Privacy Transformation - Issue 207
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Concerns raised as teachers required to use controversial PSC card for online payslips
The mandating of teachers to get a public services card (PSC) in order to receive a new digital payslip has been branded “potentially discriminatory”.
New ICCL complaint against European Commission at EU Ombudsman
ICCL has brought a new complaint against the European Commission to the EU Ombudsman for 56 month GDPR monitoring data deficit.
🔗 RELATED: Irish Civil Society Dogs Irish DPC With GDPR Criticism
✍🏻 Opinion: GDPR five years on: Time for Irish tech firms to take stock
Griffith College’s Steven Roberts looks at what companies need to think about as we approach the five-year anniversary of the GDPR.
EU institutions near agreement on business-to-government data sharing
The Data Act’s chapter on business-to-government (B2G) data sharing, which would empower the public sector to access private data, is one of the most advanced parts of the negotiations – although some political issues remain.
✍🏻 Opinion: 'Caveat venditor': Privacy compliance consulting at the precipice of practicing law
Lawyers and law firms operate in a heavily regulated industry, with strict standards of professional practice to ensure client safety and confidence. Nonlawyer consultants are also, perhaps sometimes unknowingly, regulated insofar as they cannot cross the threshold into providing legal advice to clients, termed the unauthorized practice of law because they are not lawyers licensed to practice law in the client’s locale. This blog explores the threshold of the unauthorized practice of law and the risks of going over it.
💡 Insights: Filling the void? The 2023 state privacy laws and consumer health data
Over decades, observers have witnessed the emergence of a void within U.S. privacy law with respect to the protection of health information. Due to limitations in the scope of the Health Insurance Portability and Accountability Act, a broad array of health data, such as that collected by mobile devices, apps or wearable fitness trackers, has remained mostly outside the law’s reach. Indeed, privacy expert James Dempsey has even estimated "the majority of health-related data" may fall outside of HIPAA’s scope.
SECURITY & TECH
Expert warns of cyber risks for HSE without full IT upgrade
A failure to upgrade old IT systems and applications has left the Health Service Executive open to another cyber attack, a former head of digital transformation at the HSE has warned.
ChatGPT resumes service in Italy after adding privacy disclosures and controls
A few days after OpenAI announced a set of privacy controls for its generative AI chatbot, ChatGPT, the service has been made available again to users in Italy — resolving (for now) an early regulatory suspension in one of the European Union’s 27 Member States, even as a local probe of its compliance with the region’s data protection rules continues.
💡 Insights: The latest in homomorphic encryption: A game-changer shaping up
Privacy professionals are witnessing a revolution in privacy technology. The emergence and maturing of new privacy-enhancing technologies that allow for data use and collaboration without sharing plain text data or sending data to a central location are part of this revolution.
DATA BREACH
Capita: Watchdog warns pension funds over data after hack
The Pensions Regulator has asked trustees responsible for funds that use Capita as an administrator to assess whether clients' data is at risk.
The Tragic Fallout From a School District’s Ransomware Breach
Ransomware gangs have long sought pain points where their extortion demands have the greatest leverage. Now an investigation from NBC News has made clear what that merciless business model looks like when it targets kids: One ransomware group's giant leak of sensitive files from the Minneapolis school system exposes thousands of children at their most vulnerable.
Hackers leak images to taunt Western Digital's cyberattack response
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach.
Brightline data breach impacts 783K pediatric mental health patients
Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.
ENFORCEMENT
Meta faces ‘colossal’ fine from data protection body
Facebook-owner Meta faces a “colossal” fine from the Irish Data Protection Commission in the coming weeks, industry insiders have told the Business Post. More significantly for the company, insiders said that the possibility that the company will have to halt data transfers from the EU to its US servers is “very real”.
GUIDANCE & OPINIONS
DPC: Data Protection in the Workplace: Employer Guidance
This guidance document is specifically aimed at assisting employers as data controllers regarding their data processing obligations and duties when processing the personal data of their employees, former employees and prospective employees.
EDPS: Road Safety and Privacy
The EDPS issued three Opinions on three Proposals of the European Commission that are part of the “Road Safety package”. This includes a Proposal on cross-border exchange of information concerning road-safety-related traffic offenses; one on driving licences; and one on a new proposed Directive on the EU-wide effect of certain driving disqualifications concerning major offenses related to road safety. [Read Opinions]
RESOURCES
📘 Paper: Global Data Privacy Laws 2023: 162 National Laws and 20 Bills
This paper is part of the 8th series of assessments of developments of data privacy laws since 2011. It assesses the new data privacy laws and Bills since 2021. Other papers in the series assess the current state of international agreements on data privacy, and of international cooperation among data protection authorities. The Tables which document these matters for all countries are published separately.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!