DP Gazette • Issue 5 • April 19 2016

In Data Protection by John A. WalshLeave a Comment

Your roundup of what’s been happening in the Global Data Protection & Privacy Industry over the past two weeks.


EU Data Protection News

Preliminary Draft of New Personal Data Protection Act in Poland

[Poland] – On 28 March 2017, Poland’s Ministry of Digital Affairs (the “Ministry”) presented a preliminary draft of some of the provisions of the new Personal Data Protection Act. The remaining part of the Act that is not included in the presented project – which concerns regulations on the new data protection authority’s system position, transitional rules, and regulations changing sectoral regulations – is still being prepared.> Go to Related Article

Article 29 Working Party holds plenary session (April 2017)

[Brussels] – The Article 29 Working Party (WP29), at the April plenary meeting, examined certain critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and of the Privacy Shield and adopted several key documents such as an opinion on the draft e-privacy regulation and guidelines on data portability, data protection officers, lead authority and data protection impact assessment.
> Download Press Release (PDF)

European Data Protection Supervisor (EDPS) takes over supervision of Europol

[Brussels] – At a recent plenary meeting of the Europol Joint Supervisory Body (JSB), it was confirmed that as per the the new Europol Regulation (EU-2016/794), the EDPS will take over responsibility from the JSB for the data protection supervision of Europol. The new Regulation will be fully applicable from the beginning of May 2017.> Go to Related Article

EDPS Issues Toolkit: “Assessing the necessity of measures that limit the fundamental right to theprotection of personal data:”

[Brussels] – As part of their commitment to facilitating responsible and informed policymaking, the EDPS recently published a necessity toolkit, designed to help policymakers identify the impact of new laws on the fundamental right to data protection and determine the cases in which the limitation of this right is truly necessary.
> Download Press Release (PDF)
> Download Toolkit (PDF)

Irish Data Protection Commissioner publishes annual report

[Dublin] – The Data Protection Commissioner (DPC), Helen Dixon, recently launched The 2016 Annual Report of the Data Protection Commissioner of Ireland, her third annual report since taking office. The report highlights activities and achievements across all aspects of the office’s regulatory functions, including an increased volume of complaints being handled by the DPC, which reflects the growing awareness of, and concern for, data protection matters amongst individuals and organisations.
> See Press Release
> Download Annual Report (PDF)

Data protection boss vows she will use new powers to fine firms up to €20m

[Dublin] – Ireland’s Data Protection Commissioner Helen Dixon speaks to national newspaper The Irish Indepenent. The interview covers her role as the country’s watchdog for privacy abuses by government departments and local companies, with her office also being responsible for regulating Facebook, Instagram, WhatsApp, Twitter, Linkedin and other global mass market services. Controversially she seems to be hinting that there may be a soft-landing in terms of GDPR Fines for Public Sector bodies in The Republic of Ireland, post May 2018.> Go to Related Article

Two thirds of UK consumers worry brands put their private data at risk

[London] – The 2017 State of Consumer Privacy and Trust survey, a wide-ranging poll of over 4,000 adults in the UK and US found widespread alarm about how major brands approach data privacy. > Download Infographic (PDF)

Data Breach News

The Philippines Commission on Elections (COMELEC) introduces data breach prevention measures

[The Phillipines] – In March 2016, the Comelec website was defaced and hacked, with sensitive voter information of over 77 million voters compromised and leaked on the Internet. To prevent a repeat of the data breach, the Commission on Elections is considering limiting the information publicly available on its website.> Go to Related Article

Chipotle investigating data breach

[Denver] – Popular Mexican food chain Chipotle is warning customers about a data breach. Chief Financial Officer Jack Hartung told analysts the chain was investigating “unauthorized activity” in its payment system from late March though mid-April.> Go to Related Article

New Mexico Becomes 48th State to Enact Data Breach Statute

[Los Angeles] – Recently the state of New Mexico enacted the Data Breach Notification Act, making it the 48th state in the United States to enact a statute requiring notice to individuals impacted by a data breach. In doing so, New Mexico follows some trends we’ve been predicting at the state level. These trends include covering encrypted data in the definition of personal information if the encryption key is accessed as well, and – importantly – requiring that companies engage in reasonable security measures to protect personal information in their possession. New Mexico also joins a handful of states that protect biometric information as personal information.> Go to Related Article

Non-EU Data Protection News

Firm warned for Whatsapp personal data disclosure

[Signapore] – Singapore’s Personal Data Protection Commission has on 21 March 2017 issued a warning to a local firm for disclosing a former employee’s personal information in a company WhatsApp group.> Go to Related Article

White Paper Asks: “Are Canadian Businesses Ready For a Cyber Attack”

[Tornoto] – The Canadian Chamber of Commerce (“CCC”) recently released a white paper titled “Cyber Security in Canada,” which examines the current Canadian cyber landscape, the cyber readiness of Canadian businesses, the current state of cyber insurance, and also releases a set of recommendations for the Canadian government to consider regarding cyber security. > Go to Related Article

Leave a Comment