Ireland’s DPA releases GDPR guidelines and checklist

Ireland’s Data Protection Commissioner has released a guidelines and checklist template to assist organisations in ensuring compliance with the General Data Protection Regulation (GDPR). In particular documents provide guidance and assistance in creating data processing activities register, establishing lawful basis for processing data, data retention periods, ensuring data subject rights, data accuracy, transparency requirements, data security, data breaches and international data transfers.

Download templates:

UN Privacy Rapporteur releases Draft Legal Instrument on Government-led Surveillance and Privacy

On 10 January 2018 the United Nations Special Rapporteur on the right to privacy, Joseph Cannataci, released the Draft Legal Instrument on Government-led Surveillance and Privacy. It aims at giving clear and detailed guidance for the area of government-led or organized surveillance using electronic means.

Read the Draft Legal Instrument here.

A phishing attack scored credentials for more than 50,000 Snapchat users

In late July, Snap’s director of engineering emailed the company’s team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company’s users: a publicly available list, embedded in a phishing website named klkviral.org, that listed 55,851 Snapchat accounts, along with their usernames and passwords.

Source: A phishing attack scored credentials for more than 50,000 Snapchat users – The Verge

Facebook, Google and Twitter to make their terms of services GDPR compliant

European Commission together with EU consumer authorities published the changes Facebook, Twitter and Google+ made to their terms of services, to align them with the EU consumer protection rules and to ensure the rapid removal of illegal commercial content upon notification.

These changes will benefit more than a quarter billion of EU consumers who use social media. They come as the result of a joint action by national enforcers of the Consumer Protection Cooperation (CPC) Network led by the French authorities and facilitated by the Commission, which started at the end of 2016.

Source: JUST Newsroom – Facebook, Google and Twitter accept to change their terms of services to make them customer-friendly and compliant with EU rules – European Commission

Box intros new services to help customers prepare for GDPR requirements

Box is rolling out new services that aim to help its customers comply with the European Union’s General Data Protection Regulation (GDPR) requirements that go into effect in May.

The cloud storage company is first launching an electronic self-service addendum that lists all of the approved legal mechanisms for data processing required by the GDPR. Once signed, Box customers can then provide the Data Processing Addendum (DPA) to third-party auditors to verify that their use of Box meets GDPR’s compliance requirements.

Source: Box intros new services to help customers prepare for GDPR requirements | ZDNet

A Strong Privacy Policy Can Save Your Company Millions

Cyberattacks are on the rise, with over 1,000 data breaches occurring at U.S. organizations in 2016 alone, most often through hacking or external theft. And it isn’t only violated firms that are hurt by these incidents. Studying hundreds of data breaches, our research has found that they create significant ripples that affect other companies in the industry.

Source: Research: A Strong Privacy Policy Can Save Your Company Millions

‘Cryptojackers’ Dig Into Your Phone to Mine Their Coins Cheaply

There’s a chance your computer or phone is quietly producing a cryptocurrency called Monero. Criminals looking to commandeer massive processing power to unlock new Monero coins have unleashed an epidemic of malicious software that burrows deep into victims’ web browsers to surreptitiously run calculations.

Source: ‘Cryptojackers’ Dig Into Your Phone to Mine Their Coins Cheaply – Bloomberg

Privacy policies can conflict with personalized learning, but they don’t have to

There does not have to be tension between implementing personalized learning for students and safeguarding those same students’ privacy through data protection policies, says a new report from the National Association of State Boards of Education (NASBE).

The report, “Advancing Personalized Learning through Effective Use and Protection of Student Data,” argues that state policymakers — legislators as well as school boards — can develop laws, regulations and policies that allow effective use of data by schools, teachers, parents and students. But a number of states have instead enacted policies that hamper the use of data that would improve personalized learning programs.

Source: Privacy policies can conflict with personalized learning, but they don’t have to, NASBE finds

Facebook ordered to stop collecting user data by Belgian court

Facebook has been ordered by a Belgian court to stop collecting data on users or face daily fines of €250,000 a day, or up to €100m. The court ruled on Friday that Facebook had broken privacy laws by tracking people on third-party sites in the latest salvo in a long-running battle between the Belgian commission for the protection of privacy (CPP) and the social network.

Source: Facebook ordered to stop collecting user data by Belgian court | Technology | The Guardian

>