implementation project is complete. ISO 27001 can also be used as a framework to help organisations achieve GDPR compliance.

Risk

Risk GDPR Information Security Personal data

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

The impact of Schrems II on Canada: No more onward transfer on the basis of the EU-US Privacy Shield

Privacy and Cybersecurity Law

JULY 17, 2020

The decision recognizes the validity of Standard Contractual Clauses (SCCs) to transfer personal data outside of the European Union (EU), but invalidates the transfer of personal data from the EU to the US under the EU-US Privacy Shield. Under adequacy, the cross-border transfer of personal data is generally authorized.

Privacy

Privacy Personal data Compliance IT

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Recall that the focus of the Executive Order was not on single transactions, but rather bulk transactions of Americans’ personal data. What about due diligence, compliance programs, and recordkeeping? The compliance program suitable for a particular U.S. person would be based on that U.S.

Access

Access Military Compliance Personal data

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

HL Chronicle of Data Protection

MARCH 5, 2020

It refers to all data subjects that may be targeted by direct marketing such as clients, members, prospects, subscribers, or even voters. The Recommendation provides a step-by-step approach on how achieve compliance: 1. Attracting new clients, subscribers, or members. Necessity for Data Minimisation. How to Comply?

Marketing

Marketing GDPR Personal data Healthcare

Brazilian General Data Protection Law (LGPD) entered into force and requires attention

Privacy and Cybersecurity Law

JANUARY 27, 2021

In 2018, the Brazilian General Data Protection Law (LGPD), inspired by the General European Data Protection Regulation, was sanctioned by President Michel Temer. In general, any practice that process personal data will be subject to the law.

Personal data

Personal data Data breaches Compliance Marketing

More on Schrems II: No grace period for cross-border data flows – So moving on to next steps

Privacy and Cybersecurity Law

AUGUST 5, 2020

When the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield as a vehicle to transfer personal data from the EU to the US, last July 16, 2020, the obvious question was: “What is the transition period?” The answer is now coming from EU Data Protection Authorities in Europe: there is none.

Personal data

Personal data Privacy GDPR Compliance

Brexit impact on privacy

Privacy and Cybersecurity Law

FEBRUARY 6, 2020

If you or your clients offer goods or services in the UK, and process personal data of UK residents, the GDPR will continue to apply to the treatment and safeguarding of that personal data. The UK’s Data Protection Act of 2018 incorporates the GDPR into UK law. Subscribe and stay updated. What to expect.

Privacy

Privacy GDPR Personal data Compliance

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

DLA Piper Privacy Matters

OCTOBER 22, 2020

On 28 September 2020, the Romanian National Supervisory Authority for the Processing of Personal Data (ANSPDCP) published on its website the annual activity report for 2019. Qualification of the parties involved in personal data processing activities. Irina Macovei, Roxana Rosu and Andrei Stoica. Points of view.

Personal data

Personal data GDPR Communications Compliance

International Data Protection Day 2022

DLA Piper Privacy Matters

JANUARY 28, 2022

In Asia Pacific, China ’s Personal Information Protection Law (PIPL) came into force. This consolidates obligations on processing of personal information at a national law level, but still leaves to be determined in the future through subsequent regulations and guidelines. Our Tools and Resources. Access the report here.

GDPR

GDPR Privacy Data breaches Personal data

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

According to the EC, the GDPR’s data protection rules have proven that they are fit for the digital age, as they help to foster trust-worthy innovation, empower individuals to have more control over their personal data and guarantee the free flow of personal data within the EU. Subscribe and stay updated.

GDPR

GDPR Privacy Personal data Compliance

Off the Record: Blockchain

The Texas Record

FEBRUARY 16, 2021

While we did not write these articles, we are happy to share them with our subscribers. The use of blockchain in records management is presented as a tool for greater compliance and workflow. The following articles appraise the use of blockchain and the potential impact the technology has on both private and government level entities.

Blockchain

Blockchain Records Management Government Personal data

HMRC forced to delete 5 million voice records after GDPR gaffe

IT Governance

MAY 9, 2019

According to the ICO , HRMC’s failing was that it didn’t obtain explicit consent to record individuals’ voices (a form of biometric data, which the GDPR considers a special category of personal data ). However, organisations that process personal data should be aware that consent isn’t always the best lawful basis to rely on.

GDPR

GDPR Personal data Education Passwords

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Glosbe dictionary exposes almost 7 million records The multilingual online dictionary Glosbe left a MongoDB instance unsecured last year, exposing nearly 7 million users’ information, including personal data, encrypted passwords and social media identifiers. Glosbe did not reply, but the open instance was soon closed.

Data Privacy

Data Privacy Privacy Security Data breaches

ICO Publishes Age Appropriate Design Code of Practice for Online Products and Services accessed by Children

Privacy and Cybersecurity Law

FEBRUARY 14, 2020

Detrimental Use of Data: You should not use children’s personal data in ways that have been shown to be detrimental to their wellbeing , or that go against industry codes of practice, other regulatory provisions, or Government advice. Subscribe and stay updated. What happens now? Share on Facebook. Share on Twitter.

Access

Access Personal data IoT Privacy

ICO Guidance on Artificial Intelligence

Privacy and Cybersecurity Law

AUGUST 5, 2020

Secondly, in most cases where an organisation utilises AI, it will be mandatory to conduct a DPIA – and the ICO suggests that your DPIA process should both comply with data privacy laws generally but also conform to specific standards set out in the Guidance. Statistical accuracy needs to be balanced with the principle of data minimisation.

Artificial Intelligence

Artificial Intelligence GDPR Personal data Compliance

Belgium: DPA imposes fine on provider “pink boxes”: free products vs. free consent and other interesting take-aways

DLA Piper Privacy Matters

FEBRUARY 4, 2021

Family service, however, also licenses and sells personal data of these mothers (and their children – according to the BDPA’s interpretation) to its business partners for direct marketing purposes. Lack of transparency on selling/licensing personal data. Additionally, we provide some key takeaways from this decision.

Personal data

Personal data GDPR Marketing IT

Belgium Adopts Law Reforming the Belgian Privacy Commission

Hunton Privacy

JANUARY 18, 2018

More specifically, the DPA will have to cooperate with all other Belgian public and private actors involved in the protection of the rights and freedoms of individuals, particularly regarding the free flow of personal data and customer protection. The DPA will also have to cooperate with other national data protection authorities.

Privacy

Privacy Computer and Electronics Personal data GDPR

The ICO admits that its cookie policy violates the GDPR

IT Governance

JUNE 20, 2019

The UK’s data protection watchdog has admitted that its website’s cookie policy breaches the requirements of the GDPR (General Data Protection Regulation). The ICO (Information Commissioner’s Office) made the statement following complaints that it was storing visitors’ personal data without their consent.

GDPR

GDPR IT Personal data Compliance

Key lessons from the first major GDPR fines for cyber breaches

Privacy and Cybersecurity Law

JANUARY 18, 2021

These first fines are likely to form the ICO’s “baseline” for cybersecurity and other personal data breach enforcement over the years to come. Subscribe and stay updated. The decisions are lengthy but, as the first GDPR fines for cybersecurity breaches, they are seminal. The willingness of the ICO to make findings of negligence.

GDPR

GDPR Cybersecurity Data breaches Risk

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

IT Governance

JANUARY 30, 2024

Data breached: 2 PB. Mobile network database breach exposes 750 million Indians’ personal data The Indian security company CloudSEK claims to have found the personal data of 750 million Indians for sale on an “underground forum”. Data breached: 750 million victims’ personal data.

Data Privacy

Data Privacy Retail Privacy Manufacturing

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

9) deidentified data (that meets the requirements for deidentification under the law). Penalties for Non-Compliance : The law will be enforced by the California Attorney General or certain district attorneys or city prosecutors. Penalties for negligent violations of the law can result in civil penalties up to $1,000 (plus court costs).

Privacy

Privacy Insurance Security Data breaches

A Practical Guide to Cyber Incident Response

IT Governance

MAY 24, 2024

Those people will be affected if anything goes wrong due to mismanagement of their data. Those people will be affected if anything goes wrong due to mismanagement of their data. Subscribe to our free weekly newsletter: the Security Spotlight. Is that a common issue? Alternatively, explore our full index of interviews here.

Risk

Risk Security Ransomware Phishing

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

On October 28, 2017, the Turkish Data Protection Authority (the “ Authority ”) published an important regulation supplementing the Law on Protection of Personal Data (the “ Data Protection Law ”), namely the Regulation on the Deletion, Destruction and Anonymization of Personal Data (the “ Regulation ”).

Personal data

Personal data Paper Encryption Cloud

European Parliament Adopts Position on Data Breach Notification Requirement for Telecoms and ISPs

Hunton Privacy

MAY 12, 2009

In addition to other measures, it will include a definition of “personal data breach” and will introduce a data breach notification requirement. For the first time in EU law the amendments introduce a definition of “personal data breach” and a data breach notification requirement.

Data breaches

Data breaches Personal data Privacy Communications

The CNIL publishes new guidelines on cookies and other similar technologies

Data Protection Report

AUGUST 13, 2019

Finally, the CNIL recalls, like it did in its 2013 guidance, that the information (stored and/or accessed) does not have to be personal data within the meaning of the GDPR for the consent rule to apply. iii) the personal data collected must not overlap with other processing operations (e.g.

Computer and Electronics

Computer and Electronics GDPR Personal data Data collection

France Introduces Data Security Breach Notification Requirement for Electronic Communication Service Providers

Hunton Privacy

AUGUST 26, 2011

These new provisions apply only to companies that process personal data as part of electronic communication services they provide through a public network ( e.g. , ISPs or telecom operators). Non-compliance with these provisions is punishable by up to five years of imprisonment and a €300,000 fine.

Communications

Communications Security Personal data Privacy

UK ICO Publishes Social Networking and Online Forums Guidance

Hunton Privacy

JUNE 14, 2013

Under Section 36 of the DPA, individuals who process personal data for their personal, family or household affairs are exempt from complying with the obligations of the DPA with respect to such processing. Whether an individual’s use of online media is considered personal or non-personal depends on the particular facts.

Personal data

Personal data Compliance Sales Communications

China issues Personal Information Security Specification

Data Protection Report

FEBRUARY 5, 2018

Although the Specification is not a mandatory regulation, it nonetheless has a key implementing role in relation to China’s Cyber Security Law (“Cyber Security Law”) in respect of protecting personal information in China. Such requirements give rise to significant compliance issues for business operations in China.

Information Security

Information Security Security Compliance Personal data

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident. Data breached: 2,632,275 people’s data. 204 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

process and use personal data. For example, end users must be able to easily (i) change any preinstalled and default settings, (ii) switch between and subscribe to different services, and (iii) access and port their data. Among others, the obligations and prohibitions limit gatekeepers’ ability to.

Marketing

Marketing Computer and Electronics Communications GDPR

FRANCE: Website publisher fined for violation of the cookie requirements

DLA Piper Privacy Matters

JULY 11, 2018

The French Council of State affirmed the EUR 25,000 fine imposed by the CNIL on Editions Croque Futur (challenges.fr) for non-compliance with French data protection law, and in particular cookie requirements. French law requires to place a short-form information notice on personal data collection form (e.g.,

Communications

Communications GDPR Compliance Data collection

Dentons Privacy Community does Artificial Intelligence

Privacy and Cybersecurity Law

OCTOBER 29, 2020

Currently, compliance with the Guidelines and completion of the ALTAI are both entirely voluntary. These materials should be read alongside the ICO’s recently published Accountability Framework which applies to all organisations processing personal data. Subscribe and stay updated. Share on Facebook.

Artificial Intelligence

Artificial Intelligence Privacy Compliance Data Privacy

Why Sucessful Central Bank Digital Currencies require Partnership enagement

Thales Cloud Protection & Licensing

JUNE 21, 2023

Data privacy; e-wallets, devices and transaction systems should not have direct access to sensitive personal data. However, in some circumstances, the institutions handling money as part of a retail transaction should have the ability to perform KYC (Know Your Customer) checks, as mandated under their industry compliance regime.

Retail

Retail Encryption e-Discovery Data Privacy

MY TAKE: Former NSA director says cybersecurity solutions need to reflect societal values

The Last Watchdog

MARCH 5, 2020

Compliance penalties, lawsuits, loss of intellectual property, theft of customer personal data and loss of reputation — due to poor cyber defenses — are now getting board level attention. Compliance drivers, like Europe’s GDPR and California’s CCPA , are stirring the pot. Yet cyber exposures are multiplying.

Cybersecurity

Cybersecurity IoT Compliance Digital transformation

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Trending Sources

Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns

Hong Kong Company Director Convicted Under Personal Data (Privacy) Ordinance

How to Manage Your Cyber Risks

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

The impact of Schrems II on Canada: No more onward transfer on the basis of the EU-US Privacy Shield

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

Brazilian General Data Protection Law (LGPD) entered into force and requires attention

More on Schrems II: No grace period for cross-border data flows – So moving on to next steps

Brexit impact on privacy

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

International Data Protection Day 2022

The European Commission’s GDPR review in short

Off the Record: Blockchain

HMRC forced to delete 5 million voice records after GDPR gaffe

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

ICO Publishes Age Appropriate Design Code of Practice for Online Products and Services accessed by Children

ICO Guidance on Artificial Intelligence

Belgium: DPA imposes fine on provider “pink boxes”: free products vs. free consent and other interesting take-aways

Belgium Adopts Law Reforming the Belgian Privacy Commission

The ICO admits that its cookie policy violates the GDPR

Key lessons from the first major GDPR fines for cyber breaches

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

A Practical Guide to Cyber Incident Response

Data Protection Regime in Turkey Takes Shape

European Parliament Adopts Position on Data Breach Notification Requirement for Telecoms and ISPs

The CNIL publishes new guidelines on cookies and other similar technologies

France Introduces Data Security Breach Notification Requirement for Electronic Communication Service Providers

UK ICO Publishes Social Networking and Online Forums Guidance

China issues Personal Information Security Specification

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

FRANCE: Website publisher fined for violation of the cookie requirements

Dentons Privacy Community does Artificial Intelligence

Why Sucessful Central Bank Digital Currencies require Partnership enagement

MY TAKE: Former NSA director says cybersecurity solutions need to reflect societal values

Stay Connected