Search

Sunday, March 11, 2018

Blockchain and healthcare privacy laws just don't mix

Blockchain and healthcare privacy laws just don't mix | Healthcare IT News:



"while the digital ledger technology has promise, blockchain will struggle to dovetail with the existing realities of privacy law."



'via Blog this'

The Blockchain-GDPR Paradox: a seriously under-appreciated problem

"The way GDPR is formulated, we cannot store data directly on the blockchain since in GDPR terms ‘it is not erasable’. This prohibits us from using this technology to its full potential, so we need to rely on ‘older’ systems for storing data" - Andries Van Humbeeck @wearetheledger

The Blockchain-GDPR Paradox – wearetheledger – Medium

It should be noted that any use of blockchain that allows correlation of record header or meta data is also going to fall foul of privacy rules and requirements besides edit/erase.

For example, medical privacy might not be well-served by a publicly readable blockchain from which Bob can deduce that Alice visited a fertility clinic three times this month (for various scenarios in which Bob and Alice may know each other, or not).

'via Blog this'

Useful GDPR resources (and countdown clock) from ESET UK

In May 2018, a new EU-wide data protection regulation comes into force...This site is designed to help you understand the GDPR, quantify the requirements, and offer solutions. The General Data Protection Regulation (GDPR) will affect every organisation in Europe that handles personal data of any kind. It will also affect any company that does business in the EU.

https://www.eset.com/uk/gdpr/solutions/

Not the official EU GDPR home page, but v. useful info

"This website is a resource to educate the public about the main elements of the General Data Protection Regulation (GDPR). After four years of preparation and debate, the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those organizations in non-compliance may face heavy fines. "

Home Page of EU GDPR


Thursday, May 25, 2017

GDPR: 365 days until enforcement begins

On this date, May 25th, in the year 2018, something called the General Data Protection Regulation (GDPR) will go into effect. That means your company, and every other company in the world, should already have a good answer to this question: “How will GDPR affect us?”

I have written about the far-reaching privacy and cybersecurity impacts of this regulation here. And I will be Tweeting about #GDPR on @GDPRnews as the enforcement date in 2018 draws closer.

Bear in mind that GDPR is a set of rules governing the privacy and security of personal data that is being implemented by the European Commission, but applies to many companies located OUTSIDE the European Union (EU).

For a start, GDPR gives data protection, and recourse for abuse or exposure of sensitive personal information, to residents of Europe, not just European citizens. So, even if you're in Idaho, selling motorcycle accessories via a website hosted in Chicago, and some of your current or former customers or prospects live in the EU, you could still be affected.

How? Well, here's just one example: the "Right to erasure" in GDPR, Article 17. That means you could get a letter or email from someone asking you - "the controller" in this context - to remove them from your mailing list and or customer list. If that sounds like no big deal, I assume you know where all of your customer and marketing data resides, and you have an easy way to look people up and remove them.

That's not even getting into questions of when and with whom you may have shared the data without the data subject's explicit consent (and implicit consent cannot be grandfathered in). So let's say you have names and email addresses of people who have registered on your site as shoppers but you have assumed they would also like to know about motorcycling events and therefore shared their details with event organizers without explicit permission. That's not allowed anymore.

And so on...stay tuned!

Tuesday, May 24, 2016

GDPR: Potential fines for data security breaches more severe for data controllers than processors

GDPR: Potential fines for data security breaches more severe for data controllers than processors • The Register:

"One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is a new statutory obligation on data security that data processors must observe above and beyond contractual duties agreed with data controller customers."

How to handle the new US-EU data regulations: Model contracts and punishments | TechRadar

How to handle the new US-EU data regulations: Model contracts and punishments | TechRadar:

"Many businesses have implemented alternative methods of data protection compliance, including the use of model contracts," says Ashley Winton, Partner and UK head of data protection and privacy at international law firm Paul Hastings LLP, and Chairman of the UK Data Protection Forum.

Sunday, May 15, 2016

GDPR: Getting Ready for the New EU General Data Protection Regulation

GDPR: Getting Ready for the New EU General Data Protection Regulation | Information Law Group: The GDPR goes into effect "beginning on May 25, 2018, replacing the national laws and regulations based on the venerable 1995 EU Data Protection Directive and reaching companies that target EU consumers from outside the EU."

Save the Date: GDPR goes into effect May 25, 2018 - Lexology

Save the Date: GDPR goes into effect May 25, 2018 - Lexology: "We now have a precise date for the European Union’s General Data Protection Regulation to go into effect: May 25, 2018. The official version has been published and is available here. The GDPR, in its official published version, contains 87 densely-packed pages of recitals and articles..."



'via Blog this'

Monday, May 9, 2016

Privacy Counsel High Demand, Low Supply Raises Costs | Bloomberg BNA

Privacy Counsel High Demand, Low Supply Raises Costs

Is there a GDPR effect yet, or will GDPR make this an even tougher problem?

http://www.bna.com/privacy-counsel-high-n57982070848/

Saturday, May 7, 2016

A Global Privacy Rights Movement Poses New Business and Economic Risks | Intralinks

A Global Privacy Rights Movement Poses New Business and Economic Risks | Intralinks: "Over 70% of respondents expect to increase spending in order to meet data sovereignty requirements, 30% expect budgets to rise by more than 10% over the next two years"



'via Blog this'

Monday, April 4, 2016

British mobile phone users’ movements 'could be sold for profit’ | World news | The Guardian

"Customers do have a legal right to opt out of location tracking for marketing purposes and, with the forthcoming European General Data Protection Regulation, will soon be able to demand that their location data is deleted"

http://www.theguardian.com/world/2016/apr/04/mobile-phone-users-movements-are-tracked-and-sold-for-profit

Saturday, February 27, 2016

Tuesday, February 9, 2016

The Tort of Intrusion Upon Seclusion Meets Class Action Certification: Part II

Helpful Canadian perspective from Consumer & Retail Advisor

http://www.consumerretailadvisor.com/2014/07/the-tort-of-intrusion-upon-seclusion-meets-class-action-certification-part-ii/

From Safe to Schrems to Shield - MoFo on the EU Privacy Landscape

From Safe to Schrems to Shield - Shifting Grounds in the EU Privacy Landscape > Morrison Foerster: "Last week, in the midst of WP29 meetings that could have led to the invalidation of data transfers to the United States under the alternative data transfer mechanisms, the EU and U.S. authorities announced that they had reached an agreement on a revised Safe Harbor. The WP29 immediately reacted. This alert examines these developments and their implications in the near term."



'via Blog this'

UK lawmakers criticise surveillance bill over privacy concerns

UK lawmakers criticise surveillance bill over privacy concerns

http://in.mobile.reuters.com/article/idINKCN0VI0YD?irpc=932

Saturday, February 6, 2016

Safe Harbor 2.0: Confusion Reigns As US, EU Send Mixed Messages Over ‘Privacy Shield’ Data-Sharing Rules

"So with Safe Harbor invalidated, alternatives simply too onerous to implement and the details of Privacy Shield still to be finalized, it's unclear whether thousands of companies potentially still using Safe Harbor are going to face enforcement actions."

Safe Harbor 2.0: Confusion Reigns As US, EU Send Mixed Messages Over ‘Privacy Shield’ Data-Sharing Rules

“What we actually have here is a desperate PR effort to buy more time before the EU Commission and the U.S. have to face the consequences of the legal incompatibility between the EU’s Charter of Fundamental Rights and the U.S.’ commitment to mass surveillance,” Simon McGarr, an Irish lawyer specializing in internet protocol and law, said

What businesses need to know about Privacy Shield | PCWorld

What businesses need to know about Privacy Shield | PCWorld: "April is the soonest Europe's data-protection authorities are likely to be able to finish their legal analysis, according to the Article 29 Working Party, the EU body representing those DPAs."



'via Blog this'

The New “EU-US Privacy Shield” | Information Law Group

"According to today’s press release from the European Commission, the new focus is on transparency and recourse for government surveillance, but there is also a commitment to more rigorous enforcement. "

The New “EU-US Privacy Shield” | Information Law Group

From the press release: “For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement."

Saturday, January 30, 2016

Tuesday deadline looms over US-EU privacy pact

Tuesday deadline looms over US-EU privacy pact | TheHill: "Negotiators have only until Feb. 2 to strike a deal ensuring that commercial data transfers between Europe and the U.S. are able to continue after a critical 2000 agreement was struck down over privacy concerns last fall."



'via Blog this'