October 25, 2012
I've been invited by the University of Oxford
October 18, 2012
French Regulator Says Google Violates EU Privacy Rules
April 19, 2012
KOREAN NEW DATA PROTECTION ACT
March 17, 2012
TAIWAN'S NEW DATA PROTECTION ACT
The PDPA does not provide for single oversight body and does not create a data protection authority. Enforcement is left to the Ministries responsible for each industry sector. The Act in chapter V provides for provisions on the criminal offences. Interestingly, like the Korean new law, the PDPA allows damages action as well as class action be taken companies and organisations.
March 16, 2012
Lawmakers Focus on Cyberattacks on Infrastructure
During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago. The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.
Read the article: http://gigalaw.com/2012/03/14/lawmakers-focus-on-cyberattacks-on-infrastructure/ (Source: The New York Times)
March 1, 2012
French Agency Says Google’s Privacy Policy May Be Illegal
The French data protection authority said that Google’s new privacy policy appeared to violate European Union law, raising the stakes in a showdown with the company only days before it planned to put the new system into effect. Google announced the new policy last month, billing it as a way to streamline and simplify the privacy practices it employed worldwide across about 60 different online services, and to introduce greater clarity for users.
Read the article: http://gigalaw.com/2012/02/28/french-agency-says-googles-privacy-policy-may-be-illegal/ (Source: The New York Times)
February 23, 2012
British Judge Allows Serving Claims via Facebook
Legal authorities said that a High Court judge in England has approved the use of Facebook to serve legal claims. Lawyers in a commercial dispute were granted permission to serve a suit against a defendant via the popular social networking site.
Read the article: http://gigalaw.com/2012/02/21/british-judge-allows-serving-claims-via-facebook/ (Source: The Washington Post)
January 29, 2012
THE PROPOSED PHILIPPINES DATA PRIVACY ACT
Professor Abu Bakar Munir
In June 2011, the Philippines House of Representatives passed the Data Privacy Bill. Subsequently, the proposed law was considered by the Senate in its second regular session and some changes were adopted. Understandably, the proposed law seeks to protect personal information. Like the data protection laws around the world, the suggested Act, in both versions, specify the privacy or data protection principles, rights of the data subjects, and penalties for the breach of the law.
Under the General Data Privacy Principles, the processing of personal information must be based on the principles of transparency, legitimate purpose and proportionality. Specifically, personal information must be collected for specified and legitimate purpose. The personal information must be relevant, accurate, adequate and not excessive for the purposes that it is collected. Personal information can be retained as long as necessary for the fulfilment of the purposes.
The House of Representatives’ draft law requires that personal information must be processed fairly and lawfully. The Senate dropped out the word “fairly”. So, the Senate’s version only requires the data controller to ensure that the processing is lawful. The Senate added the Principle of Accountability, which is non-existence under the House of Representatives’ version. Under this Principle, every data controller is accountable to comply with the proposed Act and also be accountable for the action or inaction of the data processor. Each data controller is required to designate an individual that will be responsible to ensure compliance.
Both versions of the proposed law provide for several rights to the individual. They are the right to be informed whether an individual’s data is being processed, to have access to personal data and to correct. Remarkably, the proposed law gives a right to the data subject to suspend, block, remove or destruct personal information from the data controller’s filing system if the information is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or direct marketing. Another interesting point is that the proposed law gives a right to the data subject to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
The proposed Act distinguishes personal information and sensitive personal information. The latter, is defined, in a very broad manner by the House of Representatives to include an individual’s race, ethnic origin, marital status, age, genetic or sexual life and education. The Senate, however, does not regard factors such as age, marital status and education as sensitive information.
The major difference relates to the enforcement body. The House of Representatives desires to use the existing organisation, the Commission on Information and Communications Technology (CICT), to enforce the Act. In contrast, the Senate prefers a new entity called the National Privacy Commission to be established to do the job.
January 27, 2012
THE PROPOSED SINGAPORE DATA PROTECTION ACT
January 25, 2012
PERSONAL DATA PROTECTION ACT 2010: BUSINESS AS USUAL?
January 11, 2012
January 5, 2012
SAUDI HACKERS POST PERSONAL INFO ON ISRAELIS
A group of Saudi hackers dubbed Group-XP claimed to have posted the personal information of nearly half a million Israelis online, though credit card companies said the number of compromised records is actually much lower. The hackers said they broke into one of Israel’s top sports Web sites, One.co.il, and redirected visitors to a site where they could download a file containing the personal information of 400,000 Israelis.
Read the article: http://gigalaw.com/2012/01/03/saudi-hackers-post-personal-info-on-israelis/ (Source: PCMag.com)