Data collection, Exercises and Security - Information Management Today

Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act

Hunton Privacy

FEBRUARY 2, 2022

On January 28, 2022, in celebration of Data Privacy Day, the Colorado Attorney General’s Office issued prepared remarks from Colorado Attorney General Phil Weiser and published guidance on data security best practices. Regularly reviewing and updating security policies.

Privacy

Privacy Security Data breaches Ransomware

Facebook's Download-Your-Data Tool Is Incomplete

Schneier on Security

MARCH 2, 2020

Privacy International has the details : Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook.

Personal data

Personal data GDPR Data collection Privacy

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

The presence of cameras poses an unacceptable risk to national security. That [risk has] obviously been there, I might say, for some time and predates us coming into office but, that said, it’s important that we go through this exercise and make sure that our facilities are completely secure,” Marles added.

Manufacturing

Manufacturing Government Risk Communications

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

DLA Piper Privacy Matters

AUGUST 8, 2022

This generally include, the categories personal data being processed by key functions, data sharing with third parties, approach to exercise data subject rights, complaining channels, etc. whether these data processing activities will bring high risks to the data subject.

Privacy

Privacy Personal data Data collection Access

Monitoring the dark web to identify threats to energy sector organizations

Security Affairs

MAY 17, 2023

Dark web intelligence is a fantastic resource for informing an organization’s security posture, helping the security team spot early indicators of attack and feeding their threat models. The threat actors offered detailed instructions on how to exploit known vulnerabilities in Internet-facing ICS systems. We are in the final!

Energy and Utilities

Energy and Utilities Sales Access Data collection

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

Under the European Union’s General Data Protection Regulation (GDPR), individuals have the right to access personal data collected about them, and to exercise that right easily and at reasonable intervals.

GDPR

GDPR Personal data Data collection Access

New York City Council Passes Tenant Data Privacy Act

Hunton Privacy

MAY 13, 2021

Building owners would need to provide a “plain language” privacy policy to tenants that discloses (1) the data elements the smart access system collects; (2) the third parties the data is shared with; (3) how the data is safeguarded; and (4) how long the data will be retained. Security safeguards.

Data Privacy

Data Privacy Privacy Authentication Passwords

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. Data transfer to third party processors and contractual provisions for lawful processing.

GDPR

GDPR Compliance Data collection Privacy

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The proposed regulation provides the people of Colorado with a mechanism to protect their personal data rights by making requests directly to data controllers, or businesses who control their personal data. Authentication (Rule 4.08).

Privacy

Privacy Personal data Data collection Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. Similarly, the personal data of more than 750,000 web users had been retained for five to ten years from the date of their last order.

GDPR

GDPR Personal data Data collection Marketing

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR applies to any organization that processes the personal data of European residents, regardless of where that organization is based. Finally, the GDPR applies to the processing of personal data for virtually any reason: commercial, academic, governmental, and otherwise. Consents cannot be bundled, either.

GDPR

GDPR Compliance Personal data Privacy

Biden AI Order Enables Agencies to Address Key Risks

Hunton Privacy

OCTOBER 31, 2023

President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. Standards for AI Safety and Security Red-teaming requirements. Developers must also share the results of “red-team” exercises with the government. Developers must also share the results of “red-team” exercises with the government.

Risk

Risk Artificial Intelligence Privacy Military

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. A security breach at Netsential, a Houston-based web hosting company, which primarily serves law enforcement agencies and fusion centers is thought to be the source of the leak.

Data collection

Data collection Cybersecurity Risk Security

ICO Releases COVID-19 Guidance for Re-Opening Workplaces

Hunton Privacy

JUNE 24, 2020

Specifically, the ICO emphasizes that: While gathering additional data relating to the pandemic may be acceptable, employers should only collect what is reasonably necessary to ensure a safe workplace. If the same result could be achieved without collecting personal information, further collection should be avoided.

Data collection

Data collection Privacy Security Personal data

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

It applies to nearly any organization that processes EEA residents’ data for any purpose. The only data processing activities exempt from the GDPR are national security or law enforcement activities and purely personal uses of data. The organization offers data subjects easy ways to exercise their rights.

GDPR

GDPR Compliance Personal data Privacy

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

For example, data collected by an entity may not be associated with an individual but could identify a household. The CCPA applies to for-profit entities that both collect and process the PI Information of California residents and do business in the State of California, without a physical presence in California being a requirement.

Privacy

Privacy GDPR Digital transformation Sales

Not every DNS traffic spike is a DDoS attack

IBM Big Data Hub

FEBRUARY 6, 2024

Proving or disproving that a DDoS attack happened can be a thorny issue for network administrators and even security teams. If you’re using a basic pre-packaged registrar Domain Name System (DNS) offering, you probably don’t have access to DNS traffic data at all. “Which IP has been causing those high QPS records?”

Data collection

Data collection Access IT Security

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Hunton Privacy

MAY 17, 2023

“Consumer” means an individual resident or domiciled in Florida and does not include an individual acting in a commercial or employment context.

Privacy

Privacy Personal data Sales Government

How to Prepare for the Metaverse

AIIM

MARCH 29, 2022

As metaverse technology stacks expand and become more available, cheaper, and connected, the conception of use cases across all sectors becomes a contagious exercise. Data architecture is probably the first to rank. Integration and data consumption will redefine their order of magnitude, and AI will be the de facto standard.

Blockchain

Blockchain Manufacturing Retail Privacy

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

OCTOBER 31, 2019

An updated draft of China’s Amended Personal Information Security Specification (“Amended PIS Specification”) and proposed new amendments to the privacy specification for mobile apps (“App Privacy Specification”) were published this week, alongside brand new draft privacy regulations for the banking sector.

Data Privacy

Data Privacy Privacy Data collection Data breaches

New China Guideline for Internet Personal Information Security Protection

Data Protection Report

DECEMBER 5, 2018

On 30 November 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments. Introduction. technical measures; and. Management Mechanisms.

Information Security

Information Security Security Authentication Passwords

Navigating China: The digital journey

DLA Piper Privacy Matters

NOVEMBER 5, 2019

Episode 6: Further developments in PRC data privacy regulations. Helpful clarification is provided as to when and how Personal Information Security Impact Assessments (PIIAs) must be conducted. staff, data subjects, business partners etc.). Clarity that data controllers are liable for their data processors’ acts and omissions.

Data collection

Data collection Data breaches Privacy Information Security

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

China’s Cyber Security Law ( CSL ), enacted in 2016, requires operators of critical information infrastructure ( CII ) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China.

Financial Services

Financial Services Data collection Security Communications

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Main takeaways from the EDBP guidelines are: Connected vehicles raise various privacy and data protection concerns, such as the lack of control and information asymmetry, the risk of excessive data collection; the risk of unlawful further processing of personal data; Most data associated with connected vehicles are considered as personal data (e.g.

Privacy

Privacy Personal data GDPR Insurance

CNIL Publishes Internet Sweep Results on Connected Devices

Hunton Privacy

SEPTEMBER 27, 2016

The sweep was conducted in May 2016 to assess the quality of the information provided to users of connected devices, the level of security of the data flows and the degree of user empowerment ( e.g. , user’s consent and ability to exercise data protection rights).

Personal data

Personal data Data collection Privacy Access

ENISA Publishes Report on the Right to Be Forgotten

Hunton Privacy

DECEMBER 4, 2012

On November 20, 2012, the European Network and Information Security Agency (“ENISA”) published a new report entitled “ The Right to Be Forgotten – Between Expectations and Practice.” Consider how to deal with offline storage equipment once the right to be forgotten has been exercised.

Personal data

Personal data Information Security Data collection Paper

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

verifying the data security measures implemented. The third step will be completed once organizations have implemented measures to protect data subjects concerned with their data processing activities and have identified those data processing activities that involve a privacy risk.

GDPR

GDPR Personal data Compliance Privacy

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

Performing a task carried out in the public interest: Article 6(1)(e) of the GDPR may also provide a legal basis where data processing is necessary to perform a task carried out in the public interest or in the course of exercising official authority vested in the data controller.

Personal data

Personal data GDPR Risk Insurance

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

Security measures in place. In the case under analysis, the amount of € 2.6 The processing activities, carried out in breach of the applicable legislation, affected and continue to affect a considerable number of stakeholders (identified by the Garante as 18,864 individuals).

Personal data

Personal data GDPR e-Delivery Communications

New Research Shows Why and How Zoom Could Become an Advertising Driven Business

John Battelle's Searchblog

APRIL 19, 2020

Press reports about “ Zoom bombing ” began dominating the headlines, and as reporters dug in, so did reports of significant (and long ignored) security failings. Zoom responded quickly , freezing product development and focusing entirely on fixing critical security issues. And that why comes down to capitalism.

Privacy

Privacy Data collection Marketing Communications

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Hunton Privacy

NOVEMBER 5, 2020

The absence of the Article 14 information also made it difficult for individuals to exercise their rights under the GDPR. Personal data collected for credit referencing purposes was being used for limited direct marketing purposes, without informed consent from individuals.

Marketing

Marketing Compliance Personal data GDPR

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number or passport number. geolocation data. Specific categories defined as personal information include. biometric information.

GDPR

GDPR Privacy Sales Data breaches

FTC Releases Report on Internet of Things

Hunton Privacy

JANUARY 28, 2015

On January 27, 2015, the Federal Trade Commission announced the release of a report on the Internet of Things: Privacy and Security in a Connected World (the “Report”). With respect to legislation, the FTC “does not believe that the privacy and security risks, though real, need to be addressed” by legislation or regulation at this time.

Privacy

Privacy Risk Data collection Education

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number or passport number. geolocation data. Specific categories defined as personal information include. biometric information.

GDPR

GDPR Privacy Sales Data breaches

In California, Data Privacy Foresight is 2020: Data Privacy Trends

eDiscovery Daily

JULY 5, 2018

The bill requires companies to disclose personal data collected when a consumer requests it, up to two times a year, and to delete and stop selling the personal information to third parties upon request.

Data Privacy

Data Privacy Privacy Sales Data collection

Essential guidance for employers implementing COVID-19 measures at the workplace

Data Protection Report

SEPTEMBER 16, 2021

However, employers may exercise their right to terminate the service of an unvaccinated employee or place him/her on no-pay leave if he/she fails to comply with any VoRT measures that are in place. PDPC advisory on the collection of personal data at the workplace for COVID-19 contact tracing.

Personal data

Personal data Data collection Risk Access

UK Information Commissioner’s Office Releases Assessment of Google Street View

Hunton Privacy

JULY 30, 2010

In a statement released on July 29, 2010, the UK Information Commissioner’s Office (“ICO”) has found that the information collected by Google from unsecured WiFi networks during the Street View photography capture exercise “does not include meaningful personal details that could be linked to an identifiable person.”

Data collection

Data collection Personal data IT Information Security

Obama’s Framework for “Consumer Data Privacy” And My “Data Bill of Rights”

John Battelle's Searchblog

FEBRUARY 26, 2012

Individual Control : Consumers have a right to exercise control over what personal data companies collect from them and how they use it. ? Transparency : Consumers have a right to easily understandable and accessible information about privacy and security practices. ? First, the Administrations’ key points: ?

Data Privacy

Data Privacy Privacy Personal data Data collection

California Consumer Privacy Act: The Challenge Ahead – The Impact of the CCPA on Data-Driven Marketing and Business Models

HL Chronicle of Data Protection

NOVEMBER 30, 2018

While businesses maintaining first-party relationships with consumers may be able to develop a consumer-friendly and convenient mechanism for informing consumers at or before data collection, non-consumer-facing third parties may find complying with notice requirements to be challenging.

Marketing

Marketing Privacy Sales Compliance

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

web analytics, in aggregate form); (iv) for IT security purposes; (v) for a software update; and (vi) to locate the end user’s device in the event of an emergency communication. Member states typically have resisted the CJEU’s jurisprudential incursions into national security matters, which many of them see as a core sovereign power.

GDPR

GDPR Metadata Communications Privacy

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. Genetic Data: California Data Breach Notification and Data Security Law Amendment Bill.

Privacy

Privacy Insurance Security Data breaches

Business Forum for Consumer Privacy Introduces New Data Protection Model

Hunton Privacy

DECEMBER 21, 2009

The roundtable was a first step in the FTC’s effort to re-examine privacy protection in light of rapid, dynamic changes in technology, advances in data analytics and increasingly ubiquitous data collection and use.

Privacy

Privacy Paper Data collection Analytics

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (important guest post)

Architect Security

SEPTEMBER 24, 2020

And when thousands of protesters are out on the street, the opportunity is ripe for law enforcement to not only surveil the scene but to collect personal information that it can then hold on to for a long time. ” The NYPD did not respond to a request for a comment about its data-collection practices during the current protests.

Data collection

Data collection Paper Metadata Access

Back At The Negotiating Table: CCPA Amendments Debate Continues

Data Protection Report

JULY 16, 2019

Here are the key changes: Under the current draft, employers will not be exempt from providing a privacy notice to employees – employers must provide employees with notice at or before the point their personal information is collected as to the categories of personal information to be collected and why.

Privacy

Privacy B2B Data breaches Data collection

Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act

Facebook's Download-Your-Data Tool Is Incomplete

Webinars

Trending Sources

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Webinars

CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

Monitoring the dark web to identify threats to energy sector organizations

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

New York City Council Passes Tenant Data Privacy Act

Guest Post - Three Critical Steps for GDPR Compliance

Colorado AG Publishes Draft Colorado Privacy Act Rules

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

How to implement the General Data Protection Regulation (GDPR)

Biden AI Order Enables Agencies to Address Key Risks

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

ICO Releases COVID-19 Guidance for Re-Opening Workplaces

GDPR compliance checklist

How to prepare for the California Consumer Privacy Act

Not every DNS traffic spike is a DDoS attack

Florida Comprehensive State Privacy Law Sent to Governor for Signature

How to Prepare for the Metaverse

CHINA: important new developments in PRC data privacy regulations

New China Guideline for Internet Personal Information Security Protection

Navigating China: The digital journey

“Am I a CII operator?” – New regulation in China provides more clarity

EUROPE: New privacy rules for connected vehicles in Europe?

CNIL Publishes Internet Sweep Results on Connected Devices

ENISA Publishes Report on the Right to Be Forgotten

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

New Research Shows Why and How Zoom Could Become an Advertising Driven Business

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

California Enacts Broad Privacy Laws Modeled on GDPR

FTC Releases Report on Internet of Things

California Enacts Broad Privacy Protections Modeled on GDPR

In California, Data Privacy Foresight is 2020: Data Privacy Trends

Essential guidance for employers implementing COVID-19 measures at the workplace

UK Information Commissioner’s Office Releases Assessment of Google Street View

Obama’s Framework for “Consumer Data Privacy” And My “Data Bill of Rights”

California Consumer Privacy Act: The Challenge Ahead – The Impact of the CCPA on Data-Driven Marketing and Business Models

EU Council Agrees on Proposed ePrivacy Regulation

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Business Forum for Consumer Privacy Introduces New Data Protection Model

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (important guest post)

Back At The Negotiating Table: CCPA Amendments Debate Continues

Stay Connected