Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Mon, 03 Apr 2023 09:23:57 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg Privacy Design® / 32 32 CNIL publishes update to security guide /2023/04/03/cnil-publishes-update-to-secuirty-guide/ Mon, 03 Apr 2023 06:23:40 +0000 /?p=4542 Continue reading "CNIL publishes update to security guide"

]]> https://www.cnil.fr/fr/la-cnil-publie-une-nouvelle-version-de-son-guide-de-la-securite-des-donnees-personnelles

For this edition, the main changes concern the following files:

  • Sheet no. 2 “Authenticating users” takes into account the new recommendation relating to passwords and other shared secrets adopted in 2022 by the CNIL. In particular, it uses the notion of password entropy to offer greater freedom in the definition of password policies and abandons the obligation to renew passwords for “classic” user accounts.
  • Sheet no. 4 “Tracing operations and managing incidents” takes into account the recommendation relating to logging adopted in 2021. It explains how to ensure traceability of access and actions in multi-user systems while finding the balance between security, surveillance and associated risks.
  • Sheet no. 12 “Supervising IT developments” has also been enriched with elements from the GDPR guide for the development team .
  • Finally, sheets no. 15 “Securing exchanges with other organisations” and no. 17 “Encrypting, hashing or signing” have been updated to take into account changes in currently recommended practices.

Other more ad hoc updates and improvements have been made to keep up with the evolution of the threat and knowledge.

]]> AEPD: Guidelines for processing activities that involve data communication between Public Administrations in the face of the risk of personal data breaches /2023/03/31/aepd-guidelines-for-processing-activities-that-involve-data-communication-between-public-administrations-in-the-face-of-the-risk-of-personal-data-breaches/ Fri, 31 Mar 2023 05:25:02 +0000 /?p=4539 https://www.aepd.es/es/documento/orientaciones-riesgo-brechas-masivas-aapp.pdf

]]> Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law /2023/03/24/brazilian-dpa-enacts-regulation-on-the-setting-and-application-of-administrative-penalties-under-the-brazilian-general-data-protection-law/ Fri, 24 Mar 2023 06:10:25 +0000 /?p=4534 Continue reading "Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law"

]]> includes the methodology for calculating fines and determining other administrative penalties under the LGPD, such as public disclosure of the infringement and suspension of data processing activities..

Fines can be up to 2% of the annual turnover of the data controller or processor, limited to BRL 50 million per infringement. (approx. 8.8 mEUR)

https://www.huntonprivacyblog.com/2023/03/23/brazilian-dpa-enacts-regulation-on-the-setting-and-application-of-administrative-penalties-under-the-brazilian-general-data-protection-law/

full report at
https://www.bmalaw.com.br/en-US/conteudo/protecao-de-dados-tecnologia-e-negocios-digitais/special-report-regulation-on-the-setting-and-application-of-administrative-penalties-under-the-lgpd

]]> Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations – Initial public draft of NIST AI 100-2 (2003 edition) /2023/03/09/adversarial-machine-learning-a-taxonomy-and-terminology-of-attacks-and-mitigations-initial-public-draft-of-nist-ai-100-2-2003-edition/ Thu, 09 Mar 2023 05:54:01 +0000 /?p=4530 Continue reading "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations – Initial public draft of NIST AI 100-2 (2003 edition)"

]]> The initial public draft of NIST AI 100-2 (2003 edition), Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, is now available for public comment.
https://csrc.nist.gov/publications/detail/white-paper/2023/03/08/adversarial-machine-learning-taxonomy-and-terminology/draft

NIST is specifically interested in comments on and recommendations for the following topics:

  • What are the latest attacks that threaten the existing landscape of AI models?
  • What are the latest mitigations that are likely to withstand the test of time?
  • What are the latest trends in AI technologies that promise to transform the industry/society? What potential vulnerabilities do they come with? What promising mitigations may be developed for them?
  • Is there new terminology that needs standardization?
]]> Spain: Catalan Data Protection Authority : Privacy by design and privacy by default: A guide for developers /2023/03/03/spain-catalan-data-protection-authority-privacy-by-design-and-privacy-by-default-a-guide-for-developers/ Fri, 03 Mar 2023 06:47:16 +0000 /?p=4528 https://apdcat.gencat.cat/web/.content/03-documentacio/documents/guiaDesenvolupadors/GUIA-PDDD_EN.pdf”

]]> Artikel: Google Cache: Unterlassungserklärung und die Löschungspflicht! /2023/02/20/artikel-google-cache-unterlassungserklarung-und-die-loschungspflicht/ Mon, 20 Feb 2023 06:04:43 +0000 /?p=4526 https://www.it-recht-kanzlei.de/viewNews.php?_rid=11800

]]> The United Nations Guide on PET for official statistics 2023 /2023/02/14/the-united-nations-guide-on-pet-for-official-statistics-2023/ Tue, 14 Feb 2023 06:24:05 +0000 /?p=4524 https://unstats.un.org/bigdata/task-teams/privacy/guide/2023_UN%20PET%20Guide.pdf

]]> FTC/GoodRX – Latest FTC Health Privacy Case Sheds Light on Agency Health Privacy Approaches /2023/02/08/ftc-goodrx-latest-ftc-health-privacy-case-sheds-light-on-agency-health-privacy-approaches/ Wed, 08 Feb 2023 07:52:46 +0000 /?p=4520 https://www.bakerdatacounsel.com/ftc/latest-ftc-health-privacy-case-sheds-light-agency-health-privacy-approaches/

HBNR

“The complaint also alleges that until early 2020, GoodRx did not have “sufficient or formal compliance programs for reviewing and approving all data sharing requests or third-party tracking tool integrations. It also had no policies or procedures for notifying users of breaches of their personal and health information.”

]]> Mobile Health App Developers: FTC Best Practices /2023/02/08/mobile-health-app-developers-ftc-best-practices-2/ Wed, 08 Feb 2023 07:16:40 +0000 /?p=4508 https://www.ftc.gov/business-guidance/resources/mobile-health-app-developers-ftc-best-practices

]]> [Sidley Article] It Is Now More Difficult For International Pharma To Transfer Data Out Of China /2023/02/06/sidley-article-it-is-now-more-difficult-for-international-pharma-to-transfer-data-out-of-china/ Mon, 06 Feb 2023 07:36:54 +0000 /?p=4506 https://datamatters.sidley.com/2023/02/03/it-is-now-more-difficult-for-international-pharma-to-transfer-data-out-of-china/

]]>