The Information Commissioner’s Office (ICO) has begun formal enforcement action against care homes that have failed to pay the data protection fee.
All of this is speculation until the first case gets to the courts... [...] But according to a Department of Home Affairs staffer who drafted the new laws, a compulsory Technical Capability Notice (TCN) cannot be served on individuals within a corporation. "The corporate entity is the endpoint there. So we can't require, say, an employee of that at all to be operating under a secret notice that [their employer] is ignorant of," Adam Ingle told the Crypto 2018 Workshop on
Even outside the auspices of the GDPR courts are upholding the right of data subjects to 'their' data...: In Miller v. Sauberman, Index No. 805270/16 (N.Y. Dec. 6, 2018), New York Supreme Court Justice Joan A. Madden, despite the defendant’s estimated cost of $250,000 to produce metadata related to the plaintiff’s medical records, denied the defendant’s motion for a protective order and granted the plaintiff’s cross-motion to compel the production of that metadata within 30
This is in a 'red top' newspaper. I'm impressed that GDPR is a topic but we have to be careful of 'the sky is falling in' warnings...: [...] Top 10 most common ways small businesses are, or could be, breaking GDPR rules Here's what you need to know... Allowing staff to use their own computers, tablets or phones for work purposes – if personal data isn’t encrypted Staff using papers diaries used for work purposes and containing personal information – major
This could be an interesting precedent, not just in Pennsylvania. If data security is part of your organisation's duty of care it opens up a whole range of legal ramifications...: In finding a common law duty to protect employees’ personal data, the Pennsylvania Supreme Court has unexpectedly, and dramatically, altered the contours of the data breach litigation landscape. In Dittman v. UPMC, hackers penetrated the University of Pittsburgh Medical Center (UPMC) computer sy
Useful intro to preparing for the inevitable...: The best way for a company to handle a data breach is to be prepared. As we discuss in our data breach readiness handbook, preparation includes, among other things, drafting an incident response plan, reviewing cyber-insurance, reviewing contractual...