Hello Friends,
Indian Minister of Electronics & Information Technology Ashwini Vaishnaw has confirmed that deliberations are underway over various aspects of the data privacy bill and the government aims to receive the Parliament’s approval by the monsoon session.
He also further rejected prior reports of a potential re-draft of the DPB, calling the bill a "complex subject" that "we should be able to resolve" very soon.
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
ENFORCEMENT
Dutch DPA Imposes 525,000 Euro Penalty on DPG Media
The Netherlands' data protection authority, Autoriteit Persoonsgegevens, fined Belgium-based DPG Media 525,000 euros for EU General Data Protection Regulation violations. The DPA found the media company unnecessarily required proof of identity for individuals to exercise their rights to access or delete data the company held. The identity verification also violated GDPR data minimization requirements.
PHI of 521,000 Individuals Compromised in Security Breach at Morley Companies
Morley Companies, a Saignaw, MI-based provider of business services, has recently announced it was the victim of a cyberattack that started on August 1, 2021, that prevented access to data in its information systems. Rapid action was taken to isolate the affected systems and a leading cybersecurity firm was engaged to investigate and determine the nature and scope of the security incident. In addition to encrypting data on its systems, the attackers exfiltrated certain data from its systems.
Privacy Regulations
Irish DPC Releases Annual Report
Irish Commissioner for Data Protection, Helen Dixon, launched the Irish Data Protection Commission’s Annual Report for 2021, on 24th Feb 2022. According to the Report, the DPC saw a 7% increase in queries and complaints over 2020 and concluded 95% of valid breach notifications received in 2021. The report also notes the DPC’s 225 million euro fine against WhatsApp.
China's Algorithmic Discrimination Rules Take Effect March 1
Rules prohibiting algorithmic discrimination across China's industries came into force on March 1, 2022. The Internet Information Service Algorithmic Recommendation Management Provisions cover a range of algorithmic activities, including a ban on companies using personal characteristics to offer consumers different product pricing while notifying and allowing users to opt-out of algorithm-based recommendations.
Indian IT Minister Expects Resolution on the Data Protection Bill by Monsoon Session
Members of the Indian Parliament remain engaged in amending the draft Data Protection Bill, 2019, with an eye to tabling and passing the legislation during Parliament's Monsoon Session beginning in July.
GLBA Safeguards Rule Updated to Impose New Data Security Requirements
The Federal Trade Commission (FTC) recently announced amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act. The new, revised rule has a significant number of more specific requirements than the current rule, the Commission emphasized that financial institutions still maintain the flexibility to design an information security program that is appropriate to the size and complexity of the financial institution, the nature and scope of its activities, and the sensitivity of any customer information at issue.
Privacy Resources
ICO Releases Guidance on Video Surveillance
The U.K. Information Commissioner's Office published guidelines on the use of video surveillance systems to collect and process personal data. This guidance provides advice for when operating video surveillance systems that view or record individuals. It also covers information that relates to individuals, for example, vehicle registrations captured by Automatic Number Plate Recognition (ANPR) equipment. It explores emerging capabilities that can assist human decision-making, such as the use of Facial Recognition Technology (FRT) and machine learning algorithms.
Australian Data Breaches Up 6% in Second Half of 2021
The Office of the Australian Information Commissioner announced there were 464 data breaches in the second half of 2021, up 6% from the previous reporting period, according to the latest Notifiable Data Breach report published Feb. 22. Information Commissioner and Privacy Commissioner Angelene Falk urged organizations to put accountability at the center of their information handling practices.