Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

Symantec released their annual Internet Security Threat Report (the Symantec Report) last week (available at http://www.symantec.com/security_response/publications/threatreport.jsp) and it makes for alarming reading. The risk of cyberattack is one that has been brought to the forefront of popular consciousness by the devastating cyberattacks on Sony Pictures Entertainment in 2014 and the Symantec Report shows that 2014 saw a worryingly exponential increase in the number, severity and sophistication of such attacks.Continue Reading Symantec Cyberattack Report a timely reminder of increasing Cyberattack risk

On 1 August 2014, the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) published the first privacy-specific international standard for the cloud: ISO/IEC 27018 "Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors". Early adopters Microsoft announced on 16 February 2015 that it was the first company to receive certification for the standard.Continue Reading First international privacy-specific cloud standard adopted by Microsoft

 A Garda has alleged that his data protection rights were breached when a representative of his Credit Union showed his father his confidential financial statements, which indicated difficulties with his loans.

The man is seeking an order that the Data Protection Commissioner (DPC) conduct an oral hearing into his complaint. Mr Justice Séamus Noonan has granted the man judicial review of the DPC’s refusal of an oral hearing. Continue Reading Man sues DPC for failing to conduct an oral hearing

The Court of Justice of the European Union (CJEU) is due to hear questions concerning the validity of the Safe Harbour regime today, Tuesday 24 March 2015, in Maximillian Schrems v Data Protection Commissioner (Case C-362/14).

As the Safe Harbour regime allows U.S. companies to self-certify that they meet EU data protection rules on the processing of personal data, the case will have important practical implications for companies transferring data to the U.S.Continue Reading European Court considers safety of Safe Harbour

This morning, EU Ministers from the 28 EU countries debated and reached agreement on the proposed "one-stop shop" mechanism at a meeting of the Council of Ministers in Brussels. 

The draft Regulation originally proposed that, a business operating across the EU, would only have to deal with the data protection regulatory authority of the member country where it has its headquarters.Continue Reading EU Ministers agree on “one-stop shop” mechanism

On 25 February 2015, the Department for Culture, Media and Sport announced that it is changing the laws with regard to nuisance calls. 

The Information Commissioner’s Office (ICO) currently has the power to impose heavy fines of up to £500,000 on companies that make marketing calls or messages if the ICO can prove that these unwanted calls or messages caused, or had the potential to cause, ‘substantial damage or distress’. However, from 6 April 2015, this requirement will be removed, allowing the ICO to intervene in more cases and penalise those companies that are breaching the Privacy and Electronic Communications Regulations but fall below the current legal threshold. Continue Reading UK Government announces changes in law in a bid to crack down on nuisance callers

The political machinations continue at EU level and predictions for publication of a final form Data Protection Regulation increasingly refer to 2016 as the likely date. But to read behind the headlines continues to be a useful exercise for corporates who need to give real consideration now to what their regulatory landscape might look like in the not too distant future.

A key issue will be determining the place of “main establishment” which in turn will determine the appropriate lead authority.

If that isn’t clear, or there is disagreement, it is being proposed that an EU Data Protection Board (EDPB) would have power to make a binding determination.Continue Reading Data Protection Reform – One Stop Shop Complexity

This decision confirms that it is sufficient that the allegedly infringing content is accessible online from a certain Member State, for the courts situated in that territory to have jurisdiction.

In Pez Hejduk v EnergieAgentur, NRW GmbH, Case C-441/13 (22 January 2015) the CJEU considered the question as to where a copyright owner can bring proceedings for infringement when a third party makes work available online for viewing and downloading without consent.Continue Reading Online copyright infringement – where can you sue?

The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.Continue Reading Data Protection Commissioner reviews 2014 and sets out plans for 2015

The Department of Education and Skills is currently creating an individualised database of primary school students; the Primary Online Database (POD). The POD will gather personal data and sensitive personal data about pupils, such as information about ethnic and cultural background, religion, medical conditions, students with special needs and students’ Personal Public Service Numbers (PPSN). The POD will be shared with other state bodies, including the Central Statistics Office, the Department of Social Protection, the Department of Public Expenditure and Reform and the Revenue Commissioners. Continue Reading A permanent record (or at least until you turn 30)