News – Privacy Associates International LLC
- Australian Information Commissioner’s Office Releases Report on Notifiable Data Breach Scheme (9/5/2018)
The Office of the Australian Information Commissioner (OAIC) released its second quarterly statistics report into the Notifiable Data Breach Scheme on 31 July 2018 (Report). The Report provides further insight into the operation of the new scheme, which commenced February this year. The scheme provides for mandatory reporting of ‘eligible’ data breaches to the OAIC and to potentially affected individuals. Whether a data breach is eligible depends on whether the unauthorised disclosure, or loss, of data is likely to result in serious harm to affected individuals.
The OAIC recorded over 200 data breach notifications in the Report period between 1 April and 30 June 2018. In total, the OAIC received 242 data breach notifications in the second quarter of 2018, taking the total number of notifications received since the scheme’s implementation to 305.
- The Assistance and Access Bill 2018 (9/5/2018)
Encryption and other forms of electronic protection are vital security measures that protect private, commercial and Government data and make the communications and devices of all people more secure. However, these security measures are also being employed by terrorists, child sex offenders and criminal organisations to mask illegal conduct. The exploitation of modern communications technology for illicit ends is a significant obstacle to the lawful access of communications by Australia’s law enforcement and national security agencies. To address these threats, the Australian Government has developed the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era.
- Dutch DPA checks on appointment of mandatory DPOs (8/30/2018)
After the effective enforcement date for the General Data Protection Regulation (GDPR) the Dutch Data Protection Authority (DDPA) carried out random checks on organizations assessing the level of GDPR compliance. The DDPA performed checks on 91 hospitals and 33 health insurers regarding appointment and registration of the (mandatory) data protection officer (DPO). On 16 August 2018 two of these hospitals had not yet appointed a DPO. The DDPA granted these hospitals a four week period to comply with this requirement, subjecting them to a possible fine if failing to do so. In almost 25% of the cases the DDPA found that the contact details of the DPO were not accessible or made available at all, as seventeen hospitals and two insurers had failed to include such contact details on their website completely. Moreover, in the cases where the hospitals and insurers did provide such information on their websites, the DDPA found that three of the hospitals and one insurer did not provide a direct email address or phone number to the DPO. Full story at https://www.loyensloeff.com/en-us/news-events/news/life-sciences-bit-dutch-dpa-checks-on-appointment-of-mandatory-dpos