Tag: International (page 1 of 3)

Information Governance Gains Traction, Maturity, and Value Proposition: State of IG Report

Share

The Information Governance Initiative (IGI) recently released its third annual “State of Information Governance” report . Highlights include a sharp rise in IG projects underway and a shift toward organizations deriving value out of properly stored data. Indeed, nearly twice as many respondents (176percent of prior-year baseline) indicated that they are extracting business value from their information.

While external factors to include data breaches and data privacy regulations largely drive IG projects, there is mounting internal pressure to reduce storage costs, limit exposure to potential data breaches, and consolidate data. IGI found that respondents overwhelmingly agreed that information governance is an essential component of internal and external cybersecurity.

Below are key takeaways from the report, including respondent results and IGI’s analysis and recommendations.

Continue reading

Recap of Our General Data Protection Regulation Webinar Series

Share

In preparation for the General Data Protection Regulation (GDPR), set to take effect in the EU on May 25, 2018, we have hosted a series of webinars to help attendees navigate the changing data protection landscape. The GDPR is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive, and will affect any company that processes data pertaining to individuals in the EU. Please find more information on the presentations below:

United States Is First Country to Join APEC Privacy Recognition for Processors Program

Share

The United States recently became the first country to participate in the new Asia-Pacific Economic Cooperation (“APEC”) Privacy Recognition for Processors (“PRP”) program.  Finalized in 2016 and designed to certify privacy compliance for personal information processors within the Asia-Pacific region, the PRP program offers a trustmark certification to processors that demonstrate their capacity to assist data controllers in complying with relevant privacy obligations.  According to APEC, the PRP program was created so that (1) data controllers are able to identify qualified data processors to implement data controllers’ data processing obligations, (2) data processors are able to demonstrate their ability to provide effective implementation of a controller’s privacy requirements, and (3) small and medium-sized institutions are able to gain exposure and visibility into a global data processing network.  Continue reading

Singapore Addresses Confidentiality of Electronic Patient Records in New Healthcare Services Bill

Share

Singapore’s Ministry of Health (MOH) recently drafted a new Healthcare Services (HCS) Bill aimed to bridge the gap between the country’s changing healthcare needs and technological advances.  According to the MOH, the healthcare landscape in Singapore is undergoing significant changes, including an ageing population, increased chronic disease prevalence, and advancements in medicine and health technologies.  The HCS Bill will “better safeguard the safety and well-being of patients, while enabling new and innovative services that benefit patients to be developed, in the changing healthcare environment.”

Currently, healthcare providers in Singapore are licensed and regulated under the Private Hospitals and Medical Clinics Act (PHMCA), which was designed to protect patient safety through the licensing of physical healthcare premises.  But, brick and mortar locations are quickly becoming a thing of the past as more and more healthcare services are delivered through mobile and online channels.  MOH intends to respond to this shift by repealing the PHMCA and replacing it with this new HCS Bill.

Continue reading

Article 29 Working Party Releases Guideline WP260 on Transparency under the GDPR

Share

The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency.  Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP 29 working party will issue final guidance. WP29 is an independent European advisory body on data protection and privacy.

This blog post focuses on WP260, the guideline on transparency. Our companion post on WP259, the guideline on consent can be read here.

Transparency has long been a fundamental feature of EU privacy law and is an overarching obligation under the GDPR. The draft guideline notes that a central consideration of the principle of transparency is that the data subject should be able to determine in advance what the scope and consequences of the processing entails. Transparency applies in three central areas:

  • The provision of information to data subjects related to the fair processing of their personal data.
  • How data controllers communicate with data subjects in relation to their rights under the GDPR.
  • How data controllers facilitate the exercise by data subjects of their rights.

Continue reading

Article 29 Working Party Releases Guideline WP259 on Consent under the GDPR

Share

The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency in November.  Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP29 will issue final guidance.   WP29 is an independent European advisory body on data protection and privacy.

This blog post focuses on WP259, which is the guideline on consent. We have also written a companion blog on WP260, the guideline on transparency.

Guideline on Consent

The guideline provides a thorough analysis of the notion of consent, which is one of the six lawful bases to process personal data under the GDPR. Article 4(11) stipulates that consent of the data subject must be:

  • Freely given.
  • Specific.
  • Informed.
  • Unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Continue reading

Older posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy