UK political campaign probe connects with British Columbia

(May 26, 2017) An investigation by U.K. Information Commissioner Elizabeth Denham into the use of personal data by political campaigns has reached into British Columbia, The Tyee reports. A Victoria-based company may have played a role in last year's shocking Brexit vote, and the British Columbia and U.K. privacy commissioners have been consulting each other. British Columbia's Office of the Information and Privacy Commissioner has confirmed it has been contacted by Denham, who formerly served as the province'... Read More

Dutch DPA offers to help with GDPR compliance

(May 25, 2017) The Dutch data protection authority, Autoriteit Persoonsgegevens, presented its annual report to the Upper Chamber of Parliament’s Committee for Safety and Justice, Telecompaper reports. The report focused on the General Data Protection Regulation. The AP said it will be available to help assist companies as they prepare for the May 2018 GDPR implementation deadline. The report states the AP began investigating the GDPR in 2016 in order to properly advise companies on the best course of action f... Read More

Bavarian DPA releases GDPR implementation questionnaire

(May 25, 2017) The Bavarian Data Protection Authority released a questionnaire designed to assist companies assessing where they stand in terms of General Data Protection Regulation implementation, Hunton & Williams reports. The questionnaire was sent to 150 randomly selected Bavarian companies and asked questions about GDPR procedures and the responsibilities of the data protection officer, data processing activities and privacy by design, onboarding of external vendors and data processing agreements, tra... Read More

Man sentenced to seven years in prison for ID theft scheme

(May 25, 2017) The U.S. Department of Justice announced a California man has been sentenced to serve 84 months in prison for stealing the identities of inmates at several prisons in order to file fraudulent tax returns. According to evidence presented at a Northern District of California trial, Howard Webber and Clifford Bercovich convinced inmates at several prisons to give them their names and Social Security numbers "by explaining that they could help the inmates take advantage of government stimulus progra... Read More

Target agrees to pay $18.5M for 2013 data breach

(May 24, 2017) Reaching a settlement for the massive cyberattack it suffered in 2013, Target agreed with 47 states and the District of Columbia to pay $18.5 million, the largest ever for a data breach, USA TODAY reports. Target had previously agreed to pay $10 million to settle a class-action lawsuit in 2015 and paid $10,000 to customers if they could prove they suffered losses from the breach. The attack affected the payment card accounts of 41 million customers, while also compromising the contact informatio... Read More

St. Luke's to pay $387,200 for illicit disclosure of patient's HIV status

(May 24, 2017) The U.S. Department of Health and Human Services announced St. Luke’s-Roosevelt Hospital Center will pay $387,200 to settle potential HIPAA Privacy Rule violations. The violation stems from a complaint alleging a staff member from the Spencer Cox Center, a health organization operated by St. Luke’s, illegally sent protected health information to a patient’s employer. The Spencer Cox employee sent the PHI via fax rather than to the requested personal post office box. The employee sent information... Read More

New York AG agrees to settle with wireless door manufacturer

(May 24, 2017) New York Attorney General Eric Schneiderman announced his office reached a settlement with Safetech Products LLC regarding its wireless door and padlocks. Security researchers found Safetech’s devices did not protect users’ passwords and other security information, leaving customers vulnerable to cyberattacks. Following the settlement, Safetech will encrypt all passwords, electronic keys and other credentials, while establishing a comprehensive security program. “Today’s settlement with Safetech... Read More

Introducing: The ePrivacy Regulation's key player

(May 23, 2017) Marju Lauristin has spent most of her life as a teacher, though that's the most modest way to describe her. Specifically, she's a professor emeritus of more than 40 years. She has been at University of Tartu since 1995, and her academic career has focused on social sciences and media studies.  But now she's playing head of the class on the global privacy stage as rapporteur for the ePrivacy Regulation. Lauristin isn't new to politics; she has been in the game for 30 years or so. In fact, she w... Read More

Navigating misaligned interests in breach investigations

(May 23, 2017) In a column for the Lawfare blog, Alston & Bird's Kim Peretti and Justin Hemmings, CIPP/US, discuss how to navigate law enforcement investigations post-data breach, particularly when the interests of law enforcement and the affected company are misaligned. Peretti and Hemmings point out the "difficult nuances" found in the relationship with investigators, which often "requires anticipating friction points and better understanding the interests and agendas of all parties." Though the column "... Read More

An FAQ on the new Israeli data security regulations

(May 19, 2017) Following their initial release, commentators have dissected and analyzed the new Israeli data security regulations. Quoting the Israeli Minister of Justice, IAPP VP of Research and Education Omer Tene even characterized them as a "landmark" piece of legislation due to their scope, level of detail and legal effect. To follow up, Tene has prepared for The Privacy Advisor a piece that addresses several frequently asked questions with respect to the new regulations, including to whom they apply, wh... Read More