Coming Soon to Singapore: Mandatory Data Breach Notifications

Share

Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.

Continue reading

European Union Adopts Adequacy Decision For Safe Data Flows With Japan

Share

On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data.  Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations.  Japan adopted an equivalent decision with the EU on January 22, 2019.  These reciprocal findings of adequacy will create the largest area of safe data flows in the world.

Continue reading

India Releases Draft Personal Data Protection Regulation

Share

India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.

Continue reading

Singapore Taekwondo Federation Fined by Personal Data Protection Commission for Unauthorized Disclosure of Minors’ Information

Share

Singapore’s Personal Data Protection Commission recently found that the Singapore Taekwondo Federation violated Singapore’s Personal Data Protection Act (PDPA) by failing to protect minors’ personal data on its website.  The PDPA was enacted in 2012 to “govern the collection, use and disclosure of personal data by organisations in a manner that recognizes both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”

Continue reading

Smart Uses of Data Analytics for In-House Counsel

Share

The effective use of data analytics is quickly changing the legal landscape and the practice of law for the better. This is a fast-changing area where today’s “use cases” will be quickly superseded by new and more powerful uses of these technologies. This post discusses key areas where in-house counsel may consider the use of data analytics either as a solely in-house measure or in connection with engagements with outside counsel.

Continue reading

Sedona Conference Working Group on Data Security and Privacy Liability Releases Draft Incident Response Guide

Share

The Sedona Conference®, a nonprofit research and educational think tank dedicated to the advanced study of law, particularly in information governance, has released its Incident Response Guide , open for public comment through June 19, 2018.  Drafted by Working Group on Data Security and Privacy Liability (WG11), the guide is meant to serve as a practical resource for practitioners dealing with the legal, technical, and policy issues related to data-related incidents – from distributed denial-of-service to ransomware attacks.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Cookie Policy | Privacy Policy