BNA_21569 BLW ACC 2016 AHLA Survey and Guidance Report BAN 728x90_Ldbd
OneTrust_Square Banner_300x250_DD_ROS_01_19

(Feb 23, 2017) With the EU General Data Protection Regulation just around the corner, companies managing risk and working with big data applications have much work to do to mitigate any compliance gaps. A recent IAPP-hosted web conference explored these issues, and based on interactions with a number of companies and regulators following the event, Anonos CEO Gary LaFever has mapped out the varying stages of adjustment companies have been making for GDPR readiness. In this post for Privacy Perspectives, LaFever details these five stages, ranging from the first stage, "awareness," to the final stage, "ensuring continuity of operations," to help companies that control and process data find a solution. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Web con: Knowing and Implementing the GDPR, Part 1

(Feb 23, 2017) Spanning hundreds of sections, and with vast territorial scope, the EU General Data Protection Regulation is the most important privacy regulation the world has seen in decades. It asks a great deal of organizations all over the world that collect and process data about European individuals. It imposes hefty fines on those who fail to comply. In this three-part series, the IAPP examines the GDPR’s mandates and delivers insights into creating a compliance program designed to stand the test of time. In part 1, IAPP Vice President of Privacy Research and Education Omer Tene and Hogan Lovells Partner Eduardo Ustaran, CIPP/E, offer a rundown on the history of data protection law in the EU, including background on the Data Protection Directive, in order to understand the important new concepts and definitions in the GDPR. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Ohlhausen: Immigration executive order will not affect Privacy Shield

(Feb 23, 2017) Federal Trade Commission Acting Chairman Maureen Ohlhausen said her agency’s enforcement of the EU-U.S. Privacy Shield agreement will not be affected by President Donald Trump’s executive order on immigration, Morning Consult reports. “We will continue to enforce the Privacy Shield protections, and we hope we will move ahead as planned,” Ohlhausen said. “In my opinion, nothing has changed.” Ohlhausen noted the executive order only references the Privacy Act and does not affect the FTC’s mandate ... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

NY cybersecurity regulations to go into effect March 1

(Feb 23, 2017) New York’s mandated cybersecurity regulations for banking and financial services are set to go into effect March 1, SC Magazine reports. The regulations, the first of its kind in the U.S., adapts industry best practices and contains 23 sections calling for encryption of all nonpublic information data, appointment of CISOs, training employees in security, and certification confirming an organization is complying with the regulation’s requirements. "New York has taken a leadership role in the effo... Read More

Daily Dashboard, Privacy Bar Section

Could pending regulation impact privacy class-action suits?

(Feb 23, 2017) IAPP member Adam Greene argues that pending federal regulation concerning whether regulators could share money collected from HIPAA enforcement with breach victims could impact privacy class-action suits, GovInfoSecurity reports. "Well, if [a person] is considered a harmed individual under HIPAA, should we consider them harmed for other purposes, too?" he said. "It will be interesting to see, when that regulation gets proposed and ultimately finalized, if that has an impact on class-action [breach lawsuits]." The pending regulation in question is mandated by the HITECH Act and under development by the Department of Health and Human Services' Office for Civil Rights, the report adds. Read More

Daily Dashboard, Privacy Bar Section

Study: Two-thirds of companies risk noncompliance with GDPR

(Feb 23, 2017) A Compuware-commissioned Vanson Bourne survey has found that two thirds of global companies risk noncompliance with the General Data Protection Regulation, including 52 percent of U.S. companies without a European presence but with European customers in their databases, InformationWeek reports. Lack of compliance puts these companies in danger of considerable fines. "Data management and compliance professionals need to mobilize now because, given the scope of the changes necessary, May 2018 isn’t really that far off," the report adds. Read More

Daily Dashboard, Europe Data Protection Digest

Court of appeals rules against veterans in breach case

(Feb 23, 2017) An appeals court has dismissed a suit by patients of a Veterans Affairs hospital in Columbia, South Carolina, who alleged continual Privacy Act and Administrative Procedure Act violations, CyberScoop reports. The plaintiffs sought damages from "multiple thefts and data breaches related to the unencrypted personal information of 7,400" veterans, the report states. The plaintiffs also claimed that "at least" 17 more breaches had occurred at the hospital in question, the Wm. Jennings Bryan Dorn VA ... Read More

Daily Dashboard, Privacy Bar Section

Mobile-based spyware for consumers is powerful and cheap

(Feb 23, 2017) A Motherboard reporter tested spyware software that uses an SMS message to access the user's camera, GPS and microphone, allowing the spy to hear the conversation of the person being surveilled. These types of software are easily available for both iPhone and Android users for $170 or less, the report states. These products are vastly unregulated, and "they can be extremely, extremely potent," said Cyber Diligence President Yalkin Demirkaya. While governments use similar malware, this "consumer spyware is not marketed to governments," the report continues. "Instead, many of the companies explicitly gear products toward jealous lovers — especially men — who want to monitor their spouses." Read More

Daily Dashboard

European court rules in favor of singer in long-running privacy case

(Feb 23, 2017) The European Court of Human Rights ruled in favor of singer and television personality Paulina Rubio in a long-running privacy case, according to The Hollywood Reporter. Rubio’s former manager gave interviews to Spanish broadcasters in 2005 about the singer’s sexuality. Rubio sued the television stations, hosts, and her former manager, but her lawsuit was dismissed by a Madrid judge. The European Court of Human Rights ruled differently, stating the actions were a violation of Article 8 of the Eu... Read More

Daily Dashboard, Europe Data Protection Digest, Privacy Bar Section

Help crowdsource mobile privacy risk

(Feb 23, 2017) In collaboration with Kryptowire, the IAPP is building a crowd-sourced risk-scanning tool for mobile applications. The tool will allow privacy professionals to scan the code of an app being created by their organizations to flag potential privacy issues that might need to be mitigated or mentioned in a privacy notice. First, however, we need to assess how much risk privacy professionals perceive in actions taken by mobile applications, from accessing contacts to turning on a microphone. Thus, we... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest