Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) has issued a paper on employee data protection outlining what employers in private sector have to take into account when processing employee personal data.
The UK Information Commissioner’s Office (ICO) is running a consultation about an updated version of the Statutory guidance on how the ICO will exercise its data protection regulatory functions of information notices, assessment notices, enforcement notices and penalty notices. This consultation closes on November 12, 2020
The U.S. Department of Health and Human Services has announce that Premera Blue Cross had agreed to pay $6.85 million to the Office for Civil Rights at the HHS and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules related to a breach affecting over 10.4 million people.
The Office of the Privacy Commissioner of Canada (OPC) has published the new Privacy Guide for Businesses. The Guide provides the summary of the PIPEDA and an overview of the CASL. It also addresses important points when dealing with data breaches and provides information on how to obtain a meaningful consent.
Whether you are just starting your privacy programme or you already have it in place, The Privacy Compliance Journey Series will help you build a successful one or give you an idea or two to enhance your existing programme. This article covers three very important elements when starting the privacy programme.
The Office of the Comptroller (OCC) has issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A. and mandated them to strengthen their compliance programme by appointing a compliance committee and developing comprehensive action plan to comply with the order. This decision is the result of failing to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank's customer notification and remediation efforts
The European Data Protection Board (EDPB) has issued answers to the questions they have received from the EU data protection authorities (DPAs) about the Schrems 2 case. In essence, the EDPB follows the position of the CJEU. If you are still unclear on what to do in the days after the CJEU decision this short summary of the FAQs can help.
When Google and Apple have announced that they had been developing contact tracing app in which users’ privacy and security will be central to the design, government across the world used the code to develop contact tracing apps and they have been downloaded more than 20 million times. They have said that they will ban the use of the of location tracking in the apps and they will focus on the use of Bluetooth technology.
The UK Information Commissioner's Office has published it 2019-2020 annual report. It covers a key period in data protection and broader information rights. The report is split into three sections: the performance report, the accountability report and it is concluded with the ICO's financial statements .
Subscribe to our newsletter to stay on top of the most relevant news from the privacy world. We might personalize the newsletter based on your interests. Occasionally, these emails may contain commercial offers from us. You may unsubscribe by clicking on the unsubscribe link at the bottom of the marketing email or by writing to us.