A draft act on adjusting the Polish legal system to the provisions of the GDPR is under way in the lower house of the Polish Parliament (Sejm). The draft act contains, among others, provisions amending the rules for processing personal data by banks, credit institutions, loan companies and other entities regulated by Polish banking law.
Join us in October as we will discuss a number of topics including examining evolving issues regarding the California Consumer Privacy Act, the status of Asia-Pacific data protection regulation, how to prevent internal cybersecurity threats, and the implications of collecting workplace diversity data.
This blog entry contains the prepared remarks of Hogan Lovells Privacy and Information Management practice director Christopher Wolf on “Privacy and Technology in Balance” to be delivered at the opening plenary session of the 34th Annual Conference of Data Protection Authorities and Privacy Commissioners in Punta del Este, Uruguay.
In Hong Kong, an individual’s right to make an Access Request is expressly conferred by section 18of the Personal Data (Privacy) Ordinance which enables individuals to ascertain whether data users hold any personal data relating to them, and if so, to obtain a copy of such data. Individuals also have the right to request the correction of any inaccuracies contained in such data. Data users are required under the Ordinance to notify individuals of such access/correction rights, on or before the first use of their personal data. As described in this blog entry, the Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note titled “Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users” to provide data users with guidance on how to comply with data access requests as well as how to calculate the fees to be charged in connection with such Access Requests.
The Hong Kong Personal Data (Privacy) Amendment Ordinance was passed on 27 June 2012. This ends a nearly three year process initially spurred by the need to bring the existing legislation in line with technological and other advancements that occurred since it was enacted in 1996.
Organisations in Hong Kong are required under the Personal Data (Privacy) Ordinance to erase personal data when the data is no longer required for the purpose for which it was collected.
The Hong Kong Privacy Commissioner for Personal Data recently has published a Guidance Note, entitled “Guidance on Personal Data Erasure and Anonymisation,” which is relevant to compliance under the Ordinance.
IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains a report from today’s keynote sessions on the Irish regulatory landscape and the economics of privacy
IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains a report from today’s session on current regulatory issues in the Nordic countries.
IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains an instant report from today’s opening session, and summarizes the comments of UK’s Information Commissioner and Yahoo’s Vice-President for EMEA Advertising Marketplaces. The comments of the Information Commissioner are especially insightful regarding enforcement, cookies, and the pending European Regulation.
Chris Wolf, Hogan Lovells Privacy and Information Management Practice Director, has a column in Slate, the daily Web magazine addressing the tension between privacy laws and other societal interests, and the potential for inflexible application of privacy laws in the EU. His discussion is in the context of the prosecution of two reporters for invading the privacy of a former Nazi commando who had been in hiding for decades. A link to the column is included in this blog entry.
Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.
On 16 February 2010, the Article 29 Working Party adopted an opinion on the concepts of data “controller and “processor”, which are crucial for determining who is responsible for compliance with EU data protection rules. The opinion provides a comprehensive analysis as well as practical examples and rules of thumb on how to approach the concepts pragmatically.
On July 22, 2009, Sen. Patrick Leahy (D-VT) reintroduced S. 1490, the Personal Data Privacy and Security Act (“PDPSA”), which has been referred to the Senate Judiciary Committee. The reintroduced PDPSA is substantially similar to the prior version reported out by the Judiciary Committee in 2007, which was co-sponsored by then-Sen. Barack Obama. Among the […]
UPS Ltd has joined the ever-increasing number of companies featuring in the ‘Enforcement’ section of the UK Information Commissioner’s website, for failing to ensure the adequate security of personal data, which was held on an unencrypted laptop. Security is one of the key data protection principles set out in Schedule 1, Part 1, of the […]
With the compliance date for the federal health data breach notifications in the HITECH Act looming, more states are amending their data breach notification statutes to cover health information. The possible trend is evident in the newly-enacted laws of three states – Missouri, New Hampshire and Texas – all of which have been enacted since June 2009. […]