You searched for:
data in keywords.
Can't find what you are looking for? Try again with a
new or advanced search
72 articles matched. Most recent shown first. Showing first 10 results.
The UK Information Commissioner’s Office (‘ICO’) recently fined Yahoo! Inc.’s UK arm £250,000 for a data breach affecting more than 500,000 UK user accounts (and around 500 million worldwide) and, in a separate incident, fined the University of Greenwich £120,000 for a ‘serious’ security breach involving the personal data of nearly 20,000 students and staff. As both of these data breaches occurred prior to the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) coming into force, Yahoo! and the University of Greenwich were fined under the Data Protection Act 1998, which provides for a maximum fine of £500,000. Rohan Massey and William Moore, of Ropes & Gray LLP, provide insight into the ICO’s actions with regard to both data breaches, and comment on their significance at a time when its approach to data protection processes is in a state of change. /
read more
It has been three months since the entry into effect of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), and when looking back at the most recent decisions rendered by the French data protection authority (‘CNIL’), it can be seen that one of the main issues that should be a point of attention for data controllers is the obligation of security when collecting, processing, storing and transferring the personal data of their data subjects. Cécile Martin and Bérengère Lubineau of Ogletree Deakins International LLP provide analysis of CNIL’s approach to sanctioning entities for a lack of data security. /
read more
While I was steering my practice at PwC through the GDPR-readiness process, which often involved working on relatively mundane data protection and security issues of the kind that I thought I had escaped from a decade or so ago (data landscapes, policies, operating models and the like), I kept my ‘intellectual curiosity’ up with a personal side project to improve my understanding of the potential role that codes of ethics have to play in the creation of sound digital outcomes in society. Going into the summer break with that frame of mind, I was really struck by how common the focus of ethics was in my chosen holiday reading list1. A golden thread within these books and the others, both express and implied, is the criticality of an ethics-based approach within the development of responses to some of the most pressing challenges of the digital age, including the ‘democracy deficit’ associated with the use of advanced data analytics in political processes; surveillance and profiling for commercial benefits; the advance of the ‘Big Brother’ state; and, of course, the continuing scourge of cyber crime. /
read more
With Moore’s law reaching its saturation, and almost all objects around us slowly coming to life with the Internet of Things, we have reached that stage of human civilisation where we are leaving our digital footprints and transmitting data at a rate faster than the human ability to process such data. This progress in the rate of exchange, transmission, storage and processing of data has also called for lawmakers around the world to protect and secure such data as well as to protect the privacy of individuals, including in India. Amrut Joshi and Namrata Bhagwatula, Founder and Senior Associate respectively at GameChanger Law Advisors provide an overview of the existing data protection framework in India and look ahead to the future in light of recent jurisprudence and legislative proposals. /
read more
After eight years of scrutiny under the microscope of the US Federal Trade Commission (‘FTC’) and lengthy contention and expensive federal litigation, the US Court of Appeals for the Eleventh Circuit delivered an opinion in favour of LabMD, a small medical testing lab (now out of business), that the FTC’s cease and desist order was unenforceable because it did not specifically list the data security protections that LabMD needed to implement to comply with the FTC’s order. The Eleventh Circuit decision is expected to have a long standing impact on the state of cyber security regulation in the US, and specifically the FTC’s ‘regulation by consent decree’ approach that it has used for years, as Ryan P. Blaney, Esq. and Sarah Hopkins, of Cozen O’Connor, explain. /
read more
On 11 April 2018, the Article 29 Working Party (‘WP29’), which has since been replaced by the European Data Protection Board, issued a statement about the importance of encryption to guarantee the protection of individuals in regards to the confidentiality an integrity of their data and in which it expressed its concerns about the perceived inability to keep ‘backdoors’ in encryption software - that have been introduced for law enforcement purposes - secure. Annabelle Gold-Caution, Solicitor at Fieldfisher, in this article discusses the WP29’s statement in the context of two nations which have already legislated in this area: the UK and the US. /
read more
Here we are in June 2018, with a brand new legal framework, namely the Data Protection Act 2018 and the Cyber Security Regulations 2018. Casting back on my years of practice in this field, I can’t think of a more momentous time for legislation. Yes, the early noughties were theoretically challenging, with the transitional provisions of the 1998 Data Protection Act still biting and the ePrivacy laws coming into effect; the Freedom of Information Act certainly caused much disruption to the public sector when it landed in 2005; there was much promise in the Criminal Justice and Immigration Act 2008 and the Coroners and Justice Act 2009, with new data offences and regulatory powers; and amendments to the e-communication six pack gave us digital marketing and security upheaval in 2012 - but all of these pale when compared to the root and branch changes that we saw last month. /
read more
Recent developments such as the forthcoming application of the General Data Protection Regulation (‘GDPR’) and the recent High Court decision against the supermarket Morrisons in Various Claimants v. W M Morrison Supermarket Plc1 (the ‘Morrisons’ case), have brought cyber security to the top of the agenda for many businesses. One clear obligation is for businesses to ensure that their employees receive adequate training to protect against data breaches. A business’s liability for a breach of its data security obligations can be significant and can arise from breaches caused by the innocent actions of careless employees or, in extreme cases, by deliberate or malicious actions by employees. Manoj Vaghela and Ben Moore of Charles Russell Speechlys LLP discuss the importance of insurance taken out by businesses to cover liability for breaches.
/
read more
The European Union’s General Data Protection Regulation (‘GDPR’), which takes effect on 25 May 2018, will affect the way registrars and registries collect, retain and make available the registration data of domain registrants in WHOIS directories. As Dr Lutz Riede and Dr Gernot Fritz of Freshfields Bruckhaus Deringer LLP explain in this article, it is the prevailing opinion that the public availability of domain registrants’ personal data in WHOIS directories violates the GDPR. Until the Internet Corporation for Assigned Names and Numbers’ (‘ICANN’) proposed ‘Interim Model,’ which introduces revised specifications and a layered or tiered access model, has been implemented, there will be uncertainty as to whether accurate and complete data about domain registrants will remain available to law enforcement, rightsholders and other interested parties. Dr Riede and Dr Fritz discuss here the background to this problem, and how the situation could make it harder for law enforcement authorities to prevent cyber crime as well as for rightsholders to pursue fraudulent actions and IP infringements conducted over the internet. /
read more
On 9 March 2018, the United States District Court for the Northern District of California, San Jose Division, granted in part and denied in part Yahoo! Inc. (‘Yahoo’) and Aabaco Small Business, LLC’s (‘Aabaco’) (collectively, ‘the Defendants’) motion to dismiss putative class litigation brought by nine named individuals (‘the Plaintiffs’) over the way the Defendants handled several data breaches that occurred between 2013 and 2016. The Court’s decision has paved the way for the Plaintiffs’ class action suit to proceed, and in this article, Margaret Reetz, Partner at Mendes & Mount LLP, dissects the Court’s reasoning and both parties’ grounds in the case. /
read more
