Assess data protection impact before conducting internal investigations

Businesses that plan to carry out internal investigations into the conduct of their employees or agents are likely to need to carry out data protection impact assessments (DPIAs) first, DPIAs are now mandatory in certain circumstances under the GDPR.

Source: Assess data protection impact before conducting internal investigations

US court cases reflects ‘social shift’ in how data is viewed

Two recent decisions in two different federal appeals courts regarding who has the right to sue over data breaches reflect a “social shift” in how “we view our data,” according to an attorney specializing in privacy law.

Source: Recent decisions to grant standing in data breach cases reflects ‘social shift’ in how data is viewed | Cook County Record

Council of Europe updates Convention 108

On May 18 the Council of Europe adopted an amending Protocol which updates its data protection convention, known as “Convention 108”.

The modernisation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the only existing legally binding international treaty with global relevance in this field, addresses the challenges to privacy resulting from the use of new information and communication technologies, and strengthens the convention’s mechanism to ensure its effective implementation.

Source: Enhancing data protection globally: Council of Europe updates its landmark convention – Newsroom

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May – but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won’t be ready. The delay will cause legal uncertainty.

Source: Eight countries to miss EU data protection deadline

Why the ‘encryption exception’ may be over used

EU General Data Protection Regulation and some U.S. state laws provides the “encryption exception” – it can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised.

The reasoning is that encryption preserves confidentiality – even for stolen data – by rendering it unreadable. But it’s not really true.

Source: Why the ‘encryption exception’ may be over used

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US

A hacker has provided Motherboard with the login details for a company that buys phone location data from major telecom companies and then sells it to law enforcement.

Source: Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US – Motherboard

Snooping Amsterdam civil servants broke privacy laws with Facebook research 

An analysis of the Facebook networks of trouble-making youngsters by the Amsterdam city authorities constituted a breach of privacy and should have been reported to privacy monitoring body AP.

Amsterdam civil servants decided to build up a picture of the networks of youngsters who hung around on the streets and caused a nuisance in Amsterdam Zuid. By looking at their networks the authorities thought they would gain a better understanding of this group.

Source: Snooping Amsterdam civil servants broke privacy laws with Facebook research – DutchNews.nl

>