Montana and Tennessee on Verge of Joining Other States in Passing Comprehensive Privacy Laws -
On April 21, 2023, the state legislatures of Montana and Tennessee passed comprehensive privacy legislation bills. To become...more
5/15/2023
/ Cyber Threats ,
Department of Justice (DOJ) ,
ENISA ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
In this OnPoint we report on the data protection implications of collecting personal data concerning employees’ vaccination status. Introduction - Employers formulating return to work plans for their employees in accordance...more
The Information Commissioner’s Office (ICO), the UK’s data protection authority, has recently published updated guidance on an individual’s right to access their personal data. This OnPoint considers the key issues arising...more
A recent High Court decision concerning compliance with a data subject access request considered the basis upon which an individual can require the data controller to provide the names of those in receipt of his or her...more
5/25/2019
/ Appeals ,
Civil Conspiracy ,
Compliance ,
Covered Recipients ,
Data Controller ,
Data Subject Access Requests ,
Expert Witness ,
Fraud ,
Information Sources ,
Order To Compel ,
Personal Data ,
Redacted Documents ,
Trial Court Orders ,
UK ,
UK Data Protection Act
A data subject (defined in the GDPR as an identified or identifiable natural person) has a right under the General Data Protection Regulation (GDPR) to make a data subject access request (DSAR) to find out what personal data...more
12/4/2018
/ Corporate Counsel ,
Data Controller ,
Data Subject Access Requests ,
Discovery ,
Electronically Stored Information ,
EU ,
Exceptions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Redaction ,
Scope of Discovery Requests ,
Third-Party ,
UK Data Protection Act
An immense volume of personal data (or personally identifiable information) is proliferating and flowing throughout the world. Personal data is an incredibly valuable asset to companies but data protection and privacy laws...more
3/13/2018
/ Consent ,
Contract Terms ,
Data Controller ,
Data Mapping ,
Data Protection Officers (DPOs) ,
Employee Training ,
Employer Liability Issues ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Relationships
Article 30 of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, places an obligation upon data controllers and processors to keep internal records of data processing activities. The data...more
What is a ‘personal data breach’? First things first, what exactly is a personal data breach? The GDPR defines it as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised...more
11/1/2017
/ Article 29 Working Party (WP29) ,
Breach Notification Rule ,
Data Breach ,
Data Processors ,
Digital Service Providers ,
Economic Sanctions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notification Requirements ,
Personal Data
The UK's Information Commissioner, Elizabeth Denham, has launched a series of blogs designed to “bust some of the myths” which she believes have developed around the EU General Data Protection Regulation (GDPR). Her first...more
8/22/2017
/ Consent ,
Corporate Counsel ,
Data Controller ,
Data Processors ,
Employee Privacy Rights ,
Employer Liability Issues ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
UK ,
UK Data Protection Act
The Queen’s Speech on 21 June 2017 confirmed the government’s plans for a new data protection law ensuring "that the United Kingdom retains its world-class regime protecting personal data". ...more
Under section 7 of the Data Protection Act 1998 (DPA) employees are entitled to make a data “subject access request” (SAR) in order to obtain copies of the personal data held about them by their employer and certain other...more