Tag:data protection

1
UK unveils plan to diverge from GDPR
2
Reminder for One-Month Deadline to Implement New SCCs in New Contracts
3
Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack
4
City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure
5
Therapy clients become targets of blackmail campaign
6
EU Court of Justice Invalidates Privacy Shield
7
Privacy Professionals download COVIDSafe App
8
It’s Trace Time! The COVIDSafe App is open for business – Part II
9
“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app
10
You’ve got mail…and lots of it according to the latest OAIC report!

UK unveils plan to diverge from GDPR

Aug 30 2021
Browse archives for August 30, 2021
Posted in

Government Regulation, Legislation & Enforcement

Tagged with , , , , , ,
Share

By Norin McFadden and Claude-Étienne Armingaud

The UK government has announced that it intends to consult on a new, post-Brexit data protection regime, potentially moving away from the UK General Data Protection Regulation that currently underpins the UK’s data protection legislation. The Digital Secretary, Oliver Dowden, said, “It means reforming our own data laws so that they’re based on common sense, not box-ticking.

A public consultation on the new legislation will follow, but it is clear that the United Kingdom must be careful about any changes it makes to its data regime in order to avoid disrupting the EU-UK adequacy decision with EU GDPR awarded just two months ago. The adequacy decision allows personal data from the European Union to flow freely to the United Kingdom (and vice versa), without businesses needing to put any additional paperwork in place. In granting the adequacy decision, the European Union placed particular emphasis on the fact that the United Kingdom was continuing to base its data protection laws on the same EU GDPR rules that had applied when it was a member of the European Union. A European Commission spokesperson commented that the EU will be closely monitoring any developments in UK data laws and noted that: “In case of problematic developments that negatively affect the level of protection found adequate, the adequacy decision can be suspended, terminated or amended, at any time by the Commission.

It will be interesting to see how far the United Kingdom diverges, particularly as the current trend is that other countries seem to be keen to state that their data protection laws closely follow the EU GDPR.

The UK government also announced that its preferred candidate to be the next Information Commissioner, head of the UK data protection regulator, will be John Edwards, currently in charge of New Zealand’s data regulator, a country that also maintains an EU adequacy decision.

Reminder for One-Month Deadline to Implement New SCCs in New Contracts

Aug 27 2021
Browse archives for August 27, 2021
Posted in

Government Regulation, Legislation & Enforcement

Tagged with , , , , , , , , ,
Share

By Jake Bernstein and Jane Petoskey

In early June 2021, the European Commission published a new set of standard contractual clauses (SCCs) effective June 27, 2021 for cross-border data transfers and between controllers and processors.  The new SCCs cover changes in data protection laws, including the invalidation of the EU-US Privacy Shield and the fallout from the Court of Justice of the European Union’s (CJEU) Schrems II opinion (regarding US intelligence laws). The new cross-border data transfer SCCs also use a modular approach to allow for more accurate identification of roles and responsibilities of the contracting parties.  In terms of timing, organizations may use the old SCCs in new contracts until September 27, 2021, and contracts existing before September 27, 2021 must change to the new SCCs by December 27, 2022. For additional information on the SCCs, read our K&L Gates EU Data Protection Alert here.

Please do not hesitate to contact the K&L Gates LLP Cybersecurity and Privacy team of attorneys if you need assistance updating new or existing contracts with the new SCCs by the above deadlines.

Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack

Apr 01 2021
Browse archives for April 01, 2021
Posted in

Breaches, Managing Threats & Attacks, New Developments, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , ,
Share

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Channel Nine has suffered the largest cyber attack on a media company in Australia’s history, according to reports from IT News, the AFR and Nine News.

The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.

Read More

City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure

Feb 18 2021
Browse archives for February 18, 2021
Posted in

Breaches, Managing Threats & Attacks, Privacy, Data Protection & Information Management, Uncategorized

Tagged with , , , , ,
Share

By Cameron AbbottRob Pulham and Jacqueline Patishman

News reports have surfaced reporting that a hacker in the US gained access to the Oldsmar’s water treatment plant system in an attempt to release a corrosive chemical into the Oldsmar’s water supply.

Read More

Therapy clients become targets of blackmail campaign

Oct 27 2020
Browse archives for October 27, 2020
Posted in

Breaches, Privacy, Data Protection & Information Management

Tagged with , , , , , ,
Share

By Cameron Abbott and Keely O’Dowd

Patients of a Finnish psychotherapy centre have become the victims of a blackmail campaign after the centre suffered a data breach. It is reported, the centre’s data was stolen during two attacks, one occurring in November 2018 and the other between the end of November 2018 and March 2019.

A cyber criminal (or criminals) has used the stolen data to contact patients demanding the payment of 200 euros in bitcoin, with this amount increasing to 500 euros if the patient refused to pay within 24 hours. If a patient refused to pay the ransom, the cyber criminal threatened to publish their personal information, including notes from therapy sessions. Around 300 records have been published on the dark web, which suggests patients are refusing to pay the ransom. The centre also received a ransom demand of 500,000 euros for the return of their data, which it has refused to pay.

Read More

EU Court of Justice Invalidates Privacy Shield

Jul 17 2020
Browse archives for July 17, 2020
Posted in

Government Regulation, Legislation & Enforcement, Legal & Regulatory Risk, New Developments, Privacy, Data Protection & Information Management

Tagged with , , , , , , , ,
Share

By Cameron Abbott, Claude Etienne-Armingaud, Rob Pulham, Michelle Aggromito and Keely O’Dowd

On the morning of 16 July 2020, in a significant decision of the Court of Justice of the European Union (CJEU), the Privacy Shield was held to be invalid.

Read More

Privacy Professionals download COVIDSafe App

May 06 2020
Browse archives for May 06, 2020
Posted in

Government Regulation, Legislation & Enforcement, Legal & Regulatory Risk, Managing Threats & Attacks, New Developments, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , , , ,
Share

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Allison Wallace

A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.

Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.

The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.

As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.

It’s Trace Time! The COVIDSafe App is open for business – Part II

Apr 28 2020
Browse archives for April 28, 2020
Posted in

Government Regulation, Legislation & Enforcement, Legal & Regulatory Risk, New Developments, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , ,
Share

By Cameron Abbott, Warwick Andersen, Rob Pulham and Michelle Aggromito

In Part I of this blog, we briefly touched on some of the safeguards that the Commonwealth Government has indicated that they will implement to address privacy concerns. Those proposed new safeguards are intended to satisfy many of the privacy concerns. However, there are additional safeguards that have been implemented in connection with the functionality of the App, which we focus on in Part II here.

Read More

“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

Apr 23 2020
Browse archives for April 23, 2020
Posted in

Government Regulation, Legislation & Enforcement, Legal & Regulatory Risk, New Developments, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , , , , , , , ,
Share

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.

Read More

You’ve got mail…and lots of it according to the latest OAIC report!

Mar 03 2020
Browse archives for March 03, 2020
Posted in

Breaches, Government Regulation, Legislation & Enforcement, Legal & Regulatory Risk, Litigation of Data Breaches, Managing Threats & Attacks, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , , , , , ,
Share

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.