Switzerland: Minimal security standards and assesment tool
from 2018… (modelled on NIST cybser security framework with some modifications)
hhttps://www.bwl.admin.ch/bwl/en/home/themen/ikt/ikt_minimalstandard.html
Switzerland: National Cyber Security Centre NCSC
includes a form for reporting security incidents.
EDPB statement on the end of Brexit transition period
Statement on the end of the Brexit transition period
Adopted on 15 December 2020
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_statement_20201215_brexit_en.pdf
New Microsoft DPA (9-Dec-20020)
New Microsoft Data Processing Agreement template
https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=67
Article: Design and evaluation of a data anonymization pipeline to promote Open Science on COVID-19
https://www.nature.com/articles/s41597-020-00773-y
using ARX pipeline
Sweden: DPA fines Umeå University (~53,000 EUR)
Very interesting case involving sensitive personal data that
- was shared via unencrypted email (which was pointed out to the university, but was not reported as an incident)
- stored on box.com, protected only by username/password, despite the fact that the University’s risk assessment didn’t support this – and in violation to internal published policies
(I hope I read the documents correctly..)
Press release:
https://www.datainspektionen.se/nyheter/universitet-brast-i-skyddet-av-kansliga-personuppgifter/
France: CNIL fines Google (100 mio EUR) and Amazon (35 mio EUR) over cookies, trackers and privacy notices
On 7.12.2020 the CNIL fined total o 135 million Euro – Google LLC (60 Mio.), Google Ireland (40 Mio.) and Amazon (35 Mio.)
Press release in English:
- Sanctions on Google https://www.cnil.fr/en/cookies-financial-penalties-60-million-euros-against-company-google-llc-and-40-million-euros-google-ireland
- Sanctions on Amazon https://www.cnil.fr/en/cookies-financial-penalty-35-million-euros-imposed-company-amazon-europe-core
https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000042635706
https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000042635729
Germany: SDM Standarddatenschutzmodell / Standard Data Protection Model
https://www.datenschutzzentrum.de/sdm/
also – with somehow more material, incl. security control blocks at
https://www.datenschutz-mv.de/datenschutz/datenschutzmodell/
New Zealand: New Privacy Law overview (by FPF)
A Deep Dive into New Zealand’s New Privacy Law: Extraterritorial Effect, Cross-Border Data Transfers Restrictions and New Powers of the Privacy Commissioner