Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

On 14 May 2015, the Private Security (Licensing and Standards) (Private Investigator) Regulations 2015 (S.I. No 195 of 2015) were signed into law. The Regulations mark the outcome of a Private Security Authority (PSA) public consultation conducted last January following high profile prosecutions for breaches of data protection law in the Private Investigator (PI) Industry (see previous blogs here and here).

The Regulations, which come into effect on 1 November 2015, shall make it an offence for any contractor to offer a service as a PI without a licence after that date. It

Continue Reading Licensing of Private Investigators mandatory from 1 November 2015

Symantec released their annual Internet Security Threat Report (the Symantec Report) last week (available at http://www.symantec.com/security_response/publications/threatreport.jsp) and it makes for alarming reading. The risk of cyberattack is one that has been brought to the forefront of popular consciousness by the devastating cyberattacks on Sony Pictures Entertainment in 2014 and the Symantec Report shows that 2014 saw a worryingly exponential increase in the number, severity and sophistication of such attacks.Continue Reading Symantec Cyberattack Report a timely reminder of increasing Cyberattack risk

On 1 August 2014, the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) published the first privacy-specific international standard for the cloud: ISO/IEC 27018 "Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors". Early adopters Microsoft announced on 16 February 2015 that it was the first company to receive certification for the standard.Continue Reading First international privacy-specific cloud standard adopted by Microsoft

 A Garda has alleged that his data protection rights were breached when a representative of his Credit Union showed his father his confidential financial statements, which indicated difficulties with his loans.

The man is seeking an order that the Data Protection Commissioner (DPC) conduct an oral hearing into his complaint. Mr Justice Séamus Noonan has granted the man judicial review of the DPC’s refusal of an oral hearing. Continue Reading Man sues DPC for failing to conduct an oral hearing

The Court of Justice of the European Union (CJEU) is due to hear questions concerning the validity of the Safe Harbour regime today, Tuesday 24 March 2015, in Maximillian Schrems v Data Protection Commissioner (Case C-362/14).

As the Safe Harbour regime allows U.S. companies to self-certify that they meet EU data protection rules on the processing of personal data, the case will have important practical implications for companies transferring data to the U.S.Continue Reading European Court considers safety of Safe Harbour

This morning, EU Ministers from the 28 EU countries debated and reached agreement on the proposed "one-stop shop" mechanism at a meeting of the Council of Ministers in Brussels. 

The draft Regulation originally proposed that, a business operating across the EU, would only have to deal with the data protection regulatory authority of the member country where it has its headquarters.Continue Reading EU Ministers agree on “one-stop shop” mechanism

On 25 February 2015, the Department for Culture, Media and Sport announced that it is changing the laws with regard to nuisance calls. 

The Information Commissioner’s Office (ICO) currently has the power to impose heavy fines of up to £500,000 on companies that make marketing calls or messages if the ICO can prove that these unwanted calls or messages caused, or had the potential to cause, ‘substantial damage or distress’. However, from 6 April 2015, this requirement will be removed, allowing the ICO to intervene in more cases and penalise those companies that are breaching the Privacy and Electronic Communications Regulations but fall below the current legal threshold. Continue Reading UK Government announces changes in law in a bid to crack down on nuisance callers

The political machinations continue at EU level and predictions for publication of a final form Data Protection Regulation increasingly refer to 2016 as the likely date. But to read behind the headlines continues to be a useful exercise for corporates who need to give real consideration now to what their regulatory landscape might look like in the not too distant future.

A key issue will be determining the place of “main establishment” which in turn will determine the appropriate lead authority.

If that isn’t clear, or there is disagreement, it is being proposed that an EU Data Protection Board (EDPB) would have power to make a binding determination.Continue Reading Data Protection Reform – One Stop Shop Complexity