Category

Policy

20 October 2017

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

On 4 October 2017 the Article 29 Working Party (“WP29”) published its final Guidelines on Data Protection Impact Assessment (“DPIA”) which were initially released in draft form in April 2017. Article 35 of the General Data Protection Regulation (“GDPR”) requires the use of DPIAs, or risk assessments of the proposed processing of personal data by an organisation, as part of regular business processes. The key revisions to note are in relation to the following concepts: (more…)

EmailShare
21 July 2017

The Belgian Data Protection Authority Publishes Guidance on Records of Processing Activities Under the GDPR

The Belgian Commission for the Protection of Privacy (“Privacy Commission”) has recently published guidance on Article 30 of the GDPR which contains the obligation for data controllers and processors to record their processing activities.

This record will have to be up-to-date by 25 May 2018 and readily made available to the regulator should it ask to view it. (more…)

EmailShare
14 July 2017

Federal Agencies Focus on Risks, Guidance for Internet of Things

Businesses and consumers are increasingly using Internet of Things (“IoT”) devices to communicate and process quantities and types of information that have never before been captured.  In response, more federal agencies are turning their attention to the potential risks, and developing guidance for the deployment of IoT technologies.  The latest to weigh in on risks include the Governmental Accountability Office and the Department of Commerce. (more…)

EmailShare
26 June 2017

NYDFS Issues FAQs for Recently Issued Cybersecurity Regulations

On June 20, 2017, the New York State Department of Financial Services (“NYDFS”) expanded its set of frequently asked questions (“FAQs”) and answers concerning its recently finalized Cybersecurity Regulations (23 NYCRR 500.01), which set forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk.  The now 17 questions included in the release address the types of entities that fall within the scope of the Regulations, the notice requirements attending a Cybersecurity Event (as defined in the Regulations), the annual certification requirement, and additional specific elements of the rules. (more…)

EmailShare
15 May 2017

President Trump Signs Executive Order on Cybersecurity at Federal Agencies

On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.  The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services.  The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.  (more…)

EmailShare
09 May 2017

Sidley’s Third Annual Privacy and Cybersecurity Roundtable

On April 18 in the DC office, Sidley hosted the firm’s third annual Privacy and Cybersecurity Roundtable for over 70 clients. Speakers included a senior representative of the European Data Protection Supervisor, senior officials from the Office of the New York State Attorney General and the Federal Trade Commission, legal, policy and compliance leaders from Facebook and Gannett, along with several members of the firm’s privacy, securities law and governance groups. (more…)

EmailShare
27 April 2017

Singapore’s Personal Data Protection Commission Publishes Advisory Guidelines on the Use of Anonymized Data

The Personal Data Protection Act, 2012 (PDPA), Singapore’s general data protection law, governs the collection, use and disclosure of personal data. The Singapore Personal Data Protection Commission (PDPC), which enforces the PDPA, recently updated the chapter on data anonymization found in its Advisory Guidelines (Guidelines). The Guidelines are not legally binding but provide guidance on how the PDPC will interpret the PDPA. The revisions encourage organizations to incorporate into the process of anonymizing data an inquiry into the risks that the data may be re-identified and any potential negative effect on the individuals involved rather than focusing purely on the various techniques to anonymize the data.

(more…)

EmailShare
17 April 2017

EU Lawmakers Say That Privacy Shield Deficiencies Must Be Fixed Urgently

On 6th April, 2017, the European Parliament adopted a resolution stating that there are deficiencies in the EU-US data transfer accord Privacy Shield which must be “urgently resolved” in order to give citizens and companies legal certainty. MEPs called on the EU Commission to conduct an assessment and to ensure that the Privacy Shield complies sufficiently with the EU Charter of Fundamental Rights and new EU data protection rules. (more…)

EmailShare
04 April 2017

A Farewell to the FCC Broadband Privacy Rules

On April 3, 2017, President Trump signed the bill repealing the Federal Communications Commission’s much-debated broadband privacy rules. The House of Representatives voted 215–205 to disapprove the rules, after a party-line Senate vote of 50–48. The result is that the FCC’s key rules governing internet service providers’ collection and use of consumer data, as well as data security, will not go into effect as scheduled. Moreover, the FCC will be precluded from promulgating any regulation in “substantially the same” form until a future Congress allows such action.

(more…)

EmailShare
XSLT Plugin by BMI Calculator