A draft act on adjusting the Polish legal system to the provisions of the GDPR is under way in the lower house of the Polish Parliament (Sejm). The draft act contains, among others, provisions amending the rules for processing personal data by banks, credit institutions, loan companies and other entities regulated by Polish banking law.
Tag Archives: Data
Privacy and Cybersecurity October 2018 Events
Join us in October as we will discuss a number of topics including examining evolving issues regarding the California Consumer Privacy Act, the status of Asia-Pacific data protection regulation, how to prevent internal cybersecurity threats, and the implications of collecting workplace diversity data.
Live Blogging from the 34th Annual Conference of DPAs and Privacy Commissioners: Prepared Remarks of Hogan Lovells’ Christopher Wolf at Opening Plenary Session
This blog entry contains the prepared remarks of Hogan Lovells Privacy and Information Management practice director Christopher Wolf on “Privacy and Technology in Balance” to be delivered at the opening plenary session of the 34th Annual Conference of Data Protection Authorities and Privacy Commissioners in Punta del Este, Uruguay.
Hong Kong Privacy Commissioner Publishes Guidance on the Handling of Data Access Requests and the Charging of Access Fees
In Hong Kong, an individual’s right to make an Access Request is expressly conferred by section 18of the Personal Data (Privacy) Ordinance which enables individuals to ascertain whether data users hold any personal data relating to them, and if so, to obtain a copy of such data. Individuals also have the right to request the correction of any inaccuracies contained in such data. Data users are required under the Ordinance to notify individuals of such access/correction rights, on or before the first use of their personal data. As described in this blog entry, the Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note titled “Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users” to provide data users with guidance on how to comply with data access requests as well as how to calculate the fees to be charged in connection with such Access Requests.
Hong Kong Personal Data (Privacy)Ordinance Amendment Prompts Reviews of Data Protection Policies and Practices
The Hong Kong Personal Data (Privacy) Amendment Ordinance was passed on 27 June 2012. This ends a nearly three year process initially spurred by the need to bring the existing legislation in line with technological and other advancements that occurred since it was enacted in 1996.
Hong Kong’s Privacy Commissioner Publishes Guidance Note on Personal Data Erasure and Anonymisation
Organisations in Hong Kong are required under the Personal Data (Privacy) Ordinance to erase personal data when the data is no longer required for the purpose for which it was collected.
The Hong Kong Privacy Commissioner for Personal Data recently has published a Guidance Note, entitled “Guidance on Personal Data Erasure and Anonymisation,” which is relevant to compliance under the Ordinance.
Blogging from the IAPP London Data Protection Intensive
IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains a report from today’s keynote sessions on the Irish regulatory landscape and the economics of privacy
Blogging from the IAPP London Data Protection Intensive
IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains a report from today’s session on current regulatory issues in the Nordic countries.
Blogging from the IAPP London Data Protection Intensive
IAPP Europe is currently holding its Data Protection Intensive 2012 in London. This entry from London partner Quentin Archer contains an instant report from today’s opening session, and summarizes the comments of UK’s Information Commissioner and Yahoo’s Vice-President for EMEA Advertising Marketplaces. The comments of the Information Commissioner are especially insightful regarding enforcement, cookies, and the pending European Regulation.
Lessons from the Power Ventures Case Include “Terms of Use Can Create Computer Fraud and Abuse Act Liability”
This blog entry describes how Facebook’s Terms of Use became a potent legal tool in the company’s dispute with a data aggregation service.
Tension Between Privacy Law and Other Interests Highlighted in Recent German Episode
Chris Wolf, Hogan Lovells Privacy and Information Management Practice Director, has a column in Slate, the daily Web magazine addressing the tension between privacy laws and other societal interests, and the potential for inflexible application of privacy laws in the EU. His discussion is in the context of the prosecution of two reporters for invading the privacy of a former Nazi commando who had been in hiding for decades. A link to the column is included in this blog entry.
London Privacy Workshop Seeks Input for UK Consultation
Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.
Article 29 Working Party Provides Guidance On Data Controller/Processor Concepts
On 16 February 2010, the Article 29 Working Party adopted an opinion on the concepts of data “controller and “processor”, which are crucial for determining who is responsible for compliance with EU data protection rules. The opinion provides a comprehensive analysis as well as practical examples and rules of thumb on how to approach the concepts pragmatically.
Draft Federal Legislation May Bring Changes to Data Breach Practices
On July 22, 2009, Sen. Patrick Leahy (D-VT) reintroduced S. 1490, the Personal Data Privacy and Security Act (“PDPSA”), which has been referred to the Senate Judiciary Committee. The reintroduced PDPSA is substantially similar to the prior version reported out by the Judiciary Committee in 2007, which was co-sponsored by then-Sen. Barack Obama. Among the […]
UPS Ltd Subject of UK Data Security Enforcement
UPS Ltd has joined the ever-increasing number of companies featuring in the ‘Enforcement’ section of the UK Information Commissioner’s website, for failing to ensure the adequate security of personal data, which was held on an unencrypted laptop. Security is one of the key data protection principles set out in Schedule 1, Part 1, of the […]
Possible Health Information Trend in State Data Protection Statutes
With the compliance date for the federal health data breach notifications in the HITECH Act looming, more states are amending their data breach notification statutes to cover health information. The possible trend is evident in the newly-enacted laws of three states – Missouri, New Hampshire and Texas – all of which have been enacted since June 2009. […]