Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

The FTC and Industry Propose Best Practices for IoT Security Updates

How do you ensure that an Internet-connected sensor or device—often inexpensive and designed for lifespans of up to 20 years or more—can be secured against not only the intrusions of today but also those of the future? This question has taken on new urgency as low-cost Internet-connected devices are increasingly being co-opted into massive networks, known as “botnets,” that are capable of causing widespread disruption.

Source: The FTC and Industry Propose Best Practices for IoT Security Updates | HL Chronicle of Data Protection

Businesses warned against ‘dressing up’ marketing emails that customers have opted out of

Businesses cannot send marketing emails to customers that have elected to opt out of receiving such messages as part of moves to update their terms and conditions, the UK’s Information Commissioner’s Office (ICO) has said.

Source: Businesses warned against ‘dressing up’ marketing emails that customers have opted out of

Belgian DPA publishes recommendation on GDPR record keeping obligation

Belgian Data Protection Authority has published a recommendation on the records of processing activities. It aims to assist controllers and processors in putting in place the records of processing activities as required by article 30 of the GDPR.

Source: Belgian DPA publishes recommendation on GDPR record keeping obligation – Privacy, Security and Information Law Fieldfisher

Belgian DPA publishes recommendation on GDPR record keeping obligation

End of last week, the Belgian Data Protection Authority published a recommendation on the records of processing activities. The full text of the Recommendation is available in French and Dutch on the website of the Privacy Commission.

Source: Belgian DPA publishes recommendation on GDPR record keeping obligation

WP29 releases extensive employee-privacy guidance

In further production from the group’s June plenary session , the EU’s Article 29 Working Party, the collection of data protection authorities, released today extensive guidance relating to the privacy of employees, including a series of nine practical scenarios.

Source: WP29 releases extensive employee-privacy guidance

New NIST guidelines: security and privacy recommendations

NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here ). As many of their documents, new guidelines will be influential for security and privacy engineering.

Source: New NIST guidelines: security and privacy recommendations

UK ICO Revises Subject Access Guidance Following Court Rulings

On June 20, 2017, the UK Information Commissioner’s Office (ICO) published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests.

Source: UK ICO Revises Subject Access Guidance Following Court Rulings

Germany Issues Ethics Report on Automated and Connected Cars

On June 20, 2017, the German Federal Ministry of Transport and Digital Infrastructure issued a report on the ethics of Automated and Connected Cars. The Report was developed by a multidisciplinary Ethics Commission established in September 2016 for the purpose of developing essential ethical guidelines for the use of automated and connected cars.

Source: Germany Issues Ethics Report on Automated and Connected Cars : : Privacy & Information Security Law Blog

>