Privacy Transformation - Issue 180
PRIVACY
Countdown to compliance as EU's Digital Services Act published
The European Union's flagship reboot of long-standing ecommerce rules, aka the Digital Services Act (DSA), has now been published in the bloc's Official Journal.
RELATED: Digital Services Act
Court throws out data protection breach claims by members against Siptu
Judge cites rulings by data and legal authorities that proof of ‘more than minimal loss’ necessary before such cases could succeed.
Data protection concerns raised on farm prescription plans
Senator Tim Lombard has called for the involvement of the Data Protection Commissioner in assessing whether the sharing of farmer data will be legal.
SECURITY & TECH
Technology that lets us speak to our dead relatives has arrived. Are we ready?
Digital clones of the people we love could forever change how we grieve.
Almost half of Irish SMEs hit by multiple cyber attacks
Almost half of Irish small and medium businesses have experienced multiple cyber attacks in the last three years, according to a new study.
ICO: ‘Immature biometric technologies could be discriminating against people’ says ICO in warning to organisations
The UK Information Commissioner's Office is warning organisations to assess the public risks of using emotion analysis technologies, before implementing these systems. Organisations that do not act responsibly, posing risks to vulnerable people, or fail to meet ICO expectations will be investigated.
The No-Nonsense Comprehensive Compelling Case For Why Lawyers Need To Know About AI And The Law
This is a no-nonsense comprehensive and compelling case for why lawyers need to know about AI and the law. If you are a lawyer or know a lawyer or perhaps a law student, make sure to see what AI has to offer for those keenly interested in the law.
Twilio discloses another hack from June, blames voice phishing
Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.
TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens
The project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent.
DATA BREACH
Australia's No. 1 health insurer says hacker stole patient details
Australia's biggest health insurer said on Thursday a criminal had apparently stolen customers' medical information as part of a massive breach of data, fueling concern about a wave of high-profile cyber attacks.
ENFORCEMENT
‘Biggest cyber risk is complacency, not hackers’ - UK Information Commissioner issues warning as construction company fined £4.4 million
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff. The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure.
Outsourcer Interserve fined £4.4m for failing to stop cyber-attack
Watchdog says phishing email enabled hackers to steal personal information of 113,000 employees.
France fines Clearview AI maximum possible for GDPR breaches
Clearview AI, the controversial facial recognition firm that scrapes selfies and other personal data off the Internet without consent to feed an AI-powered identity-matching service it sells to law enforcement and others, has been hit with another fine in Europe.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Guidelines 9/2022 on personal data breach notification under GDPR
The European Data Protection Board welcomes comments on the targeted update made Guidelines 09/2022 on personal data breach notification under GDPR.
RESOURCES
🔊 In Conversation with Helen Dixon, the Data Protection Commissioner for Ireland
In our latest podcast episode, the Data Protection Commissioner for Ireland, Helen Dixon, chats with the CEO of EM Ireland, Noelle O Connell.
DPC Case Studies
The Irish Data Protection Commission has published new case studies:
- Disclosure of personal and financial data to a third party and erasure request
- Unlawful processing and disclosure of special category data
- Unlawful processing and erasure request
- Disclosure, withdrawing consent for processing and subject access request
- Unlawful processing of special category data
Congressional Research Service: EU-U.S. Data Privacy Framework
The EU-U.S. Data Privacy Framework: Background, Implementation, and Next Steps.
IAPP: Privacy Tech Vendor Report 2022
The IAPP presents its sixth annual “Privacy Tech Vendor Report.” This issue, the IAPP lists 364 privacy technology vendors.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.