Hunton Privacy

JANUARY 18, 2023

On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. Reinforced obligations. For important entities, of at least up to €7 million or 1.4% of the worldwide annual turnover.

Cybersecurity 111

Cybersecurity Healthcare Encryption Risk 111

DLA Piper Privacy Matters

AUGUST 8, 2023

The Draft Measures regulate the processing of electronic data collected and generated during the course of business activities that are under the supervision and management of PBOC (“ Regulated Data ”). This is not dissimilar in practice to existing guidelines around categorization of “financial data”.

Financial Services 98

Financial Services Personal data Compliance Data collection 98

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. Growing Expectations of Director-Level Responsibility for Cyber Legal Compliance. 1] The U.S.

Compliance 60

Compliance Cybersecurity Risk Government 60

Hunton Privacy

JANUARY 26, 2022

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released for public comment its draft Regulations on Network Data Security Management (the “Draft Regulations”). In addition, the Draft Regulations add new requirements related to data processing activities. Cybersecurity Review.

Security 116

Security Data breaches Personal data Cybersecurity 116

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. Key compliance obligations include: Classification of financial data: the data lifecycle framework introduces five levels of financial data, namely: .

Compliance 111

Compliance Security Financial Services Data collection 111

Hunton Privacy

MARCH 29, 2023

On Monday, March 27, 2023, the Centre for Information Policy Leadership (CIPL) at Hunton Andrews Kurth submitted a response to the California Privacy Protection Agency (CPPA)’s Invitation for Preliminary Comments on Proposed Rulemaking for cybersecurity audits, risk assessments and automated decisionmaking.

Risk 58

Risk Personal data Cybersecurity Compliance 58

DLA Piper Privacy Matters

AUGUST 23, 2021

However, as with all China laws, the PIPL is drafted as high level principles, and we anticipate additional guidelines will be published in the coming months outlining the practical compliance steps organisations will need to take when updating their China data protection compliance programmes.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Data Matters

OCTOBER 6, 2022

The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. This is the idea that data protection should be ‘baked in’ to your processing from the design stage through to the deployment of any technology. PETs that control access to certain parts of the data.

GDPR 88

GDPR Privacy Encryption Compliance 88

Data Protection Report

JANUARY 21, 2019

The way the information is provided to users does not allow them to fully appreciate the number of services and combinations of personal data involved in ad personalisation. Retention periods were not included for some categories of data. Transparency infringements.

GDPR 40

GDPR Personal data Privacy Access 40

IT Governance

OCTOBER 21, 2021

The need for experienced and qualified cyber security professionals is a highlight of Cybersecurity Career Awareness Week , led by NICE (National Initiative for Cybersecurity Education). The most common skills gaps are “storing or transferring personal data, setting up configured firewalls, and detecting and removing malware”.

Security 111

Security Information Security GDPR Data Privacy 111

Hunton Privacy

DECEMBER 2, 2020

“Data” under the Data Governance Act means any digital representation of acts, facts or information and any compilation of the same, including in the form of sound, visual or audiovisual recording. Below are some key takeaways from the draft Data Governance Act: Re-Use of Protected Data by Public Sector Authorities.

Government 70

Government Personal data Compliance GDPR 70

eSecurity Planet

APRIL 22, 2022

As the number and severity of data breaches continues to rise, organizations are recognizing that those costs are not theoretical. If your company has not already experienced a significant cybersecurity event, it is probably only a matter of time before it does. Also read: The Top Cybersecurity Companies. was worth roughly $4.1

Insurance 119

Insurance Ransomware Cybersecurity Marketing 119

eSecurity Planet

JANUARY 5, 2023

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. 2023, he predicted, “will not be any easier when it comes to keeping users’ data safe and private.” Similarly, the U.S.

Security 145

Security Ransomware Cybersecurity Privacy 145

Data Matters

NOVEMBER 4, 2020

While businesses have until January 2023 to comply with CPRA provisions, they should start taking steps to understand and build out compliance programs soon. Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. New Rights for Sensitive Personal Information.

Privacy 122

Privacy B2B Sales Data breaches 122

Security Affairs

MAY 12, 2021

Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Such a contract must stipulate that the vendor/processor will process the personal data only on documented instructions from the controller. Key Takeaways.

GDPR 91

GDPR Privacy Personal data Data breaches 91

DLA Piper Privacy Matters

JUNE 21, 2021

The speed of its passing has left multinational businesses scrabbling to understand the key compliance obligations. While many of the practical compliance steps will be detailed in measures and guidelines to be published over the coming weeks and months, here’s what we already know: 1. extra-territorial effect) – must comply.

Security 71

Security Compliance Data Privacy Risk 71

DLA Piper Privacy Matters

MAY 5, 2020

Adjacent to these initiatives, the European Data Protection Board (“EDPB”) recently published draft guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. Hence, personal data can be collected through vehicle sensors, telematics boxes or mobile applications.

Privacy 69

Privacy Personal data GDPR Insurance 69

Privacy and Cybersecurity Law

AUGUST 23, 2017

The GDPR will bring significant and substantial changes with respect to the processing of personal data. It introduces several new concepts, such as Privacy by Design, Privacy by Default and Data Portability. In the August edition of our GDPR Updates we address the position of the data processor.

GDPR 40

GDPR Personal data Compliance Privacy 40

Data Matters

MARCH 12, 2020

If, after taking these measures, an organisation still needs to collect specific health data, the ICO confirms that ongoing data minimisation and information security to protect this sensitive category of data will be paramount.

GDPR 83

GDPR Communications Privacy Government 83

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Multifactor authentication requires users to take an extra step to verify who they are by providing two or more distinct categories of evidence. In 2018, the Timehop app suffered a serious breach that resulted in data belonging to 21 million users being compromised. A Grave Outlook For Passwords: Is the Future Passwordless?

Authentication 71

Authentication Passwords Cloud Data breaches 71

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. DPAs have also published guidance around specific local law requirements. Be one step ahead.

Privacy 85

Privacy GDPR Data breaches Risk 85

Hunton Privacy

MARCH 6, 2024

On February 28, 2024, President Biden released an Executive Order (“EO”) “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”

Personal data 108

Personal data Risk Government Access 108

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. Different departments and systems hold personal data about an individual.

GDPR 40

GDPR Personal data Compliance Data breaches 40

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. This personal data was still being held by late May 2018 and had been subject to unauthorised use by a third party.

GDPR 40

GDPR Personal data Privacy Information architecture 40

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

Consumers will be permitted to request that a business disclose both the categories and specific pieces of the personal information collected. Consumers will be permitted to request that a business delete personal information it has collected about the consumer, including all data in the possession of the businesses’ vendors.

Privacy 58

Privacy Sales Compliance Cybersecurity 58

HL Chronicle of Data Protection

JULY 8, 2019

On 8 July 2019, the UK data protection authority (Information Commissioner’s Office; ICO) issued a notice of its intention to fine British Airways (BA) GBP 183.39 million) for infringements of the General Data Protection Regulation (GDPR). million (approx.

GDPR 40

GDPR Security Personal data Data breaches 40

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. DPAs have also published guidance around specific local law requirements. Be one step ahead.

Privacy 52

Privacy GDPR Data breaches Risk 52

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

Consumers will be permitted to request that a business disclose both the categories and specific pieces of the personal information collected. Consumers will be permitted to request that a business delete personal information it has collected about the consumer, including all data in the possession of the businesses’ vendors.

Privacy 58

Privacy Sales Education Compliance 58

Data Protection Report

OCTOBER 1, 2019

Law § 899-aa) differs from most states’ law in several ways including (1) using separate definitions of “personal information” and “private information;” and (2) providing factors to consider whether personal information had been acquired.

Security 40

Security Financial Services Passwords Risk 40

Data Protection Report

JULY 9, 2018

Like their European counterparts, these state laws are intended to provide consumers with greater transparency and control over their personal data. The California and Vermont laws, in particular, go beyond breach notification and require companies to make significant changes in their data processing operations.

GDPR 40

GDPR Data breaches Personal data Insurance 40

Data Protection Report

JUNE 6, 2019

Although the bill has a similarly broad definition of “personal information” and gives consumers the right to request deletion of their data, the bill also introduces new obligations on companies as a “data fiduciary”. Exempts from deletion personal information needed to complete insurance transactions.

Sales 40

Sales Privacy Insurance Manufacturing 40

DLA Piper Privacy Matters

JANUARY 13, 2020

The changes specifically introduce the following: Broader scope of prohibited content: in addition to the currently existing categories (e.g., defaming national integrity and unity), the new law prohibits publication of additional categories of content (e.g., New Personal Data Protection Law and Data Security Law.

Privacy 84

Privacy Security Personal data Compliance 84

Data Protection Report

JANUARY 25, 2019

noting that Google Ireland was not described as the entity making decisions in relation to the processing in the Privacy Policy, had no Data Protection Officer of its own covering this processing, and was not stated to have been involved in the development of the Android operating system. This was confusing; and.

GDPR 40

GDPR Personal data Privacy Compliance 40

Data Protector

OCTOBER 11, 2017

We want businesses to ensure that their customers and future customers have consented to having their personal data processed, but we also need to ensure that the enormous potential for new data rights and freedoms does not open us up to new threats. Where she finds criminality, she can prosecute.

GDPR 120

GDPR Personal data Government IT 120

Data Protection Report

OCTOBER 11, 2019

Some of these rules are quite prescriptive and may not match with what businesses have planned to do as part of their current CCPA compliance program. In response to request for access to categories of information, a business may not direct the consumer to the privacy policy, but must provide an individualized response.

Sales 40

Sales Retail Privacy Access 40

Data Matters

MARCH 4, 2021

Rather, to be covered by the VCDPA, an entity must either “(i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.”. Exemptions.

Personal data 74

Personal data GDPR Sales Privacy 74

IT Governance

JANUARY 24, 2019

Second, by failing to obtain a valid legal basis for processing personal data for ad personalisation, in violation of the GDPR’s requirements for specific and unambiguous consent for all forms of personal data processing. Well, that’ll do for this week. Visit our website for more information: itgovernance.co.uk.

GDPR 69

GDPR Privacy Personal data Government 69