Kait Bolongaro reports: Prime Minister Justin Trudeau’s government unveiled a remake of Canadian privacy laws to strengthen user rights in the digital world. Under legislation introduced Tuesday in Ottawa, companies that commit the most serious offenses would be hit with fines worth as much as 5% of revenue or C$25 million ($19 million), whichever is…
Category: Federal
PH: NPC to allow data breach victims to apply for cease-and-desist orders
Jenina P. Ibañez reports: Victims of personal data breaches may request cease-and-desist orders from the National Privacy Commission (NPC) if the breach violates their privacy rights and causes “irreparable injury.” The NPC, in circular no. 20-02 signed on Oct. 6, said that it may issue such orders in the event of violations or threats to…
Germany: No GDPR damages after data breach
Seen at DLA Piper: One of the many open questions of data protection law in Europe is how compensation for “non-material damage” will be calculated. In contrast to personal injury claims where lawyers have (hundreds of) years of case law to call upon to help calculate compensation, there is comparatively little case law considering how…
Hackers Take Advantage of India’s Loose Data Privacy Laws
SiliconIndia reports: India has some of the loosest data policy laws on the planet. Hackers have seen these loose data privacy laws as the opening they need to steal data and sell it on the black market. Regulations are changing, but many experts that are seeing the importance of data protection feel that they are not moving…
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic
A snippet from the Executive Summary of a new report written by Robert Gellman and Pam Dixon: This report offers an analysis of existing laws and practices regarding both types of HIPAA COVID-19 waivers. The report recommends that, when the current emergency subsides, the Secretary of HHS review in a systematic way the privacy, security,…
HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often…