Hello Friends,
India's digital population is estimated to be around 700 million. With the rise of emerging technologies and their dependence on data, ensuring the security of this information has become imperative for organisations. The Digital Personal Data Protection Act (DPDPA) Sets forth essential guidelines for the collection, processing, and storage of personal data, ensuring the rights and privacy of individuals are upheld.
By proactively addressing DPDPA compliance, we not only mitigate legal risks but also reinforce trust and credibility with our customers.
“Given the urgency of this matter, we propose starting the compliance process by taking up privacy assessments today to know the organisational gaps and expedite your efforts in aligning with DPDPA requirements. Taking immediate action will help you to be on the path towards compliance.”
Enjoy reading!
Privacy Enforcement
Poland Data Protection Authority fines e-commerce for GDPR violations
Due to a lack of appropriate cyber security measures resulting in a data breach affecting 2.2 million consumers, Poland’s data protection authority Urząd Ochrony Danych Osobowych fines Morele.net an e-commerce platform for GDPR violations. A fine of PLN3.8 million was issued to the business.
Italy’s Data Protection Authority sanctions municipalities
The Garante, Italy's data protection authority, has fined four municipalities for not furnishing their local data protection office's contact details to the agency. This enforcement action is part of an ongoing initiative by the Garante to ensure that municipalities comply with the requirement to provide contact information.
Data Breach
Paramedic services mistakenly send patients' records to the wrong hospital
According to a report by CHCH News, the Hamilton Paramedic Service in Ontario uncovered a mistake wherein patient medical data was erroneously sent to incorrect hospitals over a span of four years. The problem initially came to light in October 2023 when a hospital outside the city flagged it. Following a thorough city audit of 306,000 ambulance transport records, it was determined that 162 patients were affected, though thankfully none of their medical information was disclosed to the public.
Data of 7,400 students & staff compromised as University of Hong Kong experiences data breach
According to The Standard, the University of Hong Kong fell victim to a cyberattack, which led to the compromise of data belonging to around 7,400 students, staff, and academic visitors. The breach exposed personal information such as room booking records, internal guidelines, system management files, as well as meeting agenda papers and minutes.
Privacy in Spotlight
International data transfer rules likely to be relaxed by Shanghai
Reuters reports that the Shanghai government in China is set to simplify the process for approving international data transfers to boost economic development. This streamlined approval mechanism targets specific multinational corporations seeking to transfer their Chinese data abroad. While this new system will be unique to Shanghai, businesses in other regions will continue to adhere to data transfer regulations governed by the Cyberspace Administration of China.
Regulations
ASEAN releases a guide on transborder data flow within the EU.
The Biden administration is in the process of formulating an executive order aimed at preventing foreign adversaries from accessing highly sensitive personal data pertaining to Americans and individuals associated with the U.S. government. This move comes to prevent the exploitation of data for blackmail and espionage.
Information and Privacy Commissioner of Ontario issues guidance on Facial recognition databases
The Office of the Information and Privacy Commissioner of Ontario issued guidance concerning the utilization of facial recognition technology and mugshot databases by law enforcement agencies. This guidance aims to address concerns related to privacy and bias. It advises police to retain mugshots solely for convicted individuals and underscores the importance of regularly reviewing and deleting unnecessary personal data to uphold privacy standards.
Brazil's DPA releases guidance on Legitimate interests
The Autoridade Nacional de Proteção de Dados, Brazil's data protection authority, has released guidance aimed at clarifying the legal conditions that constitute legitimate interest for processing personal data. The guidance emphasizes the importance of conducting a balancing test between purpose, necessity, and safeguards to ensure lawful data processing.
South Korea's PIPC unveils its policy on processing behavioral data.
The Personal Information Protection Commission of South Korea has introduced a policy plan concerning the handling of data utilized for behavioral advertising purposes. According to this policy, all processing of online behavioral data for personalized advertising must adhere to the user's right to consent to any further processing of their data at every stage of its lifecycle.