The Office of the Australian Information Commissioner has issued the Notifiable Data Breaches Report for the period from January to June 2020. The Commissioner, Angelene Falk, has said that malicious or criminal attacks including cyber incidents remain the leading cause of data breaches involving personal information in Australia. … Continue reading >
The Office of the Comptroller (OCC) has issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A. and mandated them to strengthen their compliance programme by appointing a compliance committee and developing comprehensive action plan to comply with the order. This decision is the result of failing to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank's customer notification and remediation efforts … Continue reading >
The UK Information Commissioner’s Office (ICO) has issued the Guidance on AI and data protection (Guidance). It provides a framework for auditing AI, focusing on best practices for data protection compliance. It provides a clear methodology to audit AI applications and ensure they process personal data fairly – something ICO has highlighted as the key challenge for artificial intelligence processing personal data. … Continue reading >
On July 16, 2020, the Court of Justice of the European Union (CJEU) has invalidated the Privacy Shield Framework with immediate effect and strengthen the requirements for organizations relying on Commission’s Decision 2010/87/EU on controller to processor Standard Contractual Clauses (SCCs) for transfers of personal data to third countries. In the same decision the CJEU took the view that SCCs are still valid. However, the CJEU has stated that individuals whose personal data is transferred to a third country pursuant to SCCs, must enjoy the same level of protection as they would under the privacy laws of the European Union (EU). What should organizations do in the light of the CJEU ruling? … Continue reading >
Spanish Data Protection Authority, Agencia española de protección de datos (AEPD), has updated its Cookies Guidelines. … Continue reading >