This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 11 Issue: 8
(August 2014)


US consumer privacy rights organisation, the Center for Digital Democracy (CDD), filed - on 14 August 2014 - a complaint with the Federal Trade Commission (FTC), in relation to 30 companies which the CDD alleges are failing to provide the safeguards stipulated in the US-EU Safe Harbor Framework. The complaint calls for an investigation of companies involved in data profiling, online targeting and data brokering; Acxiom, AOL, Datalogix and Neustar are among the companies named. / read more

The Payment Card Industry Security Standards Council (‘PCI SSC’) published - on 7 August 2014 - a supplemental guide for businesses which use third party service providers (TPSPs) to store, process or transmit their customers’ card payment data following concerns over TPSPs security vulnerabilities. The Third Party Security Assurance Information Supplement contains practical recommendations focussing on due diligence and risk assessments which should be undertaken by businesses when engaging with TPSPs. Recommendations on developing appropriate agreements, policies and procedures with TPSPs are also included. / read more

On 18 July 2014, the Irish Minister for Justice and Equality, Frances Fitzgerald, signed regulation 337 and 338 of 2014, which brought into force - on 18 August 2014 - three previously inactive provisions of the Data Protection Act 1988 (DPA). Section 4(13) of the DPA makes forced subject access requests a criminal offence. This involves an individual being forced to submit a subject access request by an employer or potential employer, usually regarding a criminal conviction, in order to reveal the information. A €100,000 fine can be imposed for violation of this provision. / read more


Ask any data protection officer or privacy counsel what tops their list of trepidations, and engaging global data services vendors will be up there. The combination of security threats and burdens, restrictions on international data transfers and data-hungry law enforcement authorities has turned delegating any data processing or storage operations to cloud service providers into an unnerving proposition. This is unfortunate, given all the practical benefits and the crucial role of cloud computing for the world’s economy and the information society. If we add to this the incessant scrutiny of Safe Harbor and the growing distrust surrounding technology giants which is part of the legacy of the post-Snowden era, things are not looking very rosy for the global guardians of our information. It need not be this way. / read more

The European Union has elected a new Parliament in May 2014. Whilst the EU General Data Protection Regulation (‘the Regulation’) slowly but steadily inches towards completion, doubts and concerns remain for practitioners and industries in preparation for implementing the Regulation in the seemingly imminent future. Is the Regulation truly the best instrument for individuals’ fundamental right of data protection? Ruth Boardman and Francis Aldhouse, Partner and Consultant respectively at Bird & Bird, provide ten proposals which would provide a better legal instrument. / read more

The new law introducing amendments to the Russian Federal Law on Personal Data and to the Russian Federal Law on Information, Information Technologies and Protection of Information will come into force on 1 September 2016. Irina Anyukhina, Anastasia Petrova and Maria Ostashenko, of Alrud Law Firm, Moscow, discuss the nuances of the new law that may give hope to companies affected by the new requirements. / read more

As data breaches become increasingly common and increasingly costly, it is apparent that efforts to prevent a breach are not enough. Organisations must prepare for a breach for when prevention efforts fail. David Chamberlin and Leigh Nakanishi, Leader of Edelman’s Global Data Security and Privacy team and Senior Data Privacy and Security Strategist at Edelman respectively, outline the scale of the problem, the effects that data breaches can have on a company, and discuss best practices and common pitfalls in terms of data breach management. / read more

When it took over the Presidency of the Council of the European Union on 1 January 2014, the Greek Presidency adopted a wide-ranging reform package. As it nears the end of its tenure, Dimitris Zografopoulos, Legal Auditor at the Hellenic Data Protection Authority and a member of the DAPIX Working Group of the European Council, assesses its progress in driving through data protection reform. / read more

As cybercrime becomes all the more sophisticated and expansive by the day, organisations must react to an ever-changing online threat landscape. In this article, Nahim Fazal, Head Of Cyber Security Development at Blueliv, a cloud-based cyber threat intelligence solution, explains what in his view constitutes a long term and effective cybersecurity strategy and outlines the key questions organisations should be asking in relation to their cybersecurity strategies. / read more

Drudeisha Caullychurn-Madhub, Data Protection Commissioner with the Republic of Mauritius, explains why the State needs personal data to operate digital services and how that data can present a threat when not sufficiently protected, using examples from the commercial world. She explains how when assessing potential privacy protection measures, it is essential for privacy practitioners to consider the positive effects of processing such data against the negative effects, in order to draw up a balance. She also explains the part that the state can play in driving this balancing act forward in the name of good governance. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed