News and Developments in Data Privacy and Cybersecurity
Digital transformation refers to the process of leveraging technology, people and processes to innovate or stay competitive. The main driver of this process is often data. For a vivid illustration see Data Never Sleeps, an infographic released by Domo, a leading business analytics company.
While executing digital transformation the right way can lead to…
The Office of Civil Rights (OCR) announced in a press release this week that Anthem, Inc. (Anthem), one of the nation’s largest health benefit companies, has agreed to pay $16 million and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. This settlement…
France’s Commission Nationale de l’Informatique et des Libertés (“CNIL”) provides great tools and resources as well.
…
Germany’s Bundesbeauftragte für den Datenschutz und die Informationsfreiheit published the Federal Data Protection Act to adapt GDPR. Germany provided some extensive guidance on GDPR here. Germany also publishes the standard data protection model, SDPM, in English on its site. Also available from the site are guidance materials about GDPR from the German Data…
The United Kingdom’s Information Commissioner’s Office (“ICO”) is a great resource for companies looking for clear DPA guidance. The ICO has provided a Guide to the GDPR which is very targeted and comprehensive as well as resources for organizations including several guides. Getting Ready For GDPR Resources is a nice package of information prepared by…
The European Commission – Data Protection links to the Article 29 Working Party Guidelines which supplement our understanding of GDPR:
…
The European Commission – Data Protection provides links to EC data protection policies, information and services. The Commission provides the official GDPR text in multiple languages, describes the European Data Protection Board and its responsibilities, provides detailed guidance and resources on data transfers outside the EU, and some focused discussion of the changes to…
See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017.
…
The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:
CNIL created a PIA Infography to outline the main principles. Keep…
Facebook’s experience with regulators is a cautionary tale. Several European Union Data Protection Authorities formed a Contact Group to coordinate their investigations of Facebook. The moral of this story is that when one regulator in the EU becomes interested in reviewing privacy compliance, do not become surprised if there are soon several DPA’s who…
