GDPR, Insurance, Personal data and Privacy - Information Management Today

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

Background The case related to the processing of an incapacitated employee’s personal data, including health data, by the medical service provider (“MDK”) of a health insurance fund in Germany. Under applicable law, the MDK draws up reports on the capacity of individuals insured by the health insurance fund to work.

GDPR

GDPR Personal data Insurance Access

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be underestimated. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

These are just some examples of how organizations support data privacy , the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate the importance of data privacy for businesses today.

Data Privacy

Data Privacy Privacy GDPR Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

AIIM

MARCH 26, 2018

This is the ninth post in a series on privacy by Andrew Pery. You might also be interested in: Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. Privacy by Design: The Intersection of Law and Technology.

GDPR

GDPR Data Privacy Privacy Compliance

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Compromised information includes patients’ personal data, health and medical records, financial data, internal emails and software source code. Data breached: 5 TB.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

EUROPE: Are GDPR fines insurable in the countries where you operate?

DLA Piper Privacy Matters

MAY 17, 2018

DLA Piper and Aon have launched a guide ‘ The price of data security ‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. It also looks at insurability of costs associated with GDPR non-compliance (e.g. Criminal penalties are almost never insurable.

Insurance

Insurance GDPR Data breaches Personal data

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

This is the 11th post in a series on privacy by Andrew Pery. You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning.

GDPR

GDPR Compliance Privacy Data Privacy

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Adjacent to these initiatives, the European Data Protection Board (“EDPB”) recently published draft guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. Hence, personal data can be collected through vehicle sensors, telematics boxes or mobile applications.

Privacy

Privacy Personal data GDPR Insurance

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Data Matters

AUGUST 9, 2021

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”). Connecticut: An Act Concerning Data Privacy Breaches. Uniform Personal Data Protection Act.

Data breaches

Data breaches Privacy Personal data Data Privacy

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

APRIL 30, 2019

Related: How NIST protocols fit SMBs The essence of the NIST CSF is showing up in the privacy regulations now being enforced in Europe, as well as in a number of U.S. and the upcoming NIST Privacy Framework. That could be for insurance purposes. “As As with any insurance, cyber insurance really requires due care.”

Cybersecurity

Cybersecurity Insurance Security Privacy

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. In recent years, costly breaches and evolving data security concerns have bubbled up to a board level agenda item.

Data Privacy

Data Privacy Privacy Security Encryption

Mastering healthcare data governance with data lineage

IBM Big Data Hub

MAY 9, 2024

The healthcare industry faces arguably the highest stakes when it comes to data governance. For starters, healthcare organizations constantly encounter vast (and ever-increasing) amounts of highly regulated personal data. healthcare, managing the accuracy, quality and integrity of data is the focus of data governance.

Government

Government GDPR Compliance Analytics

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

OCTOBER 29, 2018

the Health Insurance Portability and Accountability Act (HIPAA)), the answer is generally that a company should implement a “reasonable data privacy and security program” under all circumstances. Companies should have written data privacy and security policies and procedures in place. Reasonable protections.

Security

Security Data Privacy Privacy Data breaches

Italy: Privacy law integrating the GDPR adopted, what to do?

DLA Piper Privacy Matters

MAY 14, 2018

The Italian privacy law integrating the GDPR has been finalized by the Board of Ministers, unveiling unexpected surprises a few days before the 25th of May 2018. The Italian Board of Ministers issued the final text of the legislative decree integrating the EU General Data Protection Regulation.

GDPR

GDPR Privacy Systems administration Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies.

GDPR

GDPR Personal data Data collection Marketing

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. .

GDPR

GDPR Privacy Sales Data breaches

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

million people was compromised, including names, addresses, dates of birth, Social Security numbers, taxpayer identification numbers, medical information, health insurance information, and billing and claims information. Data breached: 4,452,782 records. 79 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

With a mammoth GDPR fine handed out to Google last week, it’s time for organisations to reassess their understanding of the Regulation. We’re through the eye of the GDPR (General Data Protection Regulation) storm. Some began to lose faith. It’s Y2K all over again”; a big fuss over nothing. The basics. Who needs to pay attention?

GDPR

GDPR Compliance Personal data Data breaches

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

AI ICO launches consultation on generative AI and data protection The Information Commissioner’s Office has launched a consultation series on the application of data protection law to generative AI models, particularly in relation to the UK GDPR and Part 2 of the DPA 2018. O’Hara & Sons, Inc.

Data Privacy

Data Privacy Privacy Manufacturing Retail

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

DLA Piper Privacy Matters

APRIL 8, 2019

The new Act codifies the relevant legislation and broadens the possibilities to, under certain conditions, utilize and combine for secondary purposes personal data collected in relation to public or private social and health care operations. This way, the principle of publicity and privacy shall be balanced on case-by-case basis.

Personal data

Personal data GDPR Healthcare Compliance

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. .

GDPR

GDPR Privacy Sales Data breaches

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

IT Governance

JANUARY 30, 2024

Data breached: 2 PB. Mobile network database breach exposes 750 million Indians’ personal data The Indian security company CloudSEK claims to have found the personal data of 750 million Indians for sale on an “underground forum”. Data breached: 750 million victims’ personal data.

Data Privacy

Data Privacy Retail Privacy Manufacturing

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Stretching the boundaries through artificial intelligence: the European proposal for a dedicated regulation. The protection of personal data.

Privacy and Cybersecurity Law

SEPTEMBER 15, 2021

It is no coincidence, therefore, that the European Commission’s “ Proposal for a Regulation laying down harmonized rules on Artificial Intelligence ”, published on April 21, 2021 (the Proposal), has several points of contact with the GDPR. This is a fundamental goal of both the proposal and the GDPR. …and more.

Artificial Intelligence

Artificial Intelligence Personal data GDPR Compliance

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

The Last Watchdog

AUGUST 1, 2019

Related: Hackers direct botnets to manipulate business logic Thompson is accused of pilfering sensitive data for 100 million US and 6 million Canadian bank patrons. Best security and privacy practices on everyone’s part is more imperative than ever. I’ve been saying this for 15 years, and it remains as true as ever.

Data Privacy

Data Privacy Privacy Data breaches Cloud

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

It supports the same security measures as data security but also covers authentication, data backup, data storage and achieving regulatory compliance, as in the European Union’s General Data Protection Regulation (GDPR). Data breach victims also frequently face steep regulatory fines or legal penalties.

Data breaches

Data breaches GDPR Compliance Encryption

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality.

Personal data

Personal data Data breaches GDPR Compliance

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Hunton Privacy

OCTOBER 25, 2022

million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security

Security Personal data GDPR Insurance

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Reltio

AUGUST 16, 2018

On May 25, 2018 GDPR (General Data Protection Regulation) went into effect. The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union.

GDPR

GDPR MDM Compliance Personal data

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

On November 9, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Data Privacy Compliance Privacy

Spain’s New Data Protection Act Now in Force

Data Matters

JANUARY 3, 2019

When the GDPR came into effect on May 25, 2018, several European Member States had yet to put in place further implementing legislation. health data, ethnicity, race) is prohibited under Article 9(1) of the GDPR unless one of the conditions for processing such data are satisfied under Article 9(2) of the GDPR.

GDPR

GDPR Personal data Privacy Insurance

What’s In Your Business Plan? California’s Privacy Law Goes Into Effect

Adam Levin

JANUARY 2, 2020

California’s groundbreaking privacy law went into effect January 1, 2020. The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted.

Privacy

Privacy Insurance GDPR Personal data

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

Hunton Privacy

MAY 4, 2020

On April 30, 2020, the French Data Protection Authority (the “CNIL”) published guidance on the extraction of web users’ personal data from online public spaces by web scraping tools and re-use of such data for direct marketing (the “Guidance”). Compliance with Basic Data Protection Principles. Background.

Marketing

Marketing GDPR Communications Personal data

The True Global Effect of the GDPR

HL Chronicle of Data Protection

MAY 3, 2018

“European data protection rules will become a trademark people recognise and trust worldwide” That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted.

GDPR

GDPR Privacy Personal data Insurance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

Dutch DPA Investigates the Data Processing Agreements of 30 Organizations

Hunton Privacy

JANUARY 18, 2019

On January 16, 2019, the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (the “Dutch DPA”), announced that it had requested 30 private organizations provide information about the agreements they have with other entities that process personal data on their behalf. View the press release (in Dutch).

GDPR

GDPR Personal data Insurance IT

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. An Overview of the BDPA.

Personal data

Personal data GDPR Data Privacy Privacy

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

eSecurity Planet

MARCH 3, 2023

The initiatives that stand out the most — critical infrastructure security standards, a national data privacy and security law, and liability for security failures — will likely take time and the support of Congress to implement. ” Those fundamental shifts are focused on two core priorities. Strategic Objective 1.1

Cybersecurity

Cybersecurity Government Manufacturing Personal data

UK: The rise of privacy group action risk

DLA Piper Privacy Matters

DECEMBER 7, 2017

Two recent developments in the United Kingdom highlight the growing risk of privacy litigation and “group actions” which is likely to further increase following the enactment of the General Data Protection Regulation (“ GDPR “) in May 2018.

Risk

Risk Privacy GDPR Data breaches

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

The Report first notes that the EU General Data Protection Regulation (“GDPR”) contains necessary safeguards and rules with respect to personal data processing in a general health emergency. The Report then turns to legal bases for processing personal data in the COVID-19 context.

Personal data

Personal data GDPR Risk Insurance

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Over-Retention of Personal Data

Trending Sources

India: New Digital Personal Data Protection Act, Start Planning Now.

Data privacy examples

Security Compliance & Data Privacy Regulations

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

EUROPE: Are GDPR fines insurable in the countries where you operate?

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

EUROPE: New privacy rules for connected vehicles in Europe?

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Mastering healthcare data governance with data lineage

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

Italy: Privacy law integrating the GDPR adopted, what to do?

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

California Enacts Broad Privacy Laws Modeled on GDPR

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

Wake up to the reality of the GDPR: What you need to know about compliance

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

GDPR – The Year in Review

California Enacts Broad Privacy Protections Modeled on GDPR

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

The Impact of Data Protection Laws on Your Records Retention Schedule

Stretching the boundaries through artificial intelligence: the European proposal for a dedicated regulation. The protection of personal data.

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

Data protection strategy: Key components and best practices

UAE: Federal level data protection law enacted

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

CIPL and AvePoint Release Global GDPR Readiness Report

Spain’s New Data Protection Act Now in Force

What’s In Your Business Plan? California’s Privacy Law Goes Into Effect

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

The True Global Effect of the GDPR

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Dutch DPA Investigates the Data Processing Agreements of 30 Organizations

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

UK: The rise of privacy group action risk

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

GDPR is upon us: are you ready for what comes next?

Stay Connected