Senators Raise Security Concerns Over Selling Personal Data

Data Breach Today

Letter to Twitter, Google, Others Asks About Selling Information to Foreign Governments A bipartisan group of senators has sent a letter to Google, Twitter, Verizon, AT&T and online advertising firms and networks raising national security concerns about the selling of citizens' personal data, which could end up in the hands of foreign governments.

TikTok sued over its use of children’s personal data

IT Governance

TikTok is again being accused of illegally processing children’s personal data. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Pandemics and Personal Data

IG Guru

Jared Walker of Zasio writes a great blog post on Pandemics and Personal Data. The post Pandemics and Personal Data appeared first on IG GURU. Business Education GDPR IG News Information Governance information privacy Privacy Risk News Sponsored COVID-19 Europe Health Information HIPAA Italy Jared Walker Medical Information Pandemic Singapore Zasio

GDPR personal data explained

Collibra

The General Data Protection Regulation (GDPR), in force since May 25, 2018, requires businesses to protect the personal data and privacy of European Union (EU) citizens, for transactions that occur within EU Member States. What is personal data under GDPR?

India Releases Revised Non-Personal Data Framework

Hunton Privacy

On December 16, 2020, the Committee of Experts within India’s Ministry of Electronics and Information Technology (MeitY) (the “Committee”) issued a revised report on the Non-Personal Data Governance Framework (the “NPDF”) for India (the “Revised Committee Report”).

Thailand Personal Data Protection Law

Data Protection Report

The Personal Data Protection Act B.E. 2562 (2019) ( PDPA ) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. Definition of Personal Data. Person ” means a natural person. Cross Border Data Transfer.

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data. Let’s start with the circumstances under which the processing of personal data must meet the GDPR’s requirements. What constitutes personal data?

India Releases Draft Non-Personal Data Governance Framework

Hunton Privacy

On July 13, 2020, a Committee of Experts within India’s Ministry of Electronics and Information Technology (“the Committee”) published the first draft of a Non-Personal Data Governance Framework for India for public consultation.

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

Security Affairs

There was no need for a password or login credentials to access this information, and the data was not encrypted. The data of these municipalities was stored in several misconfigured Amazon S3 buckets that were sharing similar naming conventions to MapsOnline.

Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack

Threatpost

A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.

Pakistan Introduces New Draft of Personal Data Protection Bill

Hunton Privacy

Pakistan’s Ministry of Information Technology and Telecommunication recently introduced a new draft of Pakistan’s Personal Data Protection Bill, 2020 (the “Bill”) and launched a public consultation regarding the same. The controller also must maintain a record of personal data breaches.

Personal data protection in the time of coronavirus (Covid-19)

Data Protection Report

Outbreak of the coronavirus and personal data privacy. There have been several data breach incidents which have given rise to concerns over privacy and potential discrimination against people from Wuhan and Hubei Province. We expect the Government will continue this approach.

Thailand’s First Personal Data Protection Law Enters into Effect

Hunton Privacy

On May 27, 2019, Thailand’s Personal Data Protection Act B.E. 2019) (the “PDPA”), which was passed by the National Legislative Assembly on February 28, 2019, was finally published in the Government Gazette, and thus became effective on May 28, 2019. Information Security International Adequacy Data Controller Data Transfer Personal Data Thailand2562 (A.D.

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Data Protector

European laws have special rules for the processing of “sensitive data” or “special category data” regardless of the context within which the data will be processed. This has been the case in the UK since the coming into force of the first (1984) Data Protection Act.

FEMA Leaked Personal Data of 2.3 Million Disaster Victims

Adam Levin

The Federal Emergency Management Agency failed to properly protect the personal information of 2.3 A partially redacted memo issued by the Office of the Inspector General of the Department of Homeland Security stated that FEMA released the personally identifiable information of 2.3 FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system. The post FEMA Leaked Personal Data of 2.3

China Emphasizes Protection of Personal Data by Issuing a New Circular

Hunton Privacy

Consent Requirement for Collection of Personal Information. In other words, unauthorized parties cannot collect the personal information of data subjects without their consent for the purposes of prevention and control of epidemics and disease. Disclosure of Personal Information.

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? And did you know that the GDPR includes a sub-category of sensitive personal data that comes with its own requirements? What is personal data? Location data. What is sensitive personal data?

Transferring personal data under the GDPR

IT Governance

When organisations transfer data, they inevitably compromise its security to some degree. There’s not much organisations can do to eliminate data loss, so the problem becomes how to reduce the damage once the data is exposed? This is a particularly pressing concern with the EU General Data Protection Regulation (GDPR) taking effect this year. Data transfers. Although transferring data is often risky, it’s usually necessary.

Hong Kong: Bill to amend the Personal Data (Privacy) Ordinance to combat doxxing acts was gazetted today

Data Protection Report

The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) was gazetted today, 16 July 2021. The government has submitted the brief on the Bill to the Legislative Counsel on 14 July 2021.

European Commission Adopts UK Adequacy Decisions Allowing Personal Data to Freely Flow from the EU to the UK

Data Matters

On 28 June 2021, the European Commission announced that it has adopted two adequacy decisions for the UK, one under the General Data Protection Regulation ( GDPR ) and one under the Data Protection Directive with Respect to Law Enforcement ( Law Enforcement Directive ) ( Adequacy Decisions ). The announcement comes just two days before the bridging period for data transfers between the EU and the UK was set to expire.

Proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts

Data Protection Report

The Hong Kong Government is proposing amendments to the Personal Data (Privacy) Ordinance (the “ PDPO ”) to combat doxxing acts. public display) personal data of a data subject.

Paper 52

China Implements Regulation Increasing Protections for Children’s Personal Data

Data Matters

On 22 August 2019, the Cyberspace Administration of China (CAC) announced the implementation of the Online Protection of Children’s Personal Data Regulation (????????????), (“the Regulation”) which came into force on 1 October 2019. The Regulation comprises a list of rules which seek to ensure the safety of children’s personal data and promote a healthy upbringing for children.

Singapore tables changes to the Personal Data Protection Act in Parliament

Data Protection Report

The Bill introduces five key changes to the Personal Data Protection Act 2012: Increased financial penalties: Up to 10% of annual turnover in Singapore (if the organisation’s annual turnover in Singapore exceeds SGD 10 million), or S$ 1 million, whichever is higher.

EU: Are exam answers personal data?

DLA Piper Privacy Matters

In December 2017 the Second Chamber of the Court of Justice reached a decision in the well-known case of Peter Nowak against the Data Protection Commissioner [1]. The key issue was the uncertainty of whether the result of an exam may or may not be considered a certain type of personal data. CAI provided him with 17 various documents in June 2010 but refused to release his examination script because it allegedly did not contain any personal data.

CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

Hunton Privacy

Once finalized, the updated SCCs will replace the existing set, continuing to allow organizations to demonstrate appropriate safeguards for data transfers to third countries in the absence of an adequacy decision (subject to the requirements of the Schrems II ruling).

Adult Content Site Exposed Personal Data of 1M Users

Threatpost

The personal email addresses - some indicating user names or government official status - of more than a million pornography website users were exposed. Privacy Web Security adult website security data leak database elasticsearch database exposed data luscious vulnerability

Taiwan Amends Personal Data Protection Law

Hunton Privacy

On December 30, 2015, Taiwan’s Office of the President issued an order to promulgate certain amendments (the “Amendments”) to Taiwan’s Personal Data Protection Law (the “PDPL”). The Amendments concern the collection and use of sensitive personal data, the form of consent for the collection and use of non-sensitive personal data, and the imposition of criminal liability for violations of certain provisions of the PDPL.

New attack by Anonymous Italy: personal data from ministries and police have been released online

Security Affairs

New attack by Anonymous Italy: personal data from ministries and police have been released online. As announced, the three groups that coordinate the operation “Black Week” have released also today new data from their raids on online sites and databases. Sensitive data by members of the Lega Nord del Trentino, Fratelli d’Italia and the Democratic Party of the city of Siena were disseminated.

Personal data breaches in schools, to report or not to report?

IT Governance

Under the GDPR, all personal data breaches need to be recorded by the organisation and there should be a clear and defined process for doing so. Understanding what constitutes a personal data breach. The ICO defines a personal data breach as. “…a a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”. Examples of personal data breaches in schools.

European Data Protection Board Releases Statement on Personal Data and COVID-19

Data Matters

On 20 March 2020, the European Data Protection Board (“ EDPB ”) released a statement on the protection of personal data in connection with measures that public authorities and business organizations (including employers) are taking to address the Coronavirus (COVID-19) pandemic. The EDPB statement also provides useful guidance for organisations to consider when adopting measures to lawfully process personal data during this time. Data protection principles.

Former headteacher’s prosecution demonstrates the risks of storing personal data on USB sticks

IT Governance

This week, the ICO (Information Commissioner’s Office) prosecuted and fined a former deputy headteacher for unlawfully obtaining personal data from two schools he had previously worked at. Harrison uploaded large volumes of sensitive personal data from Spelthorne Primary and The Russell School in Richmond to Isleworth Town Primary’s server via USB stick. He later told the ICO that the data had been taken for professional reasons. Record and report data breaches.

Why customers don’t trust your organisation with their personal data

IT Governance

An ICO (Information Commissioner’s Office) report has found that 45% of customers don’t trust organisations with their personal data. This is hardly surprising, given the constant news stories about cyber attacks and organisations mishandling personal data. Customers’ lack of trust has real-world consequences, with the ICO reporting a 15% increase in data protection complaints and a 5% increase in freedom of information complaints.

Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam

Security Affairs

Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. All the fake pages discovered are almost identical in terms of design, but the URL and the page code are unique every time and contain users’ personal records.

FINLAND: PARLIAMENT APPROVES NEW ACT ON THE SECONDARY USE OF SOCIAL AND HEALTH CARE PERSONAL DATA

DLA Piper Privacy Matters

The Finnish Parliament has approved the new general Act on the Secondary Use of Social Welfare and Health Care Data (Laki sosiaali- ja terveystietojen toissijaisesta käytöstä, based on government proposal HE 159/2017) in March 2019. This fragmentation has, unsurprisingly, lead to a heavy administrative burden for the secondary users of social and health care data by parallel and slow licence procedures with various authorities. By Joonas Dammert. Background.

How Data Governance Protects Sensitive Data

erwin

Organizations are managing more data than ever. With more companies increasingly migrating their data to the cloud to ensure availability and scalability, the risks associated with data management and protection also are growing. Data Security Starts with Data Governance.

GDPR and the human element of personal data protection

Information Management Resources

The new mandate should be seen as a fantastic opportunity to get in-house policies, systems and technologies into shape, as well as demonstrating governance compliance. GDPR Compliance Compliance systems Data privacy Data security

India’s Draft Personal Data Protection Bill, 2018: Charting the “Fourth Way”

HL Chronicle of Data Protection

Srikrishna (the Srikrishna Committee), has submitted a draft Data Protection Bill (the Bill) for review by the Ministry of Electronics and Information Technology. The Srikrishna Committee in the Committee Report promises the approach set out in the Bill to be a “template for the developing world”, a “Fourth Way” that attempts a triangulation amongst the three existing models of data protection regulation put forward by the US, the EU and China respectively.

India’s Draft Personal Data Protection Bill, 2018: Charting the “Fourth Way”

HL Chronicle of Data Protection

Srikrishna (the Srikrishna Committee), has submitted a draft Data Protection Bill (the Bill) for review by the Ministry of Electronics and Information Technology. The Srikrishna Committee in the Committee Report promises the approach set out in the Bill to be a “template for the developing world”, a “Fourth Way” that attempts a triangulation amongst the three existing models of data protection regulation put forward by the US, the EU and China respectively.

Beyond Compliance – Personal Data Protection as a Key Differentiator

Collibra

For companies, getting data privacy right is no longer just a compliance exercise – a box to be ticked. Instead, having a robust approach to managing personal data well is beginning to be seen as an important competitive advantage for organizations. Today – January 28 – is Data Privacy Day around the globe. Other governments around the globe, such as Singapore , are also looking at the relationship between personal data and AI.

Transfers of Personal Data from the EU to the U.S. in the Event of a Brexit ‘No-Deal’

Data Matters

Privacy Shield (“ Privacy Shield ”) enables the free-flow of personal data from the European Economic Area (“EEA”) to the U.S. participant organisations commit to adhering to Privacy Shield principles, which include accountability for the onward transfer of personal data after receiving such data from EEA organisations, data integrity obligations and purpose limitations with respect to the personal data transferred. The EU-U.S.