Hello, privacy pros.
It's difficult to think of a topic more pressing than the current global pandemic, and it is fitting that I am writing to you from my home after having had my principle place of work evacuated for COVID-19 exposure.
Although the IAPP Global Privacy Summit 2020 has been canceled in the wake of the pandemic, IAPP ANZ Summit 2020 in November, which we very much expect to be an in-person event. The call for proposals is open until the end of March.
According to Mark Speakman, attorney general of Australia's state of New South Wales, the state could become the first in Australia to introduce mandatory breach notification that would apply to state agencies. iTnews speculates that state-level scheme may mimic Australia's federal Notifiable Data Breach Scheme in some ways, such as by adopting the same harm threshold, but differ in others, such as by imposing a shorter mandatory reporting time frame.
In other news from Australia, an article from issued a statement noting the government must continue to balance privacy interests in its handling of the COVID-19 pandemic. EU data protection authorities have also issued guidance, directed principally toward employers, on the use of personal data in the context of the pandemic, and the IAPP research team has rounded up COVID-19 guidance issued by DPAs and compiled it into a study in harmonization, but it's useful for complying on a jurisdiction-by-jurisdiction basis.
Twenty years ago, the world was basking in the relief that Y2K had not been the apocalyptical event it was feared to be. Take a nostalgic look back at the world of privacy in the IAPP's first year, in this article on