Events and Personal data - Information Management Today

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data

Personal data GDPR Access Marketing

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality. Exceptions.

Personal data

Personal data Data breaches GDPR Compliance

CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

DLA Piper Privacy Matters

MAY 16, 2023

However, its effects have already been felt by some international businesses. So what should international businesses do to respond to these new risks? The new law broadens the scope of espionage activities, as well as the power for authorities to carry out anti-espionage investigations by gaining access to data and property.

IT

IT Compliance Communications Risk

List of Data Breaches and Cyber Attacks – May 2023

IT Governance

JUNE 1, 2023

You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents. Also be sure to check out our new page, which provides a complete list of data breaches and cyber attacks for 2023. million) Apria Healthcare suffers security breach (1.8

Data breaches

Data breaches Ransomware Insurance Personal data

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. “Employees” is broadly understood as including permanent employees, temporary workers, interns and trainees, civil servants, apprentices, etc. Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is the key contact for the CNIL and data subjects. Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

List of Data Breaches and Cyber Attacks in June 2022 – 34.9 Million Records Breached

IT Governance

JUNE 30, 2022

Welcome to our June 2022 review of data breaches and cyber attacks. You can find the full list below, broken down into categories. We identified 80 security incidents during the month, resulting in 34,908,053 compromised records. Cyber attacks. Ransomware. hit by cyber criminals (unknown) Acorda Therapeutics, Inc.

Data breaches

Data breaches Ransomware Personal data Blockchain

What is data loss and how does it work?

IT Governance

OCTOBER 6, 2020

Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). In this blog, we explain what you need to know and provide data loss prevention tips.

IT

IT Computer and Electronics Data breaches Risk

Is Artificial Intelligence relevant to insurance?

IBM Big Data Hub

MAY 1, 2023

That ground-shaking event divided the world with excitement and trepidation about a future with thinking machines. Continued advancement in AI development has resulted today in a definition of AI which has several categories and characteristics. The early versions of AI were capable of predictive modelling (e.g.,

Artificial Intelligence

Artificial Intelligence Insurance Risk Personal data

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

Personal Data Protection Policy (Article 24). A data protection policy is a statement that sets out how your organisation protects personal data. Data Retention Policy (Articles 5, 13, 17, and 30). A data retention (or records retention) policy outlines your organisation’s protocol for retaining information.

GDPR

GDPR Data breaches Personal data Compliance

ICYMI –December in privacy and cybersecurity

Data Protection Report

JANUARY 4, 2024

For those making this quiz a competitive event, we have included a tie-breaker/bonus question.) a. Which one does NOT require a minimum number of residents’ personal data for the “controller” to be in-scope for the law? December tends to be a busy time for everyone, so you may have missed a privacy update or two.

Privacy

Privacy Cybersecurity Artificial Intelligence e-Discovery

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Hunton Privacy

OCTOBER 5, 2017

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”).

Privacy

Privacy Personal data Data collection Data Privacy

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”. The CNIL’s methodology first stresses the need for organizations to appoint a leader to pilot governance of data protection within their structure. This person will internally carry out informational, advisory and control tasks.

GDPR

GDPR Personal data Compliance Privacy

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

IT Governance

NOVEMBER 1, 2022

By contrast, comparatively little personal data was breached, with our figures confirming that at least 9,990,855 records were compromised. As always, you can find the full list of data breaches and cyber attacks below, divided into their respective categories. Cyber attacks.

Data breaches

Data breaches Ransomware Insurance Phishing

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

DLA Piper Privacy Matters

AUGUST 27, 2020

The Commissioner for Data Protection and Freedom of Information for the German State of Baden-Württemberg ( Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg – “LfDI BW”) recently published guidance for international transfers of personal data in the post- Schrems II era. Background.

Personal data

Personal data GDPR Encryption Privacy

European Commission Proposes Revised Standard Contractual Clauses

Data Matters

NOVEMBER 13, 2020

The publication of the EC’s Draft comes just one day after the European Data Protection Board (EDPB) published its draft recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

Personal data

Personal data GDPR Privacy Compliance

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

DLA Piper Privacy Matters

OCTOBER 10, 2022

For example, the ML system could be used to determine likely trends of categories of persons to default on loan agreements through the processing of financial default information. During the development and training of their algorithms, ML systems begin to adapt and recognise patterns within its data.

Personal data

Personal data GDPR Privacy Marketing

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The European Commission ( EC ) on June 4, 2021 adopted a new set of Standard Contractual Clauses for international data transfers ( New SCCs ). Scope of the New SCCs : the New SCCs can only be used to legitimize transfers of personal data to a data importer (i.e., in line with Article 28 of the GDPR).

GDPR

GDPR Personal data IT Data breaches

FRANCE: CNIL New Security Guidelines

DLA Piper Privacy Matters

FEBRUARY 2, 2018

Internal IT network security. Maintenance and data destruction. Data sharing with third parties. Although the GDPR provides some guidance as to the types of measures that may be considered appropriate (i.e., The CNIL’s recommendations are organized in 17 themes. Users authentication. Access rights management. Server security.

Security

Security Personal data GDPR Compliance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

The international standard for information security contains a best-practice framework for evaluating risks and is closely aligned with the GDPR. GDPR: What’s the difference between personal data and sensitive data? You can find out more about the risk assessment process by following ISO 27001’s guidance.

GDPR

GDPR Risk Compliance Personal data

A 6-step guide to surviving data breaches

IT Governance

FEBRUARY 1, 2019

Assess the affected data. You must provide details of: The types of personal data compromised; The number of personal data records affected; The number of data subjects potentially affected; and. The categories of data subject affected. When you found out about it. Describe the impact.

Data breaches

Data breaches GDPR Personal data Compliance

Final Rules for the Data Privacy Act Published in the Philippines

Hunton Privacy

SEPTEMBER 13, 2016

Some points of interest that have been resolved or finalized include the following: The IRR has two separate defined terms, “personal data” and “personal information,” but the potential discrepancy between the two terms has been resolved. The final IRR stipulate the categories of content that must appear in the notification.

Data Privacy

Data Privacy Privacy Personal data Data breaches

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

As already provided by the current regime, any type of processing of personal data needs to have a legal basis justifying it. An explicit (but no longer written) consent is required with reference to the processing of sensitive data (e.g. Reinforced rights with the novelty of the data portability right.

GDPR

GDPR Personal data Privacy Data breaches

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The AU-054 does not cover internal fraud detection/prevention (i.e.,

Personal data

Personal data Financial Services Insurance Risk

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

DLA Piper Privacy Matters

APRIL 11, 2019

The Regulation prescribes specific requirements for the processing, by a public or private employer, of biometric data to control accesses to work premises, to information systems or applications used in the context of business tasks entrusted to data subjects (i.e., employees, agents, interns and contractors). token or badge).

Personal data

Personal data GDPR Access Compliance

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. These breaches may be of a company’s own systems, those with whom they have data sharing arrangements, or their vendors.

Compliance

Compliance Cybersecurity Risk Government

Top 8 Cyber Insurance Companies for 2022

eSecurity Planet

APRIL 22, 2022

As the number and severity of data breaches continues to rise, organizations are recognizing that those costs are not theoretical. If your company has not already experienced a significant cybersecurity event, it is probably only a matter of time before it does. American International Group (AIG) has an 8.3%

Insurance

Insurance Ransomware Cybersecurity Marketing

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

On October 28, 2017, the Turkish Data Protection Authority (the “ Authority ”) published an important regulation supplementing the Law on Protection of Personal Data (the “ Data Protection Law ”), namely the Regulation on the Deletion, Destruction and Anonymization of Personal Data (the “ Regulation ”).

Personal data

Personal data Paper Encryption Cloud

ITALY: Data Protection law integrating the GDPR in place

DLA Piper Privacy Matters

SEPTEMBER 10, 2018

In order to celebrate such event, but to also discuss the impact of such new provisions on companies operating in Italy, we arranged an Innovation MeetUp on the 13th of September 2018 at our Milan office whose details are available HERE. The regime for special categories of personal data still needs to be completed.

GDPR

GDPR Privacy Compliance Marketing

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Data Protection Report

DECEMBER 20, 2019

Yesterday, the Advocate General (“ AG ”) concluded that, in his opinion, the EU Standard Contractual Clauses (“ SCCs ”) are a valid mechanism to transfer personal data outside of the European Economic Area (“ EEA ”). Check the data transfer provisions of contracts with third party vendors. What has happened?

Privacy

Privacy Personal data Risk Access

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Data Protection Report

DECEMBER 20, 2019

Yesterday, the Advocate General (“ AG ”) concluded that, in his opinion, the EU Standard Contractual Clauses (“ SCCs ”) are a valid mechanism to transfer personal data outside of the European Economic Area (“ EEA ”). Check the data transfer provisions of contracts with third party vendors. What has happened?

Privacy

Privacy Personal data Risk Access

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

Data Privacy Day: Looking Back on the Privacy Events of 2020

Thales Cloud Protection & Licensing

JANUARY 27, 2021

Data Privacy Day: Looking Back on the Privacy Events of 2020. Each year, the world observes Data Privacy Day on January 28th. This international effort recognizes how organizations might be using, collecting or sharing an individual’s personal information. Thu, 01/28/2021 - 06:42.

Data Privacy

Data Privacy Privacy GDPR Encryption

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

Focus on Google DeepMind under the GDPR’s Lens

HL Chronicle of Data Protection

SEPTEMBER 18, 2017

In order to properly test the clinical safety of a new technology, the Trust argued that personal data of patients had to be provided. Assuming that the use of patient personal data is not totally out of hand for testing new technology, what lawful grounds would be available to the Trust under the GDPR? Lawful Grounds.

GDPR

GDPR Personal data Privacy Data Privacy

India Drafts New Privacy Regulations

Hunton Privacy

MAY 18, 2011

On April 11, 2011, India adopted new privacy regulations, known as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “Rules”). It must be processed only for the purpose for which it was collected. Consent may be obtained by letter, fax or email.

Privacy

Privacy Personal data Data collection Compliance

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

Some of the hype about the General Data Protection Regulation (the GDPR) has been given renewed focus over the last couple of weeks by the issuing of two Notices of Intent by the Information Commissioner’s Office (ICO) with a nominal value of over £283m. This is only the start of the process and there is a long way to go.

GDPR

GDPR Personal data Compliance Information governance

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

Some of the hype about the General Data Protection Regulation (the GDPR) has been given renewed focus over the last couple of weeks by the issuing of two Notices of Intent by the Information Commissioner’s Office (ICO) with a nominal value of over £283m. This is only the start of the process and there is a long way to go.

GDPR

GDPR Personal data Compliance Information governance

Article 29 Working Party Adopts Opinion on Cloud Computing

Hunton Privacy

JULY 4, 2012

Cloud providers (as data processors): Cloud providers must ensure the confidentiality of the personal data they handle, and they must comply with the requirements of Article 17 of the EU Data Protection Directive 95/46/EC (the “Data Protection Directive”) when providing the cloud services.

Cloud

Cloud Compliance Personal data Risk

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Likewise, although more limited, GDPR imposes direct obligations on the Processor, including the (joint) requirement to implement appropriate technical and organisational security measures under Article 32 and the obligation to notify the Controller of a personal data breach without undue delay under Article 33(2).

GDPR

GDPR Risk Data breaches Personal data

CHINA: Privacy, Security and Content Regulation to Increase in 2020

DLA Piper Privacy Matters

JANUARY 13, 2020

The changes specifically introduce the following: Broader scope of prohibited content: in addition to the currently existing categories (e.g., defaming national integrity and unity), the new law prohibits publication of additional categories of content (e.g., New Personal Data Protection Law and Data Security Law.

Privacy

Privacy Security Personal data Compliance

How to accelerate your data monetization strategy with data products and AI

IBM Big Data Hub

NOVEMBER 14, 2023

Data monetization is a business capability where an organization can create and realize value from data and artificial intelligence (AI) assets. A value exchange system built on data products can drive business growth for your organization and gain competitive advantage.

Artificial Intelligence

Artificial Intelligence Cloud Analytics Compliance

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

UAE: Federal level data protection law enacted

Trending Sources

CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

List of Data Breaches and Cyber Attacks – May 2023

How to implement the General Data Protection Regulation (GDPR)

CNIL’s New Guidelines on HR Processing

France: The CNIL publishes a practical guide on Data Protection Officers

List of Data Breaches and Cyber Attacks in June 2022 – 34.9 Million Records Breached

What is data loss and how does it work?

Is Artificial Intelligence relevant to insurance?

List of mandatory documents required by the GDPR

ICYMI –December in privacy and cybersecurity

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

European Commission Proposes Revised Standard Contractual Clauses

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

European Commission Adopts New Standard Contractual Clauses

FRANCE: CNIL New Security Guidelines

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Why risk assessments are essential for GDPR compliance

A 6-step guide to surviving data breaches

Final Rules for the Data Privacy Act Published in the Philippines

ITALY: New GDPR Guidelines from the Italian data protection authority

FRANCE: CNIL adopts new single authorization on fraud prevention systems

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

When And How Cos. Should Address Cyber Legal Compliance

Top 8 Cyber Insurance Companies for 2022

Data Protection Regime in Turkey Takes Shape

ITALY: Data Protection law integrating the GDPR in place

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

California Enacts Broad Privacy Laws Modeled on GDPR

Data Privacy Day: Looking Back on the Privacy Events of 2020

California Enacts Broad Privacy Protections Modeled on GDPR

Focus on Google DeepMind under the GDPR’s Lens

India Drafts New Privacy Regulations

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Article 29 Working Party Adopts Opinion on Cloud Computing

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

CHINA: Privacy, Security and Content Regulation to Increase in 2020

How to accelerate your data monetization strategy with data products and AI

Stay Connected