October 25, 2012
October 18, 2012
April 19, 2012
March 17, 2012
The PDPA does not provide for single oversight body and does not create a data protection authority. Enforcement is left to the Ministries responsible for each industry sector. The Act in chapter V provides for provisions on the criminal offences. Interestingly, like the Korean new law, the PDPA allows damages action as well as class action be taken companies and organisations.
March 16, 2012
During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago. The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.
Read the article: http://gigalaw.com/2012/03/14/lawmakers-focus-on-cyberattacks-on-infrastructure/ (Source: The New York Times)
March 1, 2012
Read the article: http://gigalaw.com/2012/02/28/french-agency-says-googles-privacy-policy-may-be-illegal/ (Source: The New York Times)
February 23, 2012
Legal authorities said that a High Court judge in England has approved the use of Facebook to serve legal claims. Lawyers in a commercial dispute were granted permission to serve a suit against a defendant via the popular social networking site.
Read the article: http://gigalaw.com/2012/02/21/british-judge-allows-serving-claims-via-facebook/ (Source: The Washington Post)
January 29, 2012
Professor Abu Bakar Munir
In June 2011, the Philippines House of Representatives passed the Data Privacy Bill. Subsequently, the proposed law was considered by the Senate in its second regular session and some changes were adopted. Understandably, the proposed law seeks to protect personal information. Like the data protection laws around the world, the suggested Act, in both versions, specify the privacy or data protection principles, rights of the data subjects, and penalties for the breach of the law.
Under the General Data Privacy Principles, the processing of personal information must be based on the principles of transparency, legitimate purpose and proportionality. Specifically, personal information must be collected for specified and legitimate purpose. The personal information must be relevant, accurate, adequate and not excessive for the purposes that it is collected. Personal information can be retained as long as necessary for the fulfilment of the purposes.
The House of Representatives’ draft law requires that personal information must be processed fairly and lawfully. The Senate dropped out the word “fairly”. So, the Senate’s version only requires the data controller to ensure that the processing is lawful. The Senate added the Principle of Accountability, which is non-existence under the House of Representatives’ version. Under this Principle, every data controller is accountable to comply with the proposed Act and also be accountable for the action or inaction of the data processor. Each data controller is required to designate an individual that will be responsible to ensure compliance.
Both versions of the proposed law provide for several rights to the individual. They are the right to be informed whether an individual’s data is being processed, to have access to personal data and to correct. Remarkably, the proposed law gives a right to the data subject to suspend, block, remove or destruct personal information from the data controller’s filing system if the information is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or direct marketing. Another interesting point is that the proposed law gives a right to the data subject to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
The proposed Act distinguishes personal information and sensitive personal information. The latter, is defined, in a very broad manner by the House of Representatives to include an individual’s race, ethnic origin, marital status, age, genetic or sexual life and education. The Senate, however, does not regard factors such as age, marital status and education as sensitive information.
The major difference relates to the enforcement body. The House of Representatives desires to use the existing organisation, the Commission on Information and Communications Technology (CICT), to enforce the Act. In contrast, the Senate prefers a new entity called the National Privacy Commission to be established to do the job.
January 27, 2012
January 25, 2012
January 11, 2012
January 5, 2012
A group of Saudi hackers dubbed Group-XP claimed to have posted the personal information of nearly half a million Israelis online, though credit card companies said the number of compromised records is actually much lower. The hackers said they broke into one of Israel’s top sports Web sites, One.co.il, and redirected visitors to a site where they could download a file containing the personal information of 400,000 Israelis.
Read the article: http://gigalaw.com/2012/01/03/saudi-hackers-post-personal-info-on-israelis/ (Source: PCMag.com)