Tag Archives: compliance

September 4, 2018: NYDFS Cybersecurity Regulation Compliance date arrives

As of today, Covered Entities are expected to be compliant with additional provisions under the New York State Department of Financial Services (NYDFS) cybersecurity regulation. A “Covered Entity” is any individual or non-governmental entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, … Continue Reading

Implementing the GDPR: Reed Smith Webinar on Planning your Path to Compliance in 2017

We are hosting a webinar on January 30, 2017, to discuss the new obligations global organisations with interests in Europe will need to meet to comply with the GDPR. With just over 16 months to go until the Regulation will be enforced, it is vital that you understand the requirements and that you are able to … Continue Reading

Information Commissioner’s Office issues updated code of practice on conducting Privacy Impact Assessments

In February, the UK Information Commission’s Office (ICO) issued an updated code of practice on conducting Privacy Impact Assessments (PIA), with a six-point process for organisations to follow (the Code). A PIA is intended to focus the attention of an organisation on the way that data is held and used in any project, and reduce … Continue Reading

Hong Kong’s Office of the Privacy Commissioner for Personal Data releases Best Practice Guide on Privacy Management Programmes

This post was written by Cynthia O’Donoghue. Last month, Hong Kong’s Office of the Privacy Commissioner for Personal Data (OPCP) released a Best Practice Guide on Privacy Management Programmes (PMP) (the Guide). Striking a similar chord to the UK Information Commissioner’s Office in the recently released code of practice on conducting Privacy Impact Assessments, the … Continue Reading

Indian Centre for Internet and Society issues call for comments on draft Privacy (Protection) Bill

This post was written by Cynthia O’Donoghue. A nonprofit research organisation, the Indian Centre for Internet and Society (ICIS), has issued an open call for comments on its draft Privacy (Protection) Bill 2013 (the Bill). Consultations on the Bill started in April 2013, with a series of seven roundtable talks being held in partnership with … Continue Reading

Theft of Unencrypted Flash Drive Causes OCR to Issue Settlement and Corrective Action Plan for Physician Practice

This post was also written by John E. Wyand. The Department of Health and Human Services’ Office for Civil Rights (OCR) opened an investigation of Adult & Pediatric Dermatology, P.C. (APDerm) after a report was made regarding the theft of an unencrypted flash drive. To settle potential violations of the Health Insurance Portability and Accountability … Continue Reading

Department for Business, Innovation & Skills Publishes Impact Assessment for European Commission Proposed Cybersecurity Directive

The UK Government Department for Business, Innovation and Skills (BIS) has issued an impact assessment (IA) at the end of September on the draft Network and Information Security Directive (the Directive) proposed by the European Commission on 7 February 2013. The Directive aims to achieve a common high level of network and information security across … Continue Reading

UK Office of Fair Trading Consults on Consumer Protection Principles for Children’s Online Games and Apps

With more than six million apps currently in existence, the ‘appification’ of society is increasingly a topic of discussion, and certainly it was prominent at the 35th International Conference of Data Protection and Privacy Commissioners in Warsaw in September. Apps often collect large amounts of personal data and therefore have significant potential privacy implications. Young … Continue Reading

European data protection watchdog proposes stricter regulation of profiling

The EU data protection watchdog, Article 29 Working Party (Art. 29 WP), has issued the Advice paper on essential elements of a definition and a provision on profiling within the EU General Data Protection Regulation. The document underlines the significance of creating profiles based on interlinked personal data, especially given the latest developments in geo … Continue Reading

Colombia fills the gaps in its new data protection framework.

This post was written by Cynthia O’Donoghue. After its first data protection law came into force in April this year, Colombia has now introduced implementing regulations (Decree No. 1377). The legislation, which was released in late June, provides greater clarity on a number of areas contained in the data protection law (Statute Law No. 1581). … Continue Reading

Spanish data protection watchdog publishes one new guidance on cookies and two on cloud computing

The Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), has issued three new guidance documents dealing with (1) the use of cookies, (2) cloud computing from a customer perspective and (3) cloud computing from a service provider perspective. The guides provide useful information on how to use modern IT solutions in conjunction … Continue Reading

ICO Information Rights Strategy 2012 – UK regulator identifies information security as continuing priority while targeting Financial Services, Health and Telecoms/New Media for close attention

This post was written by Nick Tyler. The Information Commissioner’s Office (ICO), the UK’s data protection and freedom of information regulator, has launched a high level “Information Rights Strategy”. In it, the ICO identifies the following priority areas: Internet and mobile services; health; credit and finance; criminal justice; and information security. The ICO will focus on … Continue Reading

Privacy Compliance: Not Just a Luxury Anymore

This post was also written by David Z. Smith. On August 29, 2011, a Google shareholder filed a derivative action against the company’s directors stemming from Google allegedly allowing and supporting Canadian and other foreign pharmacies to advertise and ship prescription drugs to American consumers through Google’s AdWords advertising program in violation of U.S. law. The … Continue Reading
LexBlog