This article provides a summary of the Guide to undertaking privacy impact assessments. The 10 steps which every organization needs to consider when undertaking a PIA are outlined in more detail in this article.
Artificial intelligence (AI) enables systems and machines to learn, solve problems and make decisions. It can be used for various purposes, but can it be used for recruitment? If yes, what considerations should be made?
In collaboration with the Lee Kuan Yew Centre for Innovative Cities, Singapore University of Technology and Design, the Infocomm Media Development Authority (IMDA) and the Personal Data Protection Commission have released Singapore’s first guide that helps companies manage AI’s impact on employees, and prepare for the future of work.
The Information Commissioner’s Office has published its Data Sharing Code of Practice on 17 December. The code, and the hub of new resources, provides practical advice to businesses and organisations on how to carry out responsible data sharing.
The Data Protection Commission has imposed an administrative fine of €450,000 on Twitter. The draft decision in this inquiry, having been submitted to other Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through the Article 65 (“dispute resolution”) process since the introduction of the GDPR and was the first Draft Decision in a “big tech” case on which all EU supervisory authorities were consulted as Concerned Supervisory Authorities.
The CNIL has fined Amazon Europe Core 35 million euros for placing advertising cookies on users' computers on the amazon.fr site without prior consent and for not informing them about cookies properly.
The Department of Justice has announced a settlement in which DISH Network LLC will pay $126 million in civil penalties to the United States in violation of the Federal Trade Commission's Telemarketing Sales Rule and $84 million to four states for violations of the Telephone Consumer Protection Act, for a total settlement of $210 million.
The Federal Trade Commission announced on 9th November, a settlement with Zoom Video Communications, that will require the company to implement a comprehensive security program, a prohibition on privacy and security misrepresentations.
The Information Commissioner's Office found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page. Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR).
The UK Information Commissioner’s Office has issued its report on the investigation into the offline marketing services of the data broking industry and, in particular, the activities of the UK’s three largest credit reference agencies Experian Limited, Equifax Limited, and the relevant entities within the TransUnion group of companies (TransUnion International UK Limited and Callcredit Marketing Limited).
The UK Information Commissioner’s Office has issued new detailed Guidance on the Right of Access. The previous Subject Access Code of Practice had been issued under the previous Data Protection Act and the ICO has announced it will be updated.
Securing an information system is essential to guarantee that the customers’ personal data is not stolen or compromised. SQL injection is a widespread attack, which can cause serious harm to individuals. It can allow a remote control of the server or installing a keylogger. The CNIL recommends how to protect against SQL attack and what to do in the case of becoming a victim of the attack.
Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) has issued a paper on employee data protection outlining what employers in private sector have to take into account when processing employee personal data.
The UK Information Commissioner’s Office (ICO) is running a consultation about an updated version of the Statutory guidance on how the ICO will exercise its data protection regulatory functions of information notices, assessment notices, enforcement notices and penalty notices. This consultation closes on November 12, 2020
The European Commission has issued a report on Ethics of Connected and Automated Vehicles - Recommendations on road safety, privacy, fairness, explainability and responsibility. It contains 20 recommendations concerning the future development and use of connected and automated vehicles.
The Office of the Comptroller (OCC) has issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A. and mandated them to strengthen their compliance programme by appointing a compliance committee and developing comprehensive action plan to comply with the order. This decision is the result of failing to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank's customer notification and remediation efforts
Subscribe to our newsletter to stay on top of the most relevant news from the privacy world. We might personalize the newsletter based on your interests. Occasionally, these emails may contain commercial offers from us. You may unsubscribe by clicking on the unsubscribe link at the bottom of the marketing email or by writing to us.