With the Heartbleed web vulnerability in the tech headlines, the practical guidance issued recently by EU regulators on when to alert individuals to data breaches (and on preventive steps to reduce the risk of breaches occurring in the first place) is particularly timely. Datonomy highlights some of the key recommendations on when to make the difficult judgement call over notification. Why the new guidance? Does it apply to your organisation? The recent Opinion issued by the EU’s Article 29 Working Party (the body made up of national data protection regulators) concerns the ever-topical issue of personal data breach notification. Specifically, it sets out the regulators’ collective view on when data controllers should alert data subjects to a personal data breach which is likely to adversely affect those individuals’ personal data or privacy. The guidance sets out good practice for “all controllers”. Strictly speaking the obligation to report data breaches only … Continue Reading ››
On 8 April 2014 the European Court of Justice ruled that the Data Retention Directive 2006/24/EC interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. The Directive is declared invalid. A.    The Directive Directive 2006/24/EC strives for harmonization of the Member States’ national legislations providing for the retention of data by providers of publicly available electronic communications services or of a public communications network for the prevention, investigation, detection and prosecution of criminal offences. The initial intention was that service and network providers would be freed from legal and technical differences between national provisions. The Directive and national laws implementing the Directive were often criticized. The main argument being that massive data retention was said to endanger the right to privacy. The advocates of the rules, however, argued that these rules were necessary for authorities to investigate and … Continue Reading ››
With cyber-security tipped as one of the top tech trends for 2014 a lot has already been written about the controversial data security breach proposals in Europe. But what is happening elsewhere in the world? We hear from one of Datonomy’s Asia correspondents, Olswang Partner Elle Todd Datonomy was pleased to lead a discussion and mock cyber security breach scenario alongside the local chapter of the IAPP in Singapore last week where such issues are gaining a lot of attention and interest. The engaging session, attended by a variety of practitioners, followed the unfortunate exploits of a fictitious international e-commerce company faced with an anonymous threat from an individual claiming that they had managed to obtain the customer database and would release it to the blogosphere. As the morning unfolded, more facts and problems emerged for the company and the audience discussed how best to respond to the potential disaster from … Continue Reading ››