DLA Piper Privacy Matters

The Finnish Parliament has approved the new general Act on the Secondary Use of Social Welfare and Health Care Data (Laki sosiaali- ja terveystietojen toissijaisesta käytöstä, based on government proposal HE 159/2017) in March 2019. This fragmentation has, unsurprisingly, lead to a heavy administrative burden for the secondary users of social and health care data by parallel and slow licence procedures with various authorities. By Joonas Dammert. Background.

China’s First Data Protection Measures Lifting Its Veils

HL Chronicle of Data Protection

On May 28, 2019, the Cyberspace Administration of China (“ CAC “) released the draft Measures on the Administration of Data Security (“ Data Security Measures ” see our in-house English translation here ) for public consultation. The scope of application of the Data Security Measures. The data covered by the Data Security Measures includes personal data and important data.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CNIL Unveils 2017 Inspection Program and 2016 Annual Activity Report

Hunton Privacy

On March 28, 2017, the French Data Protection Authority (“CNIL”) published its Annual Activity Report for 2016 (the “Report”) and released its annual inspection program for 2017. The CNIL estimates that the GDPR will lead to the appointment of a data protection officer in at least 80,000 to 100,000 organizations in France. European Union International CNIL Consent Data Protection Authority EU Regulation France Internet Legislation Personal Data Right to Be Forgotten

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

On November 9, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”). Telecommunication and technology companies were the most represented respondents, followed by insurance and financial services companies, as well as pharmaceutical and healthcare companies.

Virginia’s new Consumer Data Protection Act

Data Protection Report

On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act , which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR).

List of data breaches and cyber attacks in November 2020 – 586 million records breached

IT Governance

The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below. Here is our complete list of November’s cyber attacks and data breaches. Data breaches. Data breaches.

NHS’ Plans to Share Patient Records with Third Parties

Data Matters

NHS Digital (the national custodian for health and care data in England) in May 2021, announced a new data sharing initiative called the General Practice Data for Planning and Research (GPDPR) service. Although the GP data collection was set to take place as of July 1, 2021, on June 8, 2021 it was announced that the launch will be postponed to September 1, 2021. Once collected, the data will be combined to create a single, national data lake.

List of data breaches and cyber attacks in April 2021 – 1 billion records breached

IT Governance

Ransomware was again one of the biggest contributors to that total, accounting for almost one in three data breaches. In case you missed it, you may also be interested in our first quarterly review of data breaches and cyber attacks. Data breaches. Data breaches.

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

Multinationals increasingly turning to BCRs as providing more legal certainty for personal data transfers from the EU. The EU General Data Protection Regulation (“GDPR”) brought about stricter data protection rules, and increased penalties for breaching these rules. For many multinationals this has led to reconsidering their framework for transferring personal data from the EU to third countries.

ICO Announces First Data Protection Sandbox Participants

Hunton Privacy

The ICO aims to assist the 10 organizations in ensuring that the risks associated with the projects’ use of personal data is mitigated. On July 29, 2019, the UK Information Commissioner’s Office (“ICO”) announced the 10 projects that it has selected, out of 64 applicants, to participate in its sandbox. The sandbox, for which applications opened in April 2019, is designed to support organizations in developing innovative products and services with a clear public benefit.

List of data breaches and cyber attacks in May 2021 – 116 million records breached

IT Governance

For the second month in a row, ransomware has dominated our list of data breaches and cyber attacks. Data breaches. Data breaches. The post List of data breaches and cyber attacks in May 2021 – 116 million records breached appeared first on IT Governance UK Blog.

New Data Protection-Friendly eCommercial Model Clinical Trial Agreements Now Available

HL Chronicle of Data Protection

Given the increasing importance of safe but swift clinical trials in the time of coronavirus, this post outlines the main changes introduced from a data protection perspective and what they mean for contracting parties. With respect to the data sharing under Clause 6.3,

List of data breaches and cyber attacks in August 2020 – 36.6 million records breached

IT Governance

There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents. Data breaches. The post List of data breaches and cyber attacks in August 2020 – 36.6

Anonymization & Pseudonymization as Tools for Cross-Border Discovery Compliance

ARMA International

discovery demands against the requirements of Europe’s General Data Protection Regulation (GDPR). However, the data privacy and data protection rules of many countries prohibit companies from transferring to the United States (or making accessible in the United States) documents containing personal information of persons within their countries (“data subjects”). Pseudonymization and anonymization are not new data protection devices. Introduction.

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

HL Chronicle of Data Protection

On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing.

US DoJ charged two Chinese hackers working with MSS

Security Affairs

“The defendants in some instances acted for their own personal financial gain, and in others for the benefit of the MSS or other Chinese government agencies. The hackers stole terabytes of data which comprised a sophisticated and prolific threat to U.S.

The Applications of Blockchain in Data Management


The blocks also contain a timestamp and transactional data. 5 Benefits of Blockchain for Data Management. In my work at Mustard IT , many of our data management projects for our clients have involved the use of blockchain. Data Security. Data Quality. Data Sharing.

List of data breaches and cyber attacks in January 2020 – 1.5 billion records breached

IT Governance

By comparison, 2019 saw an average of almost 80 data breaches and cyber attacks per month. Chinese hackers blamed as Mitsubishi Electric discloses data breach (unknown). Greece says no data stolen in Turkish hacker attacks on state bodies (0). Data breaches.

Toxic data


Toxic data. Toxic data. A few years later that DNA testing company, 23andMe, inked a deal to share customer DNA sequences with pharmaceutical giant GSK to accelerate the drug discovery process. we often give exquisitely sensitive personal data to apps, but how often do we stop to consider how likely it is that they will sell it, share it or even leak it accidentally? perhaps with a traffic light to signal how sensitive the data is. data spill?

How does GDPR impact digital preservation solutions in the Cloud?


Inside and outside of Europe, everyone is talking about the General Data Protection Regulation (GDPR) and what it means to their organization. The GDPR makes provision to ensure any further processors engaged with your information must contractually or legally meet the same data protection guarantees. Holding information in the cloud may also raise questions about territorial scope and transfers of personal data.

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

The type of data that each email contains vary from sales objectives to product specs and even product patents. Surely, no business owner would ever want any unauthorized individual to get a sneak peek into their confidential data, let alone misuse it for nefarious purposes. Encryption plays an integral role in securing the online data as well as its integrity. The data gets encrypted when the user composes an email and decrypt when the receiver receives it.

EDPB’s Position on Clinical Trials Creates Friction with Other EU Legislation

HL Chronicle of Data Protection

Clinical trials in the EU include the collection of sensitive health data from patients. Trial sponsors are obliged to reconcile their respect of regulations governing data protection with regulations governing the conduct of clinical trials. One of the most disconcerting areas of divergence between EU Member States is the different national positions on whether patient consent is a valid legal ground for processing personal data in clinical trials.

Business of Data – issue 6

Information Matters

Issue 6 of The Business of Data newsletter has just been published. The Business of Data. Getting value from your data under GDPR – Information Age, 15 November 2018. “Conducting data analytics in a legally compliant manner has been made significantly more complex under the GDPR and raises the question, can companies continue to innovate and make data-driven decisions while fully complying with the law?” There are different types of data.

Article 29 Working Party Releases Opinion on EU-U.S. Privacy Shield

Hunton Privacy

The Working Party also published a Working Document on the justification for interferences with the fundamental rights to privacy and data protection through surveillance measures when transferring personal data (European Essential Guarantees). On October 16, 2015, the Working Party announced it would assess the consequences of the Schrems judgment with respect to all mechanisms permitting data transfers to the U.S. Onward Data Transfers.

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

And existing California law provides for the confidentiality of personal information in various contexts, including under the Online Privacy Protection Act, the Privacy Rights for California Minors in the Digital World Act, and Shine the Light. Derives 50% or more of annual revenues from selling consumer “personal information”. The CCPA governs how businesses treat “consumer” “personal information.” Personal information does not include publicly available information.

French Court of Cassation Excludes Application of Data Protection Act to Competition Authority’s Investigation

Hunton Privacy

On November 30, 2011, the French Court of Cassation upheld a decision that excluded the application of the French Data Protection Act ( Loi relative à l’informatique, aux fichiers et aux libertés ) to an investigation conducted by the French Competition Authority ( Autorité de la Concurrence ) on the grounds that the search and seizure was authorized by an “freedoms and custody judge” ( juge des libertés et de la détention ).

Privacy and Cybersecurity Top 10 for 2018

Data Matters

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Data breach litigation risks. Data breach litigation may reach a turning point in 2018. persons.

French Court Rules Investigation by Competition Authority Did Not Breach Employee Privacy Rights

Hunton Privacy

The agents had been authorized by a lower court judge to inspect the emails pursuant to an investigation into an alleged abuse of dominant position in the pharmaceutical market. As a result, private documents belonging to employees and third parties were included in the search, in alleged violation of those individuals’ privacy rights, the right to secrecy of correspondence and the right to protection of personal data.

HHS Issues New Model Privacy Notice for PHR Vendors

Hunton Privacy

On September 12, 2011, the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (“ONC”) unveiled a model privacy notice for personal health records (the “PHR Model Privacy Notice”). The PHR Model Privacy Notice was developed by ONC in collaboration with consumers and vendors of personal health records (“PHRs”).

2019 end-of-year review part 1: January to June

IT Governance

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. Among other news: B&Q breached the personal data of 70,000 people who had been caught stealing products from its stores.