IT Governance

JUNE 28, 2018

Ticketmaster has set up a website to answer customers’ questions and has offered them 12 months’ free identity monitoring. Supply-chain security. The incident highlights the importance of supply-chain security, especially now the GDPR (General Data Protection Regulation) is in effect. GDPR compliance checklist.

Data breaches 61

Data breaches GDPR Compliance Sales 61

IT Governance

APRIL 9, 2019

Originally published December 2017. With the number of data breaches increasing every year, they are now a huge issue for organisations. It should be obvious that it’s a priority for companies to learn how to keep data secure. It should be obvious that it’s a priority for companies to learn how to keep data secure.

Data breaches 75

Data breaches GDPR Compliance Risk 75

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR 40

GDPR Personal data Privacy Information architecture 40

Hunton Privacy

APRIL 28, 2017

On April 27, 2017, the German Federal Parliament adopted the new German Federal Data Protection Act ( Bundesdatenschutzgesetz ) (“new BDSG”) to replace the existing Federal Data Protection Act of 2003. The GDPR allows for certain EU Member State deviations from the text of the GDPR. This post has been updated. .

GDPR 49

GDPR Personal data Information Security Security 49

IT Governance

NOVEMBER 22, 2018

With only 40% of organisations confident that they can prevent cyber attacks and 42% of micro/small businesses identifying at least one breach or attack in the last 12 months, it is only too clear why businesses need to invest more in cyber security. However, it’s not just the organisation’s profitability that can be hit.

Security 87

Security Government GDPR Compliance 87

IT Governance

AUGUST 21, 2018

Data breaches. What steps will the ICO (Information Commissioner’s Office) take to ensure organisations comply with the recently enforced GDPR (General Data Protection Regulation)? Customers of the Adidas.com website may have been affected by a breach after an unauthorised party gained access to customer data.

Retail 66

Retail Data breaches GDPR Compliance 66

Hunton Privacy

DECEMBER 20, 2017

On December 12, 2017, the Article 29 Working Party (“Working Party”) published its guidelines on transparency under Regulation 2016/679 (the “Guidelines”). The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”).

GDPR 62

GDPR Personal data Privacy Communications 62

CGI

DECEMBER 19, 2017

GDPR: It’s Christmas – A time of good FEAR! Tue, 12/19/2017 - 14:18. The biggest regulatory driver in 2018 will be the introduction of the General Data Protection Regulation (GDPR) in May. Larger organisations have certainly started to appoint senior executives to data protection and privacy ownership roles.

GDPR 40

GDPR Insurance Risk Privacy 40

IT Governance

AUGUST 27, 2018

A good cyber security strategy should be built on firm foundations. However, before spending money on the latest security tools or consultants, consider what you could do with the resources you already have. On the flip side, robustness of cyber security is now a genuine criterion for winning and maintaining business contracts.

Security 73

Security Data breaches Risk GDPR 73

IT Governance

APRIL 16, 2018

Last week the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) released their annual report on the cyber threats facing UK businesses. The report examines how cyber activity has impacted UK businesses over the past 12 months and the future threats they will face. Cloud security. Data breaches.

Security 64

Security Data breaches IoT Cloud 64

Hunton Privacy

OCTOBER 5, 2016

In September, the Centre for Information Policy Leadership (“CIPL”) held its second GDPR Workshop in Paris as part of its two-year GDPR Implementation Project. There was a sense of shared responsibility for the successful and timely implementation of the GDPR between industry, DPAs, national governments and the EU Commission.

GDPR 49

GDPR Risk IT Compliance 49

IT Governance

JANUARY 10, 2019

This week, we discuss a high-profile German data breach, the top worst passwords of 2018, the resignation of NHS Digital’s CISO, and Microsoft’s latest patches. Coincidentally, SplashData has just published its annual list of 100 weak passwords, culled from the previous 12 months’ publicly disclosed data breaches. 123456789.

Data breaches 77

Data breaches Passwords GDPR Personal data 77

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4].

GDPR 49

GDPR Personal data Communications Government 49

Data Protector

OCTOBER 11, 2017

What follows below is an edited version of the debate in the House of Lords of the Second Reading of the Data Protection Bill, held on 10 October. Data is not just a resource for better marketing, better service and delivery. Data is used to build products themselves. It has become a cliché that data is the new oil.

GDPR 120

GDPR Personal data Government IT 120

Data Matters

MARCH 10, 2021

The first draft of the ePrivacy Regulation was approved by the European Commission in 2017 and has since been under discussion in the Council. The GDPR also supplements the ePrivacy rules on the protection of personal data. Organizations subject to the ePrivacy Regulation on a purely extraterritorial basis (i.e.,

GDPR 68

GDPR Metadata Communications Privacy 68

Hunton Privacy

DECEMBER 7, 2017

On December 1, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its Guidelines on Personal Data Breach Notification (the “Guidelines”). Risk Assessment.

Data breaches 45

Data breaches Personal data GDPR Risk 45

IT Governance

NOVEMBER 23, 2017

The Payment Card Industry Data Security Standard (PCI DSS) was created to enhance cardholder data security. Any merchant or service provider that processes, transmits or stores cardholder data is required to comply with the Standard. 12 December 2017, 3:00 – 4:00 pm (GMT).

GDPR 65

GDPR Compliance Personal data Risk 65

IT Governance

OCTOBER 9, 2018

The ICO (Information Commissioner’s Office) has fined Heathrow Airport £120,000 for failing to secure sensitive personal data after a member of public found an unencrypted USB stick containing data about the airport’s staff. How did the data breach occur? However, the ICO hasn’t confirmed this. Maximum penalty.

Data breaches 65

Data breaches Personal data Libraries Information Security 65

DLA Piper Privacy Matters

FEBRUARY 13, 2018

The long awaited new National Standards on Information Security Technology – Personal Information Security Specification GB/T 35273-2017 (“PI Specification”) has now been released, and will come into force on 1 May 2018. The term “data administrator” has been replaced by “data controller”.

Information Security 40

Information Security Compliance GDPR Big data 40

IT Governance

JULY 19, 2018

This week, we discuss a £200,000 fine for the IICSA, a move to suspend the EU-US Privacy Shield, how much a data breach might cost your organisation, and the sentencing of two National Lottery hackers. The IICSA has apologised to the affected individuals and amended its processes for handling personal data.

Data breaches 66

Data breaches Privacy Personal data Compliance 66

Hunton Privacy

JANUARY 18, 2018

On January 10, 2018, the Law of 3 December 2017 creating the Data Protection Authority (the “Law”) was published in the Belgian Official Gazette (available in French and Dutch ). The Law was submitted in the Chamber of Representatives on August 23, 2017, and was approved by the Parliament in plenary meeting on November 16, 2017.

Privacy 55

Privacy Computer and Electronics Personal data GDPR 55

IT Governance

MARCH 14, 2018

Robust information security practices are critical to the legal sector – yet there is a notable gabetween the risks that firms face and their ability to mitigate them. Every law firm faces information security risks. However, as the bill is yet to be enacted, we refer to the GDPR.).

GDPR 70

GDPR Information Security Compliance Phishing 70

Privacy and Cybersecurity Law

AUGUST 1, 2018

The ICO has been involved in producing significant GDPR guidance in the last 12 months and has also run an internal change management process to ensure it is up to the demands placed upon it by GDPR (think: extra staff, new breach reporting functions and helplines). The ICO has produced a Guide to GDPR – definitely worth a read.

GDPR 40

GDPR Data breaches Personal data Privacy 40

CGI

DECEMBER 5, 2018

Wed, 12/05/2018 - 05:27. Some organisations were under huge pressure to implement systems and processes to meet their immediate GDPR obligations by the regulatory deadline. So much so that, except where GDPR demanded it, their planning horizons stopped at the go-live date. GDPR-related situations and questions.

GDPR 40

GDPR Metadata Personal data Compliance 40

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events.

Data breaches 71

Data breaches Personal data Access GDPR 71

IT Governance

NOVEMBER 14, 2017

Even though all merchants and service providers that store, process or transmit cardholder data are required to comply with the Payment Card Industry Data Security Standard ( PCI DSS ), many do not. To use PCI compliance as the starting point for a security strategy, it is important to conduct a gap analysis.

Compliance 66

Compliance Encryption GDPR Security 66

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Part one covers January to June, and will be followed by part in the coming days.

Data breaches 69

Data breaches GDPR Passwords Personal data 69

Data Protection Report

AUGUST 8, 2017

The German federal labor court held in a recent decision ( Bundesarbeitsgericht , 27 July 2017 – case no. The decision is also consistent with the Article 29 Working Party’s recent guidance regarding data processing at work ( WP 249 ) and prior guidance regarding the surveillance of electronic communications in the workplace ( WP 55 ).

Computer and Electronics 40

Computer and Electronics Insurance Privacy GDPR 40

ARMA International

FEBRUARY 21, 2020

A company in Wisconsin had a “chipping party” in 2017 to implant microchips in some of its employees to make it easier for them to access the buildings and systems and to buy food in the company break room. [1]. Once connected, data can be exchanged, and the body and device can be remotely monitored and controlled.”

Computer and Electronics 105

Computer and Electronics Privacy Artificial Intelligence IoT 105

IT Governance

NOVEMBER 24, 2017

Hello and welcome to the IT Governance podcast for Friday, 24 November 2017. The controversial ride-sharing company Uber admitted this week that it covered up a massive data breach last October instead of notifying regulators and those affected as required by law. It almost makes Equifax’s data breach response look good.

Data breaches 65

Data breaches Access Blockchain Cloud 65

Data Matters

SEPTEMBER 29, 2021

Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? But what about other contexts?

Privacy 97

Privacy e-Discovery Computer and Electronics e-Delivery 97

DLA Piper Privacy Matters

DECEMBER 13, 2017

On 12 December 2017, the Article 29 Working Party (WP29) published draft Guidelines on Consent under the General Data Protection Regulation (GDPR). The Guidelines apply a strict interpretation of the principles that underpin valid consent in the GDPR. Elements of Valid Consent. Freely Given.

GDPR 40

GDPR Personal data Retail Data collection 40

IT Governance

OCTOBER 11, 2018

Hello and welcome to the IT Governance podcast for Friday, 12 October. As many as 438 third-party apps were potentially able to access the data of up to 500,000 Google+ account holders without their permission because of a vulnerability in one of its APIs. Here are this wee- actually, can we have a quick word about that theme tune?

Personal data 73

Personal data Manufacturing Data breaches Government 73

Data Matters

JULY 16, 2018

*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018. Regulation is also appropriate to discipline abusive data practices that discriminate, defame or embarrass on the basis of race or other sensitive category, or to tame practices that egregiously insult human dignity.

Privacy 74

Privacy Cloud Artificial Intelligence Data Privacy 74

eDiscovery Daily

NOVEMBER 30, 2017

It’s December 1st, which can only mean one thing – it’s E-Discovery Day 2017! According to Exterro, the organizer of the event, there were over 1,500 webinar participants in 12 webinars last year and 7 in-person events. The Case is Done but the Data’s Still Everywhere. How can the researcher best access this invaluable data?

e-Discovery 56

e-Discovery GDPR Education Authentication 56

DLA Piper Privacy Matters

NOVEMBER 6, 2018

In the run up to the implementation of the EU General Data Protection Regulation 2016/679, there were various dystopian predictions of huge fines and the rise of US style class action. He also sent copies of the data to three UK newspapers anonymously, one of which notified Morrisons of the issue. Morrisons #2 Court of Appeal.

Insurance 45

Insurance Data breaches Personal data GDPR 45

DLA Piper Privacy Matters

MAY 31, 2018

PECR sits alongside the Data Protection Act 2018 and the GDPR and provide data subjects with specific privacy rights in relation to electronic communications. There are specific rules on: • marketing calls, emails, texts and faxes; • cookies (and similar technologies); • keeping communications services secure; and.

Government 40

Government Marketing Communications Privacy 40