South Korea Enacts Stricter Penalties for Data Protection Violations by Telecommunications and Online Services Providers

South Korea has enacted stricter penalties for violations of data protection or privacy requirements by telecommunications and online service providers, including potentially steep damages in the wake of a data breach. The amendment (the “Amendment”) to South Korea’s Act on the Promotion of IT Network Use and Information Protection (“Network Act”) became law on March 22, 2016 and will become effective on September 23, 2016. The Network Act regulates and protects the personal information of individuals (“Information Subjects”) that are collected, used and disclosed by telecommunications and online service providers (“Service Providers.”) Overall, the Amendment provides heavier penalties for violating privacy provisions in the Network Act. The increased penalties and stricter privacy standards are consistent with recent amendments in other Korean privacy laws, such as the Personal Information Protection Act and the Utilization and Protection of Credit Information Act.

Read More

EmailShare

Sidley’s 2nd Annual Privacy and Cybersecurity Roundtable Provides Cross-Industry Insights from Senior Government Officials

Senior legal, economic and privacy leadership from U.S. and European government joined Sidley partners and senior counsel as panel participants at the 2nd Annual Privacy and Cybersecurity Roundtable.  An audience of more than 70 privacy professionals across financial, healthcare and technology industries heard from three panels that focused on the latest developments and prospective issues in cybersecurity, big data and EU privacy.

Read More

EmailShare

Article 29 Working Party Releases Its Wish List for the EU-U.S. Privacy Shield

On April 13, the Article 29 Working Party announced that it had completed its assessment of the EU-U.S. Privacy Shield documentation. The announcement was followed by the release of a 58-page Opinion on the European Commission’s draft adequacy decision on the Privacy Shield.

Read More

EmailShare

EU General Data Protection Regulation has been Adopted

On Thursday, April 14, 2016, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (the GDPR). During the plenary session Jan Philipp Albrecht, rapporteur of the European Parliament for the GDPR, welcomed the adoption following what he described as years of “democratic debate and legislative process.” Albrecht further described the adoption as “a huge step forward towards creating a single legal environment for the digital world of tomorrow.” Today’s parliamentary vote completes the legislative process for adoption of the GDPR.  The final step will be for the GDPR to be published in the Official Journal of the EU which will likely take place in May 2016. Companies and regulators will then have two years from the date of publication in which to implement the requirements under the GDPR. Businesses should now seriously consider the impact of the GDPR and start planning for implementation.

EmailShare

EU General Data Protection Regulation Takes Significant Steps Towards Adoption

The past several days, the GDPR (the EU General Data Protection Regulation) took two significant steps towards adoption.  On Friday, April 8, 2016, the European Council adopted the GDPR at first reading.  Then today, Tuesday, April 12, 2016, the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (the LIBE Committee) approved the GDPR by a 54-3 vote with one abstention. The European Parliament is due to vote on the GDPR in a second reading at a plenary session this coming Thursday. That will complete the legislative process for adoption of the GDPR. The final step will be for the GDPR to be published in the Official Journal of the EU which will likely take place in May 2016. After publication, the GDPR will apply two years after the date of publication, allowing companies and regulators a grace period to prepare. The interpretation of the GDPR will be shaped by guidance from the new European Data Protection Board.

Read More

EmailShare

Leaked Extracts on Working Party Opinion Indicate Approval of Privacy Shield May Not Be Imminent

Today, alleged extracts from the impending Article 29 Working Party Opinion on the adequacy of the Privacy Shield were leaked.  These extracts indicate that a number of clarifications on the Privacy Shield documents will be required before the Working Party can confirm that the Privacy Shield, in its view, ensures a level of protection that is essentially equivalent to that in the EU.  The full opinion is due to be published on Wednesday 13 April, and will form part of the package for consideration by the European Commission.

Read More

EmailShare

Tennessee Amends Breach Notification Law

On March 24, Tennessee enacted a law amending its breach notification law, originally enacted in 2005. The new amendment requires businesses and government agencies to notify citizens affected by data breaches within 45 days of discovering the breach. Exceptions to the 45-day time limit will be allowed only when required for law enforcement purposes. The amendment also specifies that unauthorized access of information by employees of the business or agency that holds the information triggers the 45-day notification requirement.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator