Accountability – A Global Standard For Privacy Compliance

letters on keyboard

The Accountability Principle in International Data Protection Instruments  Privacy Accountability: National Regulators’ Accountability Guidance (Part 1)  Privacy Accountability: National Regulators’ Accountability Guidance (Part 2)  Colombian Data Protection Authority issues Accountability Guidance The notion of accountability is not new to data protection law and policy.  What is new, though, is that it is becoming more and more relevant in … Read more

CCPA Update – What Has Changed And What Remains The Same?

monitor on the table

The California legislative session ended with a bang on September 13, when legislators passed several noteworthy amendments to the California Consumer Privacy Act (CCPA). The California governor has until October 13 to act on these amendments. We have outlined below the amendments that materially alter the original scope or requirements of the CCPA and that … Read more

Equifax Part II – Key Learnings

equifax hackers

In the first part of this article here we looked at the background facts and circumstances of breach in the Equifax decision by the UK’s DPA, the ICO. This second part sets out some key learnings from the case. Review Intra-group Data Processing Arrangements The ICO focused on a number of flaws in the arrangements between … Read more

Key Messages From Ashley Madison Investigation

dating apps

After jointly investigating a data breach in July and August 2015 that occurred to a Canadian dating website operator’s system, the Australian Privacy Commissioner and the Privacy Commissioner of Canada released a joint report regarding their findings. The affected websites included the Ashley Madison dating website which had users in over 50 countries. Among other … Read more

The Importance Of Security In The Cloud: Security And Audit


Part of the b:INFORM 2015/2016 Cloud Survey Trend Series 1. Importance of Security Consistent with last year, our survey identified security and privacy at the forefront of buyers’ and providers’ minds in relation to cloud services.  Security (88%) and Privacy (73.3%) topped the list of buyers’ primary hesitations in deciding whether to buy cloud services.  More … Read more

OCR Begins Phase 2 Of Its HIPAA Audit Program

medical logo

Recently, the Department of Health and Human Services – Office for Civil Rights (“OCR”) announced the launch of Phase 2 of its audit program for the Health Insurance Portability and Accountability Act (“HIPAA”). After years in development, the program represents a new tool for OCR to use in evaluating businesses’ compliance with HIPAA’s Privacy, Security, … Read more

UK Seeks EU Court’s Clarification On Data Retention

building of the court

In the European Union, the Data Retention Directive used to be the instrument laying down the rules for the retention of,  and access to communications data for purposes of investigation, detection and prosecution of serious crime.  It required telecommunication service providers to retain traffic, location and subscriber data for up to two years and make … Read more

Ready Or Not, Here It Comes – A GDPR Game Plan

check out the new plan

While the GDPR may appear extremely prescriptive in comparison to the current Data Protection Directive (95/46/EC), the objective does not deviate far from the current Directive – assuring individuals’ fundamental right of personal data protection.  Multinational companies should focus on devising a systematic approach that fosters a culture of accountability, privacy by design and by default … Read more