When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. What constitutes a personal data breach. How to avoid data breaches.

Pandemics and Personal Data

IG Guru

Jared Walker of Zasio writes a great blog post on Pandemics and Personal Data. The post Pandemics and Personal Data appeared first on IG GURU. Business Education GDPR IG News Information Governance information privacy Privacy Risk News Sponsored COVID-19 Europe Health Information HIPAA Italy Jared Walker Medical Information Pandemic Singapore Zasio


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data. Let’s start with the circumstances under which the processing of personal data must meet the GDPR’s requirements. What constitutes personal data?

CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

Hunton Privacy

The Draft Guidance also applies to all organizations that process children’s data, not just providers of Information Society Services (“ISS”), and has a broader scope than the ICO Age Appropriate Code, covering issues such as how to address security standards, handle data breaches and use biometrics.

Personal data breaches in schools, to report or not to report?

IT Governance

Under the GDPR, all personal data breaches need to be recorded by the organisation and there should be a clear and defined process for doing so. Understanding what constitutes a personal data breach. The ICO defines a personal data breach as. “…a a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”. Examples of personal data breaches in schools.

China Implements Regulation Increasing Protections for Children’s Personal Data

Data Matters

On 22 August 2019, the Cyberspace Administration of China (CAC) announced the implementation of the Online Protection of Children’s Personal Data Regulation (????????????), (“the Regulation”) which came into force on 1 October 2019. The Regulation comprises a list of rules which seek to ensure the safety of children’s personal data and promote a healthy upbringing for children.


DLA Piper Privacy Matters

The Finnish Parliament has approved the new general Act on the Secondary Use of Social Welfare and Health Care Data (Laki sosiaali- ja terveystietojen toissijaisesta käytöstä, based on government proposal HE 159/2017) in March 2019. This fragmentation has, unsurprisingly, lead to a heavy administrative burden for the secondary users of social and health care data by parallel and slow licence procedures with various authorities. By Joonas Dammert. Background.

Fixing Data Breaches Part 1: Education

Troy Hunt

We have a data breach problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification. That was really our mandate - understanding the impact on how we verify ourselves - but I want to go back a step and focus on how we tackle data breaches themselves. Let's get started with one I raised multiple times whilst sitting in front of Congress - education.

Poland Amends Its Personal Data Protection Act

Hunton Privacy

aw Komorowski signed into law a bill that was passed by Polish Parliament on November 7, 2014, which amends, among other laws, certain provisions of the Personal Data Protection Act 1997. An ABI is similar to a data protection officer but an ABI has narrower responsibilities that predominantly concern data security. European Union International Adequacy Binding Corporate Rules Data Controller Data Protection Authority Data Transfer EU Member States Poland

Protecting Sensitive Company Data: How to Educate Employees


With the problem growing, and the attacks getting more sophisticated, there has never been a better time to learn how to defend your business’s data and protect your employees. In this article, we will examine how to educate your employees so that a lethal hack does not disrupt your business. Employees must know to keep all personal data and passwords separate from the company’s pool as that can add to the layers of susceptibility.

Hong Kong Personal Data (Privacy) Ordinance Amended

Hunton Privacy

On June 27, 2012, the Hong Kong Legislative Council passed a bill to amend the Personal Data (Privacy) Ordinance (the “Ordinance”). The amendment establishes a number of changes and new requirements, but the principal changes include provisions imposing increased notification and consent requirements for data users that seek to: sell personal data; use personal data for their own direct marketing purposes; or.

Plaintiff is Able to Get Some Subpoenas for Personal Data Quashed, But Not All: eDiscovery Case Law

eDiscovery Daily

Lasnik granted in part and denied in part the plaintiff’s motion to quash subpoenas for personal phone records and bank records, finding that phone records before the plaintiff’s hand injury on the defendant’s fishing boat were “of vital importance to defendants’ theory of the case” , but that the need for pre-incident bank records was not proportional to the needs of the case and that, with regard to subpoenas of post-incident data, defendants were “fishing”. In Delgado v.

Teaching Cybersecurity to Children

Schneier on Security

By the time kids are in third and fourth grade, they’ll be taught how to identify the personal data that may be stored by online services, and how that can reveal their location or identity. Uncategorized children cybersecurity generations privacy security education

Singapore Personal Data Protection Commission Publishes Two Advisory Guidelines and Anticipates Promulgation of PDPA Regulations

Hunton Privacy

On May 16, 2014, the Singapore Personal Data Protection Commission (the “Commission”) published advisory guidelines for the implementation of its Personal Data Protection Act (the “PDPA”) for two industry sectors. The guidelines were published on the same day on which the Commission held its well-attended Personal Data Protection Seminar focusing on international perspectives on data governance.

French DPA Releases New Guidance on Personal Data Security

Hunton Privacy

On October 7, 2010, the French Data Protection Authority (the “CNIL”) released its first comprehensive handbook on the security of personal data (the “Guidance”). The Guidance provides general recommendations and best practices aimed at assisting data controllers with the implementation of appropriate security measures. The Guidance is divided into 17 chapters, each dealing with a specific topic about data security, including: Identifying data security risks.

Subject access requests: how do I retrieve my data from an organisation?

IT Governance

Under the EU General Data Protection Regulation (GDPR) , as an individual (known as the ‘data subject’), you have eight rights. Your ‘right of access’, set out in Article 15 of the Regulation, requires data controllers (organisations that control the processing of your data) to confirm whether they are processing your personal data and, if they are, provide you with a copy of that data – as long as doing so doesn’t adversely affect the rights and freedoms of others.

Google to Give Effect to Right to Remove Personal Data from Search Results

Hunton Privacy

The expectations of individuals and data protection authorities (“DPAs”) across Europe as to how this balancing test should apply are likely to differ. DPAs will be expected to provide guidance to search providers and to help educate individuals as to the scope of the removal right described in Costeja. On May 30, 2014, Google posted a web form that enables individuals to request the removal of URLs from the results of searches that include that individual’s name.

Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

Hunton Privacy

Court of Appeals for the Second Circuit affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. As reported on the Hunton Retail Law Blog , on April 26, 2021, the U.S.

Risk 67

Hackers Release Student Data Following Ransomware Attack

Adam Levin

Ransomware operators have released the personal data of students in the Clark County School District in Nevada after officials refused to pay to have their files decrypted. District officials have been thus far unable to verify the data.

Businesses to Assist NHS Test and Trace Efforts

Hunton Privacy

Establishments and companies in the UK will therefore be responsible for the additional collection and potential sharing of customers’ personal data. Any entity engaging in this kind of data collection will need to comply with the requirements of data protection law.

University fundraising under scrutiny after data breach allegations

The Guardian Data Protection

Information Commissioner to look at evidence of wealth screening of former students before approaches made for donations University fundraising is to be examined by the Information Commissioner after allegations emerged that the personal data of some alumni was being misused. She said she would assess whether any rules had been broken and if institutions had failed to tell people their personal information would be shared.

European Commission Releases White Paper on Regulation of AI and Communications on Digital and Data Strategies for Europe

Hunton Privacy

In addition, the Commission published two communications—its European strategy for data and a Digital Strategy document entitled “Shaping Europe’s Digital Future.”. It covers everything from cybersecurity to critical infrastructures, digital education to skills, democracy to media.

NT Analyzer Webinar: Solving Apple’s new app privacy requirement

Data Protection Report

Starting December 8th, Apple will require developers to provide extensive, granular information about their app’s privacy practices, such as the type of data collected from users, third-party data usage and specific purpose of collection. The Apple dashboard allows you to review the data types and categories as defined by Apple. It does not include the exact data pieces (as sharing that with Apple would violate several privacy laws). Continuing education.

Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children

Hunton Privacy

Given the extraterritorial reach of the UK Data Protection Act 2018, organizations based outside of the UK may be subject to the code, which is expected to take effect by the end of 2019. The draft code was published in accordance with the ICO’s obligation under section 123 of the Data Protection Act 2018 to prepare a code of practice on standards of age-appropriate design of online services likely to be accessed by children.


Is your school GDPR-compliant? Use our checklist to find out

IT Governance

How was it possible for someone to be so misguided about such a well-publicised regulation, the requirements of which have huge ramifications for the way organisations handle personal data? It continues to be effective for any organisation that processes the personal data of, or monitors the behaviour of, EU residents. Additionally, schools process large amounts of children’s data, which merits extra protection. Cyber Security Education

Security testers breach university cyber defences in two hours

IT Governance

The organisation’s penetration testers were successful in every attempt, accessing personal data of students and staff, finance systems and research networks. John Chapman, the head of Jisc’s security operations centre, warned that the vulnerabilities could be a sign of an impending “disastrous data breach or network outage”. By simulating an attack, we can detect your vulnerabilities and work with you to protect your valuable data and research.

How situational analysis helps your school become #BreachReady

IT Governance

In this blog, we’ll consider situational analysis, how to assess what’s happening in the school and how to support staff to protect the data in their care. There are several ways to reduce the likelihood and severity of data breaches. Understand what’s happening on the ground: conduct a data walk. Taking a walk around the school helps identify what’s really happening with data and how it is (or isn’t) protected. This can be done with your DPO (data protection officer).

An essential GDPR guide for schools

IT Governance

The EU GDPR ( General Data Protection Regulation ) places greater obligations on how organisations handle personal data – including schools. Whatever their size or setting, schools and trusts are expected to demonstrate compliance with the Regulation and put in place measures to protect the data under their care. Pre-order today to save 10% >> Education EU GDPR


Draft Released in the Philippines Implementing Rules for the Data Privacy Act

Hunton Privacy

On June 17, 2016, the National Privacy Commission (the “Commission”) of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012 (“IRR”), for public consultation. Under the IRR, the processing of personal data has to adhere to the principles of transparency, legitimate purpose and proportionality. The IRR defines personal data as personal information, sensitive information and privileged information.

CIPL Publishes Paper Highlighting the Need for a Brazilian Data Protection Authority

Hunton Privacy

It also outlines and describes what should be the ANPD’s priorities once it is established, in order for it to make the best possible use of its initial resources, and have the most effective results in protecting Brazilians’ personal data and ensuring the success of the LGPD.

Paper 66

Advocate General Rejects Facebook’s Claim of Sole Irish Jurisdiction in EU

Hunton Privacy

On October 24, 2017, an opinion issued by the EU’s Advocate General Bot (“Bot”) rejected Facebook’s assertion that its EU data processing activities fall solely under the jurisdiction of the Irish Data Protection Commissioner. Although Facebook’s EU data processing activities are handled jointly by Facebook, Inc.


Appointing a data protection officer: A quick guide for schools and multi-academy trusts

IT Governance

Whatever the size and setting of your school, the General Data Protection Regulation (GDPR) places high expectations on protecting the personal data of your data subjects, especially children. Sensitive personal data is a specific set of “special categories” that must be treated with extra security, such as genetic and biometric data. They are the point of contact for data subjects and the Information Commissioner’s Office.

The heat is on, is your school #BreachReady?

IT Governance

Welcome to the new education sector blog series. In our first blog ( sign up to the series here ) , we explore data breaches. Across all sectors and organisation sizes, simple mistakes such as emailing and posting or faxing information to the wrong people top the Information Commissioner’s Office’s (ICO’s) quarterly statistics in data security incidents. Protecting data should be part of a school’s culture much in the same way as safeguarding.

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

Virginia’s Governor signed the Virginia Consumer Data Protection Act (“VCDPA”) into law on March 2, 2021. during a calendar year, control or process personal data of at least 100,000 consumers, or. control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data. Uncategorized Data Protection VCDPAAuthor: Jim Halpert.

CIPL Points to Transparency as Key Catalyst for Innovative Information Economy

Hunton Privacy

According to Heyder, the complexities of information practices in the digital economy can lead to a sense of suspicion and lack of trust in society towards the organizations that collect and use personal data, potentially causing overreactions to otherwise perfectly legitimate and beneficial uses of personal data.

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention. The line between personal and professional use of digital tools and services, which was blurry even before the global pandemic, has now been obliterated by Covid-19.

Senate Democrats Unveil Privacy and Data Protection Framework

Hunton Privacy

On November 18, 2019, the ranking members from four Senate Committees­ (Senator Maria Cantwell (WA) from Commerce, Senator Dianne Feinstein (CA) from Judiciary, Senator Sherrod Brown (OH), and Senator Patty Murray (WA) from Health, Education, Labor and Pensions) released a set of “core principles” for federal privacy legislation. These break down more specifically as follows: Establish Data Safeguards.

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

For over two and a half years, California has enjoyed the spotlight of having the most comprehensive data privacy law in the United States. Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA). The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). the purpose for processing personal data.

CIPL: Eight Privacy Priorities for 2020 and Beyond

Hunton Privacy

Around the world, new privacy laws are coming into force and outdated laws continue to be updated: the EU General Data Protection Regulation (“GDPR”), Brazil’s Lei Geral de Proteção de Dados Pessoais (“LGPD”), Thailand’s Personal Data Protection Act, India’s and Indonesia’s proposed bills, California’s Consumer Privacy Act (“CCPA”), and the various efforts in the rest of the United States at the federal and state levels. Promoting Accountable Free-Flow of Data.


Virginia’s new Consumer Data Protection Act

Data Protection Report

On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act , which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). institution of higher education.