This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 12 Issue: 8
(August 2015)


The Office of the Privacy Commissioner of Canada, together with the Privacy Commissioners of British Columbia and Alberta (‘the Commissioners’), issued, on 13 August 2015, guidelines on bring your own device (‘BYOD’) programmes to help organisations mitigate the risks of security incidents and privacy breaches arising from BYOD policies (‘the Guidelines’). / read more

The Korean Communications Commission (KCC) announced, on 3 August 2015, that amendments to the Law on the Protection and Use of Location Information 2008 (‘the Act’) would come into effect on 4 August 2015 (‘the Amendments’). In particular, the Amendments modify Article 9(1) of the Act on the obligation for location-based businesses to report their names, location of the main office, business type and key facilities to the KCC. / read more

The Russian Ministry of Communications (‘the Ministry’) issued, on 3 August 2015, an explanatory note (‘the Note’) clarifying the rules for the localisation of personal data, included in Law FZ-242 and Law 152-FZ (‘the Amendments’), and which is due to enter into force on 1 September 2015. / read more


This article is not about morality but about an urgently-needed change in behaviour. For real and for good. The much talked-about saga involving the theft and subsequent publication of customer data from extramarital affairs website (what a surreal description!) Ashley Madison, has sparked many debates. Opinions have ranged from those who see this as a just punishment for the organised cheating industry to those who have ranked this hack as the most serious privacy violation since the invention of the internet. The degree of sympathy for the victims has also been variable, but what appears to be a constant theme is the perception that this incident will have more dramatic consequences than any other cyber attacks we have seen. / read more

Under the Personal Data Protection Regulations 2013 (‘the Regulations’), data users are required to comply with security, retention and data integrity standards which may be issued by the Personal Data Protection Commissioner (‘the Commissioner’). Since the enforcement of the Personal Data Protection Act 2010 (‘PDPA’) on 15 November 2013, no standards had been issued. However in mid-2015 the Commissioner issued a Public Consultation Paper (‘the Consultation Paper’) to seek feedback from relevant stakeholders in respect of proposed security, retention and data integrity standards (‘the Proposed Standards’). Jillian Chia, Partner at Skrine, explores the potential ramifications of the Proposed Standards on businesses. / read more

Mark Keddie spoke to Data Protection Law and Policy about his obligations and challenges as Chief Privacy Officer for BT Group. Fulfilling customers’ expectations and ensuring privacy is a business enabler, are key issues touched upon by Mark in addition to his positive views about the impending EU General Data Protection Regulation (‘GDPR’). This article forms part of a regular feature, which provides an in-house perspective on privacy. / read more

While the Information Commissioner’s Office (‘ICO’) is looking ahead to the next ‘crucial twelve months’ in light of the progress of the draft EU General Data Protection Regulation (‘GDPR’), it’s Annual Report for 2014/15 shows a year that has been significant for changes in the law that have strengthened, and will no doubt continue to strengthen, the ICO’s regulatory powers. The ICO is keen to point out that it is not ‘complaints driven’ and sees itself more as an advisor than enforcer, working to ‘demystify some of this legislation.’ Nick Graham, Global Co-Chair of Dentons’ Privacy and Security Group, provides a synopsis of the key actions taken by the ICO over the past year. / read more

Nations tackling data protection for the first time tend to look to the EU for reference. Nevertheless, the Francophone Association of Data Protection Authorities (‘AFAPDP’) has jumped right into some of the most pressing issues and the global privacy challenges they pose, recognising that a coordinated effort is necessary. In this article Christophe Fichet and Yaël Hirsch, Partner and Associate respectively at Simmons & Simmons, analyse the position of the AFAPDP on surveillance and health data, discussed at its annual conference in June 2015. / read more

In June, ‘Guidelines on the Electronic Health Dossier’ (‘the Guidelines’), were adopted by the Italian Data Protection Authority (‘Garante’). The Guidelines and accompanying material, define the Dossier as distinct from an electronic health record, in that it represents ‘a file set up at a health care body that acts as the sole data controller (e.g., a hospital or a nursing home) where several health care professionals are employed.’ The Garante details a number of measures and safeguards relevant for data controllers processing an individual’s health data contained in an electronic health dossier. Dr. Nadia Arnaboldi and Dr. Fabio Ferrara discuss the Guidelines and what is expected of data controllers in regard to electronic health dossiers. / read more

Drones - small unmanned aerial vehicles, often equipped with cameras - are now reaching the mainstream economy. This development poses a new challenge for Europe’s data protection regime. Ezra Steinhardt and Vera Coughlan, Associate and European Policy Consultant respectively at Covington & Burling LLP, consider how existing EU data protection rules apply to drones, and review the current and planned actions of key EU policymakers and regulators to address this issue. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed