Category: Regulators

Subscribe to Regulators RSS Feed

Anthem Pays OCR $16 Million in Record-Breaking HIPAA Data Breach Settlement

The Office of Civil Rights (OCR) announced in a press release this week that Anthem, Inc. (Anthem), one of the nation’s largest health benefit companies, has agreed to pay $16 million and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. This settlement … Continue Reading

France – CNIL

France’s Commission Nationale de l’Informatique et des Libertés (“CNIL”) provides great tools and resources as well. CNIL recently updated its Privacy Impact Assessment (PIA) Guides which include application to connected objects, methodology, template and knowledge bases. CNIL also recently updated its PIA software tool in four languages that companies can use for compliance. CNIL provides … Continue Reading

Germany – BfDI

Germany’s Bundesbeauftragte für den Datenschutz und die Informationsfreiheit published the Federal Data Protection Act to adapt GDPR. Germany provided some extensive guidance on GDPR here. Germany also publishes the standard data protection model, SDPM, in English on its site. Also available from the site are guidance materials about GDPR from the German Data Protection Conference, Datenschutzkonferenz … Continue Reading

UK ICO

The United Kingdom’s Information Commissioner’s Office (“ICO”) is a great resource for companies looking for clear DPA guidance. The ICO has provided a Guide to the GDPR which is very targeted and comprehensive as well as resources for organizations including several guides. Getting Ready For GDPR Resources is a nice package of information prepared by … Continue Reading

Article 29 Working Party

The European Commission – Data Protection links to the Article 29 Working Party Guidelines which supplement our understanding of GDPR: Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01) Guidelines on Personal data breach notification under Regulation 2016/679 (wp250rev.01) Guidelines on the application and setting of administrative fines (wp253). In multiple language versions. … Continue Reading

European Commission – Data Protection

The European Commission – Data Protection provides links to EC data protection policies, information and services.  The Commission provides the official GDPR text in multiple languages, describes the European Data Protection Board and its responsibilities, provides detailed guidance and resources on data transfers outside the EU, and some focused discussion of the changes to the … Continue Reading

CNIL’s GUIDANCE FOR PROCESSORS – ANSWERS TO YOUR MOST PRESSING QUESTIONS

See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017. Are you a contractor within the meaning of European Regulation on data protection? Are you subject to EU regulation on data protection? What is the main change introduced by the European regulation for contractors? What are your obligations as of May … Continue Reading

PIAs & DETERMINATION OF RISK UNDER GDPR – THE LATEST:

The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 CNIL created a PIA Infography to outline the main principles. Keep … Continue Reading

When 1 DPA becomes 2 DPAs

Facebook’s experience with regulators is a cautionary tale.  Several European Union Data Protection Authorities formed a Contact Group to coordinate their investigations of Facebook.  The moral of this story is that when one regulator in the EU becomes interested in reviewing privacy compliance, do not become surprised if there are soon several DPA’s who coordinate … Continue Reading
LexBlog