BNA_PA_09_16_Privacy Laws-728x90
MediaPro_Ldbd_08_18_16
OneTrust_Banner-ad-demo
PSR16_WebBanner_300x250-wCopy
OneTrust_GDPRCompliance_square-banner1
iapp-privacycore

(Aug 18, 2016) Greetings from Brussels! It doesn’t look like it's going to get easier for privacy pros just yet. There's been much discussion this week about the ePrivacy Directive as Europe looks to tighten the regulatory grip on online services companies, with the aim of safeguarding users’ privacy. A major overhaul of EU rules on telecoms is expected, with draft proposals to be presented sometime in September. The European Commission, through its review, is stating that so-called "over-the-top" (often sho... Read More

Europe Data Protection Digest

Op-ed: EU, US must power through criticisms to reach concrete data-sharing agreement

(Aug 18, 2016) After analyzing the Article 29 Working Party’s criticisms of the July-ratified EU-U.S. Privacy Shield, one thing is clear: It is imperative the two entities continue to work together to solidify a data-sharing scheme and work out perceived flaws, write Lorna Cropper, CIPP/E, and Alexander de Gaye in an op-ed for Bloomberg BNA. WP29 concerns surrounding the Shield’s perceived “lack of specific rules on automated decisions and of a general right to object” or its application for data processors sh... Read More

Europe Data Protection Digest

Sage Group employee arrested in connection to data breach

(Aug 18, 2016) Financial Times reports a Sage Group employee has been arrested in connection to the data breach the company recently suffered. The 32-year-old employee allegedly accessed information on 200 to 300 of its customers, including information on salaries and bank account details. “We are investigating unauthorised access to customer information using an internal login. We cannot comment further whilst we work with the authorities to investigate — our customers remain our first priority and we are speaking directly with those affected,” Sage said. (Registration may be required to access this story.) Read More

Europe Data Protection Digest

ICO fines Hampshire County Council 100,000 GBP for data breach

(Aug 18, 2016) ITV reports the Information Commissioner’s Office fined Hampshire County Council 100,000 GBP following a data breach. Documents containing personal information on more than 100 individuals were found in an abandoned building, also containing 45 bags of confidential waste. “We are very sorry that this incident occurred. Hampshire County Council takes the management and protection of its data very seriously. Accordingly, appropriate procedures were in place at the time, but unfortunately, on this occasion, the process was not fully adhered to. However, at no time was any information disclosed outside of the site," Hampshire County Council said in a statement. Read More

Europe Data Protection Digest

Financial organizations collecting, storing and sharing consumers’ monthly incomes

(Aug 18, 2016) An estimated three in four accounts with financial groups like First Direct, CallCredit, and Experian both track and log precise data about users’ monthly income, The Telegraph reports. While a representative for CallCredit maintained that banks were “very clear” about its data collection and storage practices, organizations like First Direct only used “a vague reference on page 42 of a 49-page document relating in general terms to sharing of data,” the report states. “The proliferation of information about our habits, movements and personal networks raises a wider unease about what this information is for, and whether we will ultimately benefit from its being stored and traded,” the report adds. Read More

Europe Data Protection Digest

Trump’s Scottish resort in hot water with ICO

(Aug 18, 2016) Donald Trump’s golf resort in Aberdeenshire, Scotland, confessed it hadn’t registered with the U.K.’s Information Commissioner’s Office, “despite operating an extensive CCTV system and handling data on thousands of golfers and guests, its staff and suppliers,” the Guardian reports. While the resort claims a “clerical error” kept it from registering with the ICO, critics feel that mistake is enough to garner an official investigation. “The Trump organization failed to meet its data obligations for years,” said MSP Liam McArthur. “We need to know how data was collected, stored and used during this period.” The resort later registered with the ICO, which felt that further enforcement action was unnecessary. Read More

Europe Data Protection Digest

Crosley: ‘We need an ethical data use framework’

(Aug 18, 2016) With a highly contentious and unprecedented presidential election in full swing, and with more individuals voicing their opinions on social media, the lack of face-to-face interaction has made it easy for people to take extreme positions. “My fear is not for politics — we’ve always been a bit crazy in that area as a society — but that the ultra-polarization we’re seeing in the presidential election is actually running underneath the surface of our lives in many areas,” writes Stanley Crosley, CIPM, CIPP/US. “And, if we permit it to seep into our wonderful privacy profession, we could have disastrous results.” In this post for Privacy Perspectives, Crosley calls for a “clear-headed, frosty, dispassionate dialogue when we discuss privacy and data use,” and that now’s the time to begin “getting your ethical privacy and data use framework in place.” Read More

Daily Dashboard, Europe Data Protection Digest

Free GDPR compliance tool from Nymity

(Aug 18, 2016) Nymity has released its GDPR Compliance Toolkit, GlobeNewswire reports in a press release. The free tool “equips privacy officers with the resources necessary to understand, assess and develop a plan for complying with the EU General Data Protection Regulation,” the report states. "We are pleased to share extensive research into [operationalizing] GDPR compliance in the form of pragmatic tools for free in order to help ensure organizations successfully plan and prepare for demonstrable compliance with the GDPR," said President and Founder of Nymity, Terry McQuay, CIPM, CIPP/C, CIPP/E, CIPP/G, CIPP/US. "These free tools work standalone or in combination with our suite of solutions developed to attain, maintain and demonstrate GDPR compliance." Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Facial recognition tech to help develop shopper loyalty programs?

(Aug 18, 2016) Biometric technology in the EU will move increasingly toward recognizing customers and building a loyalty program from the data it collects, the Guardian reports. “We’re already working behind the scenes with some well-known retailers who are interested in spotting their loyal shoppers when they walk through the door,” said Andy Martin of Axis. “It would allow a sales assistant to be alerted and offer some a truly personalized shopping experience.” European lawyers caution that the forthcoming General Data Protection Regulation treats biometric information as extremely sensitive and will require clear consumer opt-in, the report states. Read More

Daily Dashboard, Europe Data Protection Digest

The Olympic Panopticon

(Aug 17, 2016) Thanks to technological advances, we have more access to Olympic athletes than ever before. However, wonders IAPP Publications Director Sam Pfeifle in a piece for Privacy Perspectives, is it anyone’s job to wonder when we know too much? If we allow that constant observation is certain to change behavior, what are we doing to these athletes when the cameras never leave them? As we revel in amazing stories, both athletic and personal, perhaps we also need to make time to consider what we’re losing, and what the athletes are losing, in exchange. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest