EDPB releases agenda for latest meeting

(Nov 16, 2018) The European Data Protection Board has released the agenda for its fourth plenary scheduled to take place Friday. The EDPB plans to discuss and update on Brexit and the EDPB rules after the European Economic Area agreement. The EDPB also seeks to tackle the second annual review of the EU-U.S. Privacy Shield agreement, opinions on the European Commission's adequacy decision for Japan, guidelines for the territorial scope of the EU General Data Protection Regulation, an exchange of different strat... Read More

GSA finalizing rules on contractor data breach reporting

(Nov 16, 2018) The U.S. General Services Administration aims to finalize new rules on when contractors are required to disclose data breaches, Nextgov reports. The GSA rules would require contractors to report any data breaches where the "confidentiality, integrity, or availability" of data has been compromised, as well as when any information systems managed by government agencies have been impacted. The rules also give the GSA and any agency that works with a contractor when the breach takes place the abilit... Read More

AMIA calls for harmonized health care privacy rules

(Nov 16, 2018) In its comments to the U.S. National Telecommunications and Information Administration, the American Medical Informatics Association calls for harmonized health care privacy laws, Healthcare IT News reports. The AMIA said in its comments patchwork privacy rules already exist in health care, such as the Health Insurance Portability and Accountability Act and Common Rule. The agency cited HIPAA in particular as an example, as health care organizations interpret the rule differently, which leads to... Read More

How one woman's jury duty experience altered her perspective on tech privacy

(Nov 16, 2018) In an op-ed for Bloomberg, Shira Ovide describes how her experience as a jury member for a harassment case provided her with a new perspective on an ongoing debate between technologists and law enforcement. Looking at the troves of digital evidence pulled from the defendant’s phone, Ovide wonders how the case might have changed if the man in question had used more secure methods to deliver his harassment to his victim. While identifying as one who often fell on the side of technologists, Ovide w... Read More

Tully releases annual report

(Nov 16, 2018) Nova Scotia Information and Privacy Commissioner Catherine Tully released her annual report, CBC News reports. Tully’s report states 40 percent of the appeals her office received were related to “denial of access to records.” Tully writes government agencies have failed to conduct searches and respond to requests in an adequate amount of time. As databases continue to grow, Tully notes there is an “urgent need to strengthen and clarify the responsibilities for and monitoring of interoperable hea... Read More

Denham: Canada's political parties need independent oversight

(Nov 16, 2018) U.K. Information Commissioner Elizabeth Denham said Canada’s political parties need independent oversight in regards to their data policies, CBC News reports. Denham said political parties need to be transparent over the ways they acquire data, and while those parties have their own internal data protection policies, they are simply not good enough. “If you don't have independent oversight, how can the public trust what's going on? Because then the parties are marking their own homework,” said D... Read More

Op-ed: Canada's new data breach law could result in over-reporting

(Nov 16, 2018) In an op-ed for The Globe and Mail, Molly Reynolds writes about the potential for entities to over-report cyberattacks under Canada’s new data breach notification law. Reynolds writes companies may begin to report any incident, even minor data breaches, which could overwhelm the Office of the Privacy Commissioner of Canada and cause the public to no longer pay attention to when their data is at risk. “The Privacy Commissioner’s Office must follow the lead of its U.K. colleagues and provide more ... Read More

Philippines NPC pushes Cathay Pacific for answers

(Nov 15, 2018) The National Privacy Commission of the Philippines has issued an order on Cathay Pacific Airways in relation to a notification submitted about its data breach that impacted 102,209 Filipinos, Philstar.com reports. The NPC asked the company to explain why the company “should not be held liable for its apparent failure to timely notify the commission about the occurrence of a data breach” and has given the company five days to provide more information on the measures taken since the breach. Privac... Read More

NPC orders Miss Earth organizers to explain its data protection measures

(Nov 15, 2018) The National Privacy Commission ordered the organizers of Miss Earth 2018 to explain the organization’s data protection measures, CNN Philippines reports. In a letter, the NPC explained the organizers are considered a personal information controller and, as such, are obligated to follow data protection regulation. The letter comes after Miss Earth-Canada Jaime Yvonne Vandenberg withdrew from the competition alleging a sponsor contacted her without her consent and proceeded to harass her. The NPC... Read More

Ex-Nationwide employee sentenced to six month in prison for accessing customer data

(Nov 15, 2018) A former Nationwide Accident Repair Services employee has been sentenced to six months in prison for the illegal access of customer records. The U.K. Information Commissioner’s Office handed down the punishment, the first ever under the Computer Misuse Act 1990. Mustafa Kasim used his colleagues’ login credentials to access thousands of customer records, including names, phone numbers and vehicle information. Kasim continued to do so even after he went to work for a different repair service. “Al... Read More