Hunton Privacy

AUGUST 12, 2021

On August 11, 2021, the UK Information Commissioner’s Office (“ICO”) launched a consultation on its draft international data transfer agreement (“IDTA”) and guidance for organizations on international transfers (the “Guidance”). Once finalized, the IDTA will replace the existing EU Standard Contractual Clauses (“SCCs”) in the UK.

GDPR 78

GDPR Personal data Risk Access 78

DLA Piper Privacy Matters

JUNE 23, 2021

On 21 June 2021, the European Data Protection Board (“ EDPB ”) published the final Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“ Recommendations ”). This appears to rule out transfers to some countries, for example, the U.S.,

GDPR 99

GDPR Personal data Compliance Risk 99

Data Protection Report

OCTOBER 9, 2020

On September 11, 2020, the German Datenschutzkonferenz (DSK), the joint body of the German data protection authorities, published its position on the use of thermal cameras and electronic temperature checks in the context of the COVID-19 pandemic. 25 GDPR and security of data processing in to Art.

GDPR 110

GDPR Manufacturing Personal data Privacy 110

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Module 1, clause 8.5(e)

Personal data 119

Personal data GDPR Data breaches Access 119

Data Matters

JULY 24, 2020

Below is a summary of the key take-aways from the EDPB’s FAQs, which is intended to address a range of topics including the lack of a grace period following the decision and the conditions surrounding the use of certain data transfer mechanisms: 1. public authorities to access personal data transferred from the EU to the U.S.

Personal data 97

Personal data GDPR Privacy Access 97

Hunton Privacy

NOVEMBER 22, 2019

appropriate technical and organizational measures for ensuring that, by default, only personal data, which is necessary for each specific purpose of the data processing, is processed (“Data protection by default”). on how to handle personal data.

Personal data 50

Personal data GDPR Compliance Risk 50

IT Governance

JANUARY 20, 2022

Here, you’ll find an overview of the cyber security landscape in 2021, including the total number of publicly disclosed security incidents, the number of compromised records and the sectors most susceptible to data breaches. That represents an 11% increase in security incidents compared to 2020 (1,120).

Data breaches 144

Data breaches Ransomware Phishing Government 144

DLA Piper Privacy Matters

NOVEMBER 12, 2020

On 11 November, the European Data Protection Board (“ EDPB ”) published recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“ Recommendations ”) as well as recommendations on the European Essential Guarantees for surveillance measures (“ EEGs ”).

Paper 98

Paper Personal data Privacy Access 98

DLA Piper Privacy Matters

JULY 1, 2019

If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Privacy 94

Privacy Personal data GDPR Risk 94

HL Chronicle of Data Protection

JUNE 13, 2019

A week later, on 9 July, the CJEU will hear arguments in Schrems II , in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses (SCCs) provide an adequate level of protection for personal data which is transferred to the US.

Privacy 40

Privacy Personal data GDPR Government 40

DLA Piper Privacy Matters

MAY 16, 2018

Despite a lack of agreement between the Senate and the National Assembly, France has finally passed its new data protection law , 11 days prior to the entry into application of the EU General Data Protection Regulation (GDPR) on May 25. By Denise Lebeau-Marianna and Caroline Chancé. Prior formalities. Children’s consent.

GDPR 40

GDPR Personal data Compliance Data Privacy 40

DLA Piper Privacy Matters

NOVEMBER 24, 2020

As this concept heavily focusses on the (group) turnover of the infringing controller or processor, it led to a significant increase of the amount of individual fines in Germany, see for example Berlin DPA v. Deutsche Wohnen SE. The case: 1&1 Telecom GmbH v. German fining guidelines not compliant with GDPR. million Euro as was too high.

GDPR 75

GDPR Authentication Compliance Personal data 75

IT Governance

JUNE 8, 2023

Research from IRONSCALES revealed that 81% of organisations around the world have experienced an increase in email phishing attacks since March 2020. Cyber criminals also target internal data (32%) and personal data (24%). APWG detected 1.3 It found that 96% of organisations in the UK were targeted by phishing last year.

Phishing 111

Phishing Data breaches Communications Government 111

Data Matters

APRIL 20, 2020

Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12. In the former examples, it can clearly be argued that these acts occur with the employee acting in the ordinary course of their employment for which the employer may be vicariously liable. 1 [2016] UKSC 11. 2 [2002] UKHL 48.

Data breaches 68

Data breaches GDPR Privacy IT 68

IT Governance

DECEMBER 27, 2019

Among other news: B&Q breached the personal data of 70,000 people who had been caught stealing products from its stores. For example, customers might want to change passwords for other sites or check their bank account for signs of fraud. Mumsnet disclosed a data breach affecting 4,000 people. million (£4.2

Data breaches 59

Data breaches GDPR Passwords Personal data 59

Data Protection Report

FEBRUARY 27, 2019

The California Consumer Privacy Act (CCPA), passed in June 2018 in response to the Cambridge Analytica scandal, is slated to become the most comprehensive data privacy law in the US. Not to be outdone by California, eleven (11) states—including Maryland, New Jersey and Washington—have recently introduced similar legislation.

Data Privacy 40

Data Privacy GDPR Privacy Risk 40

Data Protection Report

FEBRUARY 6, 2024

The Court of Justice of the European Union ( CJEU )’s Schrems II decision [1] clarified strict rules for personal data transfers outside of the European Union. Article 44 GDPR places restrictions on transfers of personal data outside the European Economic Area ( EEA ). When is a TIA required?

GDPR 75

GDPR Personal data Compliance IT 75

Troy Hunt

MAY 15, 2020

Looks very much like a data aggregator but I can't attribute it. My own data is there, anyone see any clues indicating the source? It wasn't just simple day to day business interaction stuff either, there was also this: But then there's also a bunch of legal summaries, for example "CASE CLOSING SUMMARY ON USA V.

Data breaches 145

Data breaches Personal data Cloud Mining 145

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Data Matters

SEPTEMBER 29, 2021

Relatively recent advances in technology — smartphones and social media, in particular — have allowed businesses to collect, store, and find ways to monetize far more personal data than ever before. For example, in John B. 12 In other words, the 1983 amendment was seen as limiting the depth rather than the breadth of discovery.13.

Privacy 97

Privacy e-Discovery Computer and Electronics e-Delivery 97

Hunton Privacy

JUNE 29, 2020

Zeyn Bhyat of ENSafrica reports that on June 22, 2020, it was announced that South Africa’s comprehensive privacy law known as the Protection of Personal Information Act, 2013 (the “POPIA”) will become effective on July 1, 2020.

Compliance 85

Compliance Privacy GDPR Personal data 85

Hunton Privacy

AUGUST 12, 2020

On August 11, 2020, the Court of Appeal of England and Wales overturned the High Court’s dismissal of a challenge to South Wales Police’s use of Automated Facial Recognition technology (“AFR”), finding that its use was unlawful and violated human rights. The Court of Appeal did not accept all of these arguments.

Personal data 111

Personal data Risk IT Privacy 111

IT Governance

MARCH 13, 2020

Last updated March 2020. Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? First published June 2018. But what is a lawful basis for processing? Contractual obligations.

GDPR 86

GDPR Personal data Compliance Marketing 86

Hunton Privacy

NOVEMBER 12, 2020

On November 11, 2020, the European Data Protection Board (the “EDPB”) published its long-awaited recommendations following the Schrems II judgement regarding supplementary measures in the context of international transfer safeguards such as Standard Contractual Clauses (“SCCs”) (the “ Recommendations ”).

GDPR 78

GDPR Personal data Access Government 78

DLA Piper Privacy Matters

MAY 18, 2021

Pursuant to the Data Retention Act, telecom and internet companies are required to retain electronic and telephony data of its users for 12 months for criminal investigation and prosecution purposes. In other words, the CJEU decided that mass storage of personal data, as a general and preventive measure, is not in line with EU law.

Communications 119

Communications Privacy Personal data Security 119

Security Affairs

JANUARY 13, 2021

CyberNews researchers analyzed data from multiple social platforms like Parler, Twitter, Facebook, MeWe’s to compare data policies. Alternative social media platforms, also known as “alt” or alt-tech, were catapulted into the spotlight near the end of 2020 due to US President Donald Trump’s claims of election interference.

Data collection 115

Data collection Privacy Analytics Access 115

Krebs on Security

FEBRUARY 25, 2021

Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. Personal information from the inmate IDs has been redacted. The Halloween mask worn by the applicant pictured below is just one example.

Authentication 313

Authentication Insurance Personal data Encryption 313