SAI Global GRC Community

GRC COMMUNITY
Building Organizational Integrity.
News >> Privacy and Data Protection

France's data protection authority the Commission nationale de l'informatique et des libertés (CNIL) has announced that it has ceased its monitoring of SAS Hypercosmos, since the shopping centre operator has fully complied with a CNIL request to end the excessive use of video surveillance and biometrics.

Read more...

The United Kingdom Information Commissioner's Office (ICO) has fined (21 July 2014) online travel services provider Think W3 £150,000 after a "serious breach" of the Data Protection Act 1998 c. 29 (UK) that "revealed thousands of people's details to a malicious hacker".

Read more...

The United States Securities and Exchange Commission (SEC) has ordered (25 July 2014) alternative trading system (ATS) operator and Citigroup unit LavaFlow to pay a total of US$5 million to settle charges that it "fail[ed] to protect the confidential trading data of its subscribers".

Read more...

The Office of the Privacy Commissioner of Canada (OPCC) published Wearable Computing - Challenges and opportunities for privacy protection (undated), a report by the OPCC research group, on 3 July 2014. The report aims to "provide the OPCC with a better understanding of the privacy implications of wearable computing technologies[,] as a foundation for the OPCC's advice to Parliament, policy position development and future compliance activities".

Read more...

The United States Federal Trade Commission (FTC) has published Data Brokers - A Call for Transparency and Accountability (May 2014), a report resulting from an FTC study of nine data brokers "to shed light on the data broker industry". The overall finding of the report is that "data brokers operate with a fundamental lack of transparency".

Read more...

Google has made available an online form for users to request that Google remove search results for queries that include their name where those results are "inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed". The form implements a recent ruling (13 May 2014) by the Court of Justice of the European Union, which found that certain users can ask search engines to remove search results for the above reasons.

Read more...

The Information Commissioner's Office (ICO) has advised that Student Loans Company Limited (SLCL) has signed an undertaking (undated) to comply with the seventh data protection principle, following three separate incidents involving the disclosure of documents containing sensitive customer information, including medical details and a psychological assessment, to the incorrect people.

Read more...

The Data Inspection Board (DIB) has made available Personal Information In Social Media (May 2014 - Swedish language version available only), a guide detailing the requirements under data protection law imposed upon organisations that use social media such as Facebook, YouTube, Instagram, LinkedIn, Google Plus, Flickr and Pinterest.

Read more...

Online music streaming service Spotify has published a notice (27 May 2014) advising users of an information security breach that compromised the non-financial data of one of its users. Spotify states that it "will be asking certain Spotify users to re-enter their username and password to log in over the coming days" as a general precaution, and as a further precaution will guide users on the Android operating system to upgrade their Spotify software.

Read more...

The United States (US) Federal Trade Commission (FTC) has advised that clothing manufacturer American Apparel (AA) has agreed to a proposed settlement agreement (undated) in relation to FTC charges that AA "deceptively claimed [through statements in its privacy policy that] it held current certifications under the US-[European Union] and US-Swiss Safe Harbor frameworks" even though it had allowed its certifications to lapse.

Read more...

© 2013 SAI Global Limited ABN 67 050 611 642

Login

LOG IN

Register

User Registration
or Cancel