Authors: Zoltán Kozma, Mark Almasy The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million). The case involved the personal data processing of a bank (acting …
International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …
Today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA“) issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records. The fact that the first GDPR-fine was imposed on a hospital isn’t a complete surprise, as already in December 2018, …
The Netherlands – First GDPR fine imposed: EUR 460,000 Read More »
NETHERLANDS: Dutch Data Protection Authority received record amount of data breach notifications in 2018. Earlier today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a press release stating that it received 20,881 notifications of data breaches in 2018. In comparison to 2017, the amount of data breach notifications has (more than) doubled. The largest amount …
On 8 November 2018, French NGO Internet Society France sent Facebook a formal notice listing seven areas where it has allegedly infringed GDPR. The social network has 4 months to respond. Failing that, the Internet Society France could launch the first class action suit for compensation since the entry into application of GDPR. The French …
FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR Read More »
On 1 August we reported on the launch of the International Regulatory Strategy Group’s “Article 28 GDPR ready contractual terms” for use between controllers and processors. The ICO has now launched its draft guidance on this subject. The purpose of the ICO guidance is to explain, in an accessible fashion, the core requirements that all …
UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors Read More »
Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used as a …
By Richard van Schaik and Róbin de Wit The Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) revealed that almost 5500 data breaches have been notified since the legislation on mandatory data breach notification duties entered into force on 1 January 2016. Pursuant to this legislation, it is mandatory for all types of data controllers …
THE NETHERLANDS: almost 5500 data breaches notified in 2016 Read More »
On 8 September 2016, Advocate General Bot released his opinion on the “Camera di Commercio Industria, Artigianato e Agricoltura di Lecce v. Salvatore Manni” c-398/15 (“Manni Case“). If confirmed by the European Court of Justice, the opinion will no doubt shed further light on the construction of the right to be forgotten. Background The original …
EU: The right to be forgotten and the role of the Companies Registry Read More »
Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime. First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or …
DLA Piper Shared Insights at Bloomberg Law’s 2016 Outlook on Privacy and Data Security in Washington DC On February 3rd, the day after announcement of the US-EU Privacy Shield provisional agreement, DLA Piper’s Carol Umhoefer, Jim Halpert and Giangi Olivi discussed EU data protection developments at Bloomberg Law’s 2016 Outlook on Privacy and Data Security, …
The cyber-attack suffered by Hacking Team revealed unexpected vulnerabilities of systems with considerable consequences for businesses whose cyber risk strategy shall be reassessed. The press extensively covered during the last days the case concerning the cyber attack suffered by the Hacking Team, a government-sponsored provider of device monitoring solutions. Following the attack, over 1 million emails …
Hacking Team case – is your cyber risk strategy enough? Read More »
By Giulio Coraggio Privacy breaches and potential liabilities might increase as a consequence of the usage of drones that represent a massive resource in a number of different sectors, but might also trigger some “new” unexpected legal risks. Drones were initially used only in the military sector. However, the possibility to rely on them for …
What privacy obligations and liabilities for drones? Read More »
Written by Aravind Swaminathan and Tara McGraw Swaminatha The New York Times reported this week that an organized Russian criminal group stole approximately 1.2 billion user name and password credentials associated with more than 500 million email addresses from hundreds of thousands of websites around the world. The article notes that the hackers used a …
HACKERS STEAL 1.2 BILLION PASSWORDS – 4 STEPS TO TAKE NOW Read More »
By Jennifer Kashatus Effective July 1, 2014, Florida has repealed its existing data breach law in favor of a new, more stringent, law. Florida has joined the list of states requiring notice to regulators: specifically, an entity must notify the Department of Legal Affairs of any breach affecting 500 or more Florida residents as soon as possible, …
