(Aug 27, 2015) Greetings from Brussels! As if working in privacy couldn’t become more mind boggling, with the impending GDPR and its far-reaching implications, now make way for Joseph Cannataci, the UN’s first Privacy Chief. Published in The Guardian this week, Cannataci is calling for a Geneva Convention-style international agreement for the Internet to safeguard data and combat the threat of massive clandestine digital surveillance. This is a bold statement in our current heightened security climate, taking... Read More

Europe Data Protection Digest

Donohoe: Privacy Integral to Drones’ Future

(Aug 27, 2015) Speaking at the Unmanned Aircraft Association of Ireland’s first-ever “Meet the Drones” event, Minister for Transport Paschal Donohoe emphasized the need to get drone privacy right, The Irish Times reports. “There is a real need now within Ireland and within Europe to look at what kind of laws will be needed now and in the future to deal with matters in relation to security, in relation to privacy and in relation to how different kinds of units will be regulated,” said Donohoe. Drone users might get that sooner than they anticipated, with the Irish Aviation Authority “currently involved in a pan-European effort to draw up safety regulations, now at draft stage,” the report continues. Read More

Europe Data Protection Digest

Millennials, Others Concerned About Privacy

(Aug 27, 2015) According to a study by security corporation Intercede, less than five percent of 16- to 35-year-olds in the U.S. and UK trust that their digital identities are adequately protected, with 70 percent believing that these online risks aren’t going anywhere soon, ComputerWeekly reports. Lubna Dajani, a digital technologist, noted, “Businesses and governments should urgently review current security protocols or else risk the potential to drive innovation and growth.” And The Telegraph reports Google... Read More

Europe Data Protection Digest

Should Government Publish New Citizen Data?

(Aug 27, 2015) Activists are expressing concern about an Irish government policy of publishing the names and addresses of new citizens in Iris Oifigiúil, the official government register, Irish Times reports. Digital Rights Ireland believes the practice, which has been in place since at least 2005, is in breach of EU law. However, the practice was reviewed in 2011 by the Minister for Justice and it was decided the practice is mandated by a 1956 Act. The Data Protection Commissioner found, too, that the processing of personal information in this way is exempt from the Data Protection Act. In response, the Migrant Rights Centre Ireland has said they are “astounded” that the government has made this information so easily accessible. Read More

Europe Data Protection Digest

Errant Email Leads to Thomson Breach

(Aug 27, 2015) UK-based holiday company Thomson notified customers this week of a relatively small breach, of just 458 customers, caused by an email sent in error to those same 458 people, containing information about flight dates, balance due and contact information. “The error was identified very quickly and the email was recalled,” Thomson told affected customers, “which was successful in a significant number of cases.” “Security Evangelist” Tony Asncombe notes in AVG Now that what are known as “data leakage prevention technologies” may have helped avoid the embarrassment for Thomson. Read More

Europe Data Protection Digest

Complaints Filed Over Windows 10

(Aug 27, 2015) The Prosecutor General’s Office received another round of complaints regarding Windows 10, this time from Moscow law firm Bubnov and Partners, alleging the system allegedly reaps user data without consent—a potential breach of Russian privacy statues, The Moscow Times reports. “The new operating system offers users the choice of how they want it to handle their data, and users can change the settings at any point,” Microsoft said in response. The Russian Association for Electronic Communications corroborated the company’s claim in a statement, including information for concerned customers to change their settings. Read More

Europe Data Protection Digest

Would a Law Degree Take Your Privacy Career to the Next Level?

(Aug 27, 2015) The IAPP Privacy List recently lit up a bit when a member posed this question: Should I go get a law degree? It was a legit question; the IAPP 2015 Salary Survey found that after C-suite or VP-level positions, lead counsel had the highest median salaries among privacy pros. But getting a law degree isn't a small feat. There's studying for the LSATs; praying to some God you get in; three years of nail-biting through papers and exams, and then, and THEN, the bar. Oh, and all that debt. So is all that worth it? Will it mean a straight line to privacy pro success? This exclusive for The Privacy Advisor aims to answer that question—and commenters are already adding to the dialogue at the finish of the piece. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Don’t Blow Data Protection, CIOs, or You’ll Get Sued

(Aug 27, 2015) CIOs and CISOs beware—data mismanagement at your company could land you in hot water, Bloomberg BNA reports, citing Donna Seymour, CIO of the U.S. Office of Personnel Management (OPM) and her inclusion in an OPM lawsuit as precedent for the treatment of CIOs after a breach. “More and more, CIOs and CISOs will be personally accused for their actions, and inactions, prior to and during, cyber-events, and personally named as parties in lawsuits,” the report continues. “It will be argued that the CIO and/or CISO, by dint of their role and purported expertise, assume a fiduciary duty to the shareholders and to those whose information they are supposed to protect, requiring the installation, monitoring and modification/updating of appropriate cybersecurity measures.” Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

How Can You Become Compromise Ready?

(Aug 27, 2015) With data protection, the best defense is a good offense. And the IAPP’s newest web conference, Becoming Compromise Ready, shows you how. In the next installment of the Insight web conference series, privacy professionals dissect the findings from the BakerHostetler Privacy and Data Protection Team’s recent study on data breach preparedness, covering everything from how to best “react and respond” to threats to how to strategize internal security. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Coalition Calls on EU To Strike Part of GDPR

(Aug 27, 2015) A broad industry coalition is lobbying the European Union to strike out part of the General Data Protection Regulation that could force companies to deny requests for personal data from non-member countries. Article 43a of the regulation says companies should not always comply with requests from courts, tribunals and administrative authorities in non-EU countries for the personal data of Europeans—except under law enforcement treaties or relevant agreements between those countries and the EU, Politico reports. The clause could create a quagmire for global companies, according to the Industry Coalition for Data Protection, whose members include Apple, Google and AT&T. It asks that the issues be dealt with in the data protection directive rather than the regulation. Read More

Daily Dashboard, Europe Data Protection Digest