Data protection

Federprivacy: 2019 Fines Were More Than €400 Million in Europe Because of Data Protection Violations

Retrieved on: 
Monday, January 13, 2020

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.

Key Points: 
  • The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.
  • The strictesthas been the UK (ICO) with 312,000,000 of sanctions (76% of the total).
  • In these countries, there is a European head office of the majority of foreign corporations that are processing personal data on a massive scale.
  • The most frequently fined violations are: illicit use of personal data (44%), poor security (18%), absent or not adequate information (9%), lack of respect for the right of people involved (13%), and computer accidents or other data breach (9%).

Federprivacy: 2019 Fines Were More Than €400 Million in Europe Because of Data Protection Violations

Retrieved on: 
Monday, January 13, 2020

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.

Key Points: 
  • The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.
  • The strictesthas been the UK (ICO) with 312,000,000 of sanctions (76% of the total).
  • In these countries, there is a European head office of the majority of foreign corporations that are processing personal data on a massive scale.
  • The most frequently fined violations are: illicit use of personal data (44%), poor security (18%), absent or not adequate information (9%), lack of respect for the right of people involved (13%), and computer accidents or other data breach (9%).

Privacy Commissioner Responds to Public Concern about Disclosure of a Reporter’s Personal Data

Retrieved on: 
Sunday, January 12, 2020
Key Points: 
  • Section 38(b) of the PDPO gives me the power to initiate investigations in this case after taking into account the following factors:-
    • the personal data involved being sensitive in nature (HKID card);
    • the personal data being collected in the exercise of the Police’s power to stop and search;
    • the circumstances in which the personal data collected being handled (including the subsequent display of the data in front of or being filmed by the reporter’s camera);
    • the concerns of the media and other organisations; and
    • the general concerns of the public at large,
  • I therefore came to the conclusion that I had reasonable grounds to believe that the conduct of the police officer concerned might have contravened the Data Protection Principles under the PDPO:
    • Data Protection Principle 3 – using the personal data collected for a new purpose without obtaining the prescribed consent of the reporter concerned; and
    • Data Protection Principle 4 – failure to take all practicable steps to ensure that the personal data collected was protected from unauthorised or accidental handling or use.
    • The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner), Mr Stephen Kai-yi WONG has responded to public concerns about disclosure of a reporters personal data.
    • It appeared from the live streaming that the face-masked person was holding the reporters HKID card in front of the camera for quite some time.
    • The Police explained that at the material time, the police officer held up the reporters HKID card, which was filmed by the reporters camera thereby exposing his identity to the public at large.
    • I am sure you would understand that whether my response was reported in a high-profile manner or not was beyond my control.
    • It is trite that the main objective of the Data Protection Principles of the PDPO is to protect individuals (the data subjects) personal data by regulating any person or organisation which holds, controls or uses personal data (the data users).
    • Therefore, it would be necessary in the first place to determine who the data user is and what he/she/it has done.
    • In contrast, there is no dispute that the police officer in the current incident collected and used the reporters personal data during the execution of his duties.
    • Although the reporter concerned did not complain to me immediately thereafter, the act of the data user (i.e.
    • I am sure you would understand that personal data has been weaponized during the recent doxxing cases over the last few months.
    • Those cases primarily involved misusing personal data under their control and hence contravention of the requirements of the Data Protection Principles.
    • Finally, I would like to express my profound gratitude to you again for speaking up for the overall interests of Hong Kong.
    • Stephen Kai-yi WONG
      Privacy Commissioner for Personal Data, Hong Kong
      12 January 2020"
  • Medable Announces its Continued Commitment to Global Privacy and Data Protection Through Earned CIPP/E Certification

    Retrieved on: 
    Friday, January 10, 2020

    from Baylor Law School, Andrea earned the ANSI-accredited Certified Information Privacy Professional/Europe (CIPP/E) credential through the International Association of Privacy Professionals (IAPP).

    Key Points: 
    • from Baylor Law School, Andrea earned the ANSI-accredited Certified Information Privacy Professional/Europe (CIPP/E) credential through the International Association of Privacy Professionals (IAPP).
    • As an attorney and privacy professional, Andrea already brings significant privacy and data protection capabilities to Medable.
    • Recognition of Andreas knowledge and expertise via the CIPP/E credential further demonstrates Medables own commitment to privacy and data protection globally, and in particular, data protection in the EU., said Perry Robinson, Chief Legal & Compliance Officer at Medable.
    • The CIPP/E encompasses pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.

    Keynote Speech by Deputy Commissioner, Mr Yeong Zee Kin, at Data Interconnection and Security Development Summit, on Sunday, 5 January 2020, at Zhuhai, People's Republic of China

    Retrieved on: 
    Saturday, January 11, 2020

    Press RoomKeynote Speech by Deputy Commissioner, Mr Yeong Zee Kin, at Data Interconnection and Security Development Summit, on Sunday, 5 January 2020, at Zhuhai, People's Republic of China5. Over the past few years, Singapore increased our focus on promoting accountable practices:First, introducing accountability tools from 2017. This includes guides such as the Guide to Developing a Data Protection Management Programme (DPMP) and the Guide to Data Protection Impact Assessments (DPIA).Second, recognising organisations with accountable practices through certification systems such as the Data Protection Trust Mark (DPTM), which we piloted in 2018 and formally launched earlier last year in January.Third, upcoming amendments to the PDPA further accentuate and integrate accountability within the Act. Mandating accountable practices like risk assessments allows us to enhance our consent regime, and provide additional options like deemed consent through notification-and-opt-out, and legitimate interest exception.9. Singapore takes three perspectives in our implementation of accountability:First, from the perspective of organisations: Accountability is about getting their house in order, and putting in place data privacy policies and practices tailored for their needs.Second, from the perspective of administering an effective system of data protection: Accountability requires building a set of measures to incentivise the adoption of accountable practices, and to recognise organisations who have done so.Third, from the global perspective: Accountability enables our companies to connect with companies outside our borders who have similar accountable practices, thereby building a trusted network for cross-border data flows.Organisations today operate in an increasingly connected and competitive digital economy where individuals online and real-world activities generate a burgeoning amount of data.

    Key Points: 

    Press Room

      Keynote Speech by Deputy Commissioner, Mr Yeong Zee Kin, at Data Interconnection and Security Development Summit, on Sunday, 5 January 2020, at Zhuhai, People's Republic of China

      • 5. Over the past few years, Singapore increased our focus on promoting accountable practices:
        • First, introducing accountability tools from 2017. This includes guides such as the Guide to Developing a Data Protection Management Programme (DPMP) and the Guide to Data Protection Impact Assessments (DPIA).
        • Second, recognising organisations with accountable practices through certification systems such as the Data Protection Trust Mark (DPTM), which we piloted in 2018 and formally launched earlier last year in January.
        • Third, upcoming amendments to the PDPA further accentuate and integrate accountability within the Act. Mandating accountable practices like risk assessments allows us to enhance our consent regime, and provide additional options like deemed consent through notification-and-opt-out, and legitimate interest exception.
      • 9. Singapore takes three perspectives in our implementation of accountability:
        • First, from the perspective of organisations: Accountability is about getting their house in order, and putting in place data privacy policies and practices tailored for their needs.
        • Second, from the perspective of administering an effective system of data protection: Accountability requires building a set of measures to incentivise the adoption of accountable practices, and to recognise organisations who have done so.
        • Third, from the global perspective: Accountability enables our companies to connect with companies outside our borders who have similar accountable practices, thereby building a trusted network for cross-border data flows.
        • Organisations today operate in an increasingly connected and competitive digital economy where individuals online and real-world activities generate a burgeoning amount of data.
        • This guides our approach to data protection, going beyond a compliance-based approach to a heavier emphasis on the principle of accountability.
        • This entails protecting personal data under your possession or control, and using personal data for not just lawful but ethical purposes, to benefit your customers.
        • The principle of accountability forms the substratum of Singapores data protection law, the Personal Data Protection Act (PDPA).
        • Section 11 of the PDPA states that an organisation is responsible for the personal data in its possession or under its control.
        • This principle pre-dates the PDPA and its roots may be traced to the 2003 voluntary Model Data Protection Code for the Private Sector.
        • In todays digital economy, data incidents can happen to anyone, even to companies that are compliant with data protection laws.
        • Retrospective remedy of data breaches is insufficient as the harm to customers and deleterious impact on commercial reputation cannot be reversed.
        • I will speak to Singapores approach and experience in building a data protection ecosystem for our economy founded on accountability.
        • The principle of data protection by design is to embed data protection considerations into the design and development of IT systems.
        • Our data protection law requires organisations be satisfied that the receiving organisation is able to protect personal data when it is transferred overseas.
        • Singapore led the development of the ASEAN Framework on Personal Data Protection in 2016 and Framework on Digital Data Governance in 2018.
        • The ASEAN Framework on Personal Data Protection establishes a set of principles to guide member states in the implementation of personal data protection measures.
        • Accountable organisations exercise responsibility over personal data in their care, and are answerable to the people who have entrusted their personal data to them.
        • Effective administration of accountability in domestic data protection systems builds trust and can be the lubricant for cross-border data flows.

      Messaging Architects Shares 6 Steps to Privacy Law Compliance for Retailers

      Retrieved on: 
      Thursday, January 9, 2020

      HOBOKEN, N.J., Jan. 9, 2020 /PRNewswire-PRWeb/ -- Messaging Architects, an eMazzanti Technologies Company, information governance consultant and data compliance services provider, presents steps that retailers should take to comply with new data privacy laws in a new article on the Messaging Architects website.

      Key Points: 
      • HOBOKEN, N.J., Jan. 9, 2020 /PRNewswire-PRWeb/ -- Messaging Architects, an eMazzanti Technologies Company, information governance consultant and data compliance services provider, presents steps that retailers should take to comply with new data privacy laws in a new article on the Messaging Architects website.
      • "With strict consumer privacy laws, retail information governance to achieve compliance takes on a key strategic role," stated Greg Smith, Vice President of Services Delivery at Messaging Architects.
      • Below are a few excerpts from the article, " 6 Steps to Privacy Law Compliance for Retailers ."
      • By implementing the following basic steps to regulatory compliance, businesses can build a privacy culture while harnessing the power of data."

      Global Encryption Management Solutions Market 2019-2023 | 14% CAGR Projection Through 2023 | Technavio

      Retrieved on: 
      Wednesday, January 8, 2020

      The global encryption management solutions market is expected to post a CAGR of almost 14% during the period 2019-2023, according to the latest market research report by Technavio.

      Key Points: 
      • The global encryption management solutions market is expected to post a CAGR of almost 14% during the period 2019-2023, according to the latest market research report by Technavio.
      • View the full release here: https://www.businesswire.com/news/home/20200107006129/en/
        Technavio announced its latest market research report titled global encryption management solutions market 2019-2023.
      • Global Encryption Management Solutions Market: Honey Encryption
        Vendors in the market are developing honey encryption methods to tackle unexpected cyberattacks.
      • Global Encryption Management Solutions Market: Segmentation Analysis
        This market report segments the global encryption management solutions market by application (endpoint encryption, network encryption, database encryption, and cloud encryption), deployment (on-premise and cloud), and geography (APAC, Europe, MEA, North America, and South America).

      DeCloak Launches the First Privacy Processing Unit (PPU) and Module to De-Identify Users Personal Data

      Retrieved on: 
      Tuesday, January 7, 2020

      DeCloak offers a brand new third-party solution of de-identification technique to create a win-win situation for the consumers, and service vendors.

      Key Points: 
      • DeCloak offers a brand new third-party solution of de-identification technique to create a win-win situation for the consumers, and service vendors.
      • DeCloak uses proprietary hardware-embedded algorithms, named PPU (Privacy Processing Unit), that can be used as an external dongle or an IC designed directly into a smartphone or other personal devices.
      • And governments are starting to take a stand with ever stricter personal data protection regulations eg: GDPR.
      • DeCloak Intelligences, Inc. is a de-identification IC, product and service provider focusing on protecting personal private data while enabling enterprises to collect and analyze customers data while comply with personal data protection regulation, eg: GDPR.

      Award-Winning Paper: “Privacy’s Constitutional Moment and the Limits of Data Protection”

      Retrieved on: 
      Tuesday, January 7, 2020

      The authors present a case for national privacy legislation that looks beyond data protection and fair information processing (FIPs) principles the central elements of the EUs General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

      Key Points: 
      • The authors present a case for national privacy legislation that looks beyond data protection and fair information processing (FIPs) principles the central elements of the EUs General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
      • They argue that privacy faces a constitutional moment that presents an opportunity to define the structure of our budding digital society.
      • Their position is that while data-protection-focused legislation represents an important step, data protection alone is insufficient.
      • They recommend stricter limits on data collection, rigid mandatory deletion requirements, and the prioritization of obscurity to improve upon the data protection foundations present in the GDPR.

      Active Navigation and WireWheel Partner to Automate Data Mapping for Regulatory Compliance

      Retrieved on: 
      Tuesday, January 7, 2020

      ARLINGTON, Va., Jan. 7, 2020 /PRNewswire/ -- Active Navigation , the data privacy and governance software provider and WireWheel , the leading provider of data privacy management solutions,today announced their partnership to provide end-to-end regulatory compliance with global privacy laws.

      Key Points: 
      • ARLINGTON, Va., Jan. 7, 2020 /PRNewswire/ -- Active Navigation , the data privacy and governance software provider and WireWheel , the leading provider of data privacy management solutions,today announced their partnership to provide end-to-end regulatory compliance with global privacy laws.
      • "WireWheel is committed to helping organizations do the right thing with people's data," said WireWheel co-founder and CEO Justin Antonipillai.
      • Our partnership with Active Navigation enhances the visibility of data flows throughout an organization, offers an end-to-end platform for subject rights fulfillment, and streamlines data privacy operations.
      • Hundreds of companies and government agencies trust Active Navigation to help them control sensitive data and support compliance with various data privacy regulations such as CCPA and GDPR.