Tag Archives: enforcement

SEC Increases Focus on Cyber Incident Response

In the past few years, we have seen an uptick in agencies beginning to focus on the cybersecurity readiness and response of organizations subject to their jurisdiction. The U.S. Securities and Exchange Commission (SEC), for example, has identified cybersecurity as a top priority for many years. This past June, the SEC named Stephanie Avakian and … Continue Reading

In the age of Big Data, the EDPS issues an Opinion on enforcement and upholding fundamental rights

The European Data Protection Supervisor (“EDPS”) issued an Opinion on “coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and competitiveness in the age of big data”. The Preliminary Opinion observed a tendency for EU rules of data protection, consumer … Continue Reading

New FAA Drone Rules

On June 21, 2016, the FAA issued its long-awaited regulations governing “Small Unmanned Aircraft,” or drone operation.  The regulations allow the use of drones weighing less than 55 pounds, traveling less than 100 mph groundspeed, and up to 400 feet above the ground, for a wide variety of purposes during daylight hours.  The regulations allow … Continue Reading

Hong Kong Commissioner upgrades rules for processing biometric data

The Hong Kong Commissioner has published guidance (‘Guidance’) to assist data users in complying with Hong Kong’s privacy laws when processing biometric data, and takes a broader approach than previous guidance dealing with when and how biometric data may be handled by an organisation. Although no distinction is drawn between personal data and sensitive personal … Continue Reading

Hungary accepts use of BCRs as part of recent data protection law changes

On 6 July 2015, the Hungarian Parliament adopted several amendments (‘Amendments’) to Act CXII 2011 on the Right of Informational Self-Determination and the Freedom of Information (‘Data Protection Act’). The Amendments, currently only available in Hungarian, are designed to develop the data protection and right-to-access public information rules within Hungary, and fix problems the Hungarian … Continue Reading

South Korea introduces further data protection breach penalties to encourage compliance, and issues mobile app guidance

Ever since January 2014, when South Korea’s credit card industry lost huge amounts of customer data during a data breach, the South Korean government has been gradually announcing stricter penalties for those who run afoul of data protection rules. The latest amendment to the Personal Information Protection Act (PIPA), Bill No. 15737 (‘Amendment’), published 7 … Continue Reading

UK ICO Annual Report highlights 100% success rate for monetary penalties imposed

The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% … Continue Reading

UK data protection authority publishes data breach statistics

The UK data protection authority, Information Commissioner’s Office (ICO), has published statistics regarding breach incidents in the first quarter of this year (1 April – 30 June 2013). In a related press release, the ICO discussed conclusions drawn from the numbers regarding the most common types of data breaches and the sectors that appear to … Continue Reading

UK First-Tier Tribunal Dismisses Appeal Against Information Commissioner’s Monetary Penalty Notice

This post was written by Cynthia O’Donoghue. The First-Tier Tribunal General Regulatory Chamber for Information Rights has dismissed the first appeal against a Monetary Penalty Notice issued by the UK Information Commissioner’s Offices (ICO) for a serious violation of the Data Protection Act 1998 (DPA). The ICO had issued the Central London Community Healthcare NHS … Continue Reading

FTC Tries The Carrot and The Stick: Releases Guidance on Mobile Privacy Best Practices; Enters Into $800K Consent Order with Path

Today, the Federal Trade Commission released detailed guidance on privacy in the mobile environment – at the same time it announced its largest-ever settlement with an app developer for alleged privacy violations. Combined with aggressive action on mobile privacy issues by the California attorney general’s office, Mobile Privacy Disclosures provides every company associated with a … Continue Reading

Information Commissioner’s Office set to issue first fines under the Privacy and Electronic Communications Regulations

Since March of this year, the Information Commissioner’s Office (ICO) has been asking members of the public to report any calls or texts they have received from unknown senders by using an online survey. The survey information has allowed the ICO to focus its investigations on organisations responsible for making unsolicited communications. The ICO received … Continue Reading

The UK Information Commissioner’s Office Has Received Numerous Complaints about Websites not adhering to the ‘Cookie’ law

The UK Information Commissioner’s Office (ICO) has received 169 complaints thus far about websites failing to comply with the cookie law that came into force May 26, V3.co.uk reports. UK Information Commissioner Christopher Graham stated that his office has received 169 complaints thus far about websites whose policies appear not to comply with the new … Continue Reading

The UK Information Commissioner’s Office issues the largest monetary penalty in its history to NHS hospital trust

This post was written by Cynthia O’Donoghue. The UK Information Commissioner’s Office (“ICO”) has issued its largest-ever fine of £325,000 GBP ($503,705 USD) to Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff, including information relating to sexual health and … Continue Reading

The French Data Protection Authority unveils its agenda and targets for inspections in 2012

This post was written by Cynthia O’Donoghue. The French Data Protection Authority (the “CNIL”) issued a press release 19 April 2012 detailing its planned enforcement agenda for the coming year. The CNIL announced that it intends to conduct around 450 on-site inspections during 2012, with particular focus on six specific themes. The CNIL will also … Continue Reading

ICO Information Rights Strategy 2012 – UK regulator identifies information security as continuing priority while targeting Financial Services, Health and Telecoms/New Media for close attention

This post was written by Nick Tyler. The Information Commissioner’s Office (ICO), the UK’s data protection and freedom of information regulator, has launched a high level “Information Rights Strategy”. In it, the ICO identifies the following priority areas: Internet and mobile services; health; credit and finance; criminal justice; and information security. The ICO will focus on … Continue Reading

UK High Court challenges ICO’s view on the scope of “domestic purposes” exemption – UK data protection regulator may now be expected to intervene and stop unlawful publication of offensive material on the Internet

This post was also written by Nick Tyler. In a decision with potentially far-reaching consequences for the UK data protection regulator, a High Court Judge, Tugendhat J., questioned the legal basis upon which the Information Commissioner’s Office (ICO) declined to take action to stop the publication of defamatory and offensive material on the website solicitorsfromhell.co.uk. … Continue Reading

Predictions on the New EU Data Protection Law

Richard Thomas, the former UK Information Commissioner predicted that the European Commission will issue a regulation rather than a directive as part of the overhaul of the EU data protection directive. Under EU law a regulation has immediate legal effect whereas a directive requires the EU member states to enact implementing legislation. The issuance of … Continue Reading

‘The Four Pillars of Wisdom’? EU Commissioner’s speech signals key areas for reform of EU privacy rights

This post was written by Nick Tyler. In a recent speech, Viviane Reding, the EU Commissioner with responsibility for European Union data protection policy identified ‘four pillars’ upon which the privacy rights of EU citizens “need to be built” so that individuals’ have more control over their personal data in today’s online world. Reforming EU data … Continue Reading

Consumer Privacy Issues Abound in the Dodd-Frank Wall Street Reform and Consumer Protection Act

This post was also written by Chris Cwalina and Amy Mushahwar. With President Obama scheduled to sign the Dodd-Frank Wall Street Reform and Consumer Protection Act this week, the financial services industry faces a rapidly changing regulatory environment.  While a great deal of attention has been paid to the significant restructuring of the financial services regulatory regime, … Continue Reading
LexBlog