Privacy Matters

DLA Piper's Global Privacy and Data Protection Resource

Data Breach

AUSTRALIA: Likely increase in maximum penalties for privacy breaches

3 November 2022 / ,

Author: Sarah Birkett Anyone with a passing interest in Australian privacy laws will no doubt have heard about the Optus data breach. The incident, which was made public in late September 2022, is thought to have affected around 9 million individuals (almost 40% of the Australian population), with identity documents relating to approximately 2.22 million …

AUSTRALIA: Likely increase in maximum penalties for privacy breaches Read More »

ICO issue fine of £4.4m to Interserve for security failings

27 October 2022 / , , , ,

Authors: Ross McKean, Henry Pelling On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data …

ICO issue fine of £4.4m to Interserve for security failings Read More »

Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence

12 April 2022 / , ,

Authors: Zoltán Kozma, Mark Almasy The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million). The case involved the personal data processing of a bank (acting …

Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence Read More »

Global: International Data Protection Day!

12 October 2020 / , , ,

International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …

Global: International Data Protection Day! Read More »

The Netherlands – First GDPR fine imposed: EUR 460,000

16 July 2019 / , , , , ,

Today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA“) issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records. The fact that the first GDPR-fine was imposed on a hospital isn’t a complete surprise, as already in December 2018, …

The Netherlands – First GDPR fine imposed: EUR 460,000 Read More »

29 January 2019 / , , , ,

NETHERLANDS: Dutch Data Protection Authority received record amount of data breach notifications in 2018. Earlier today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a press release stating that it received 20,881 notifications of data breaches in 2018. In comparison to 2017, the amount of data breach notifications has (more than) doubled. The largest amount …

Read More »

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR

12 December 2018 / , , ,

On 8 November 2018, French NGO Internet Society France sent Facebook a formal notice listing seven areas where it has allegedly infringed GDPR. The social network has 4 months to respond. Failing that, the Internet Society France could launch the first class action suit for compensation since the entry into application of GDPR. The French …

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR Read More »

UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors

26 September 2017 / , , , , ,

On 1 August we reported on the launch of the International Regulatory Strategy Group’s “Article 28 GDPR ready contractual terms” for use between controllers and processors. The ICO has now launched its draft guidance on this subject. The purpose of the ICO guidance is to explain, in an accessible fashion, the core requirements that all …

UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors Read More »

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures

31 January 2019 / ,

Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used as a …

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures Read More »

THE NETHERLANDS: almost 5500 data breaches notified in 2016

30 August 2017 / , ,

By Richard van Schaik and Róbin de Wit The Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) revealed that almost 5500 data breaches have been notified since the legislation on mandatory data breach notification duties entered into force on 1 January 2016. Pursuant to this legislation, it is mandatory for all types of data controllers …

THE NETHERLANDS: almost 5500 data breaches notified in 2016 Read More »

EU: The right to be forgotten and the role of the Companies Registry

30 August 2017 / , , , , ,

On 8 September 2016, Advocate General Bot released his opinion on the “Camera di Commercio Industria, Artigianato e Agricoltura di Lecce v. Salvatore Manni” c-398/15  (“Manni Case“). If confirmed by the European Court of Justice, the opinion will no doubt shed further light on the construction of the right to be forgotten. Background The original …

EU: The right to be forgotten and the role of the Companies Registry Read More »

New Data Breach Notification Law in Nebraska

31 January 2019 / , ,

Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime.  First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or …

New Data Breach Notification Law in Nebraska Read More »

ANALYSIS: WHAT TO EXPECT FROM THE PRIVACY SHIELD AND THE GENERAL DATA PROTECTION REGULATION (GDPR)

8 February 2016 / , ,

DLA Piper Shared Insights at Bloomberg Law’s 2016 Outlook on Privacy and Data Security in Washington DC On February 3rd, the day after announcement of the US-EU Privacy Shield provisional agreement, DLA Piper’s Carol Umhoefer, Jim Halpert and Giangi Olivi discussed EU data protection developments at Bloomberg Law’s 2016 Outlook on Privacy and Data Security, …

ANALYSIS: WHAT TO EXPECT FROM THE PRIVACY SHIELD AND THE GENERAL DATA PROTECTION REGULATION (GDPR) Read More »

Hacking Team case – is your cyber risk strategy enough?

1 February 2019 / , , , , ,

The cyber-attack suffered by Hacking Team revealed unexpected vulnerabilities of systems with considerable consequences for businesses whose cyber risk strategy shall be reassessed. The press extensively covered during the last days the case concerning the cyber attack suffered by the Hacking Team, a government-sponsored provider of device monitoring solutions.  Following the attack, over 1 million emails …

Hacking Team case – is your cyber risk strategy enough? Read More »

What privacy obligations and liabilities for drones?

1 February 2019 / , , ,

By Giulio Coraggio Privacy breaches and potential liabilities might increase as a consequence of the usage of drones that represent a massive resource in a number of different sectors, but might also trigger some “new” unexpected legal risks. Drones were initially used only in the military sector.  However, the possibility to rely on them for …

What privacy obligations and liabilities for drones? Read More »

HACKERS STEAL 1.2 BILLION PASSWORDS – 4 STEPS TO TAKE NOW

1 February 2019 / , ,

Written by Aravind Swaminathan and Tara McGraw Swaminatha The New York Times reported this week that an organized Russian criminal group stole approximately 1.2 billion user name and password credentials associated with more than 500 million email addresses from hundreds of thousands of websites around the world. The article notes that the hackers used a …

HACKERS STEAL 1.2 BILLION PASSWORDS – 4 STEPS TO TAKE NOW Read More »

Florida Information Protection Act of 2014 Goes Into Effect; Regulator Notification Required

1 February 2019 / , ,

By Jennifer Kashatus Effective July 1, 2014, Florida has repealed its existing data breach law in favor of a new, more stringent, law. Florida has joined the list of states requiring notice to regulators:  specifically, an entity must notify the Department of Legal Affairs of any breach affecting 500 or more Florida residents as soon as possible, …

Florida Information Protection Act of 2014 Goes Into Effect; Regulator Notification Required Read More »

Linkedin-in Twitter Facebook-f Instagram Youtube Weixin
© 2023 DLA Piper. DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper’s structure, please refer to the Legal Notices page. All rights reserved. Attorney advertising.​