Standard Post with Image

The US issues the first even cybercrime charges against two Russian Federal Security Service agents and two criminal hackers

On Wednesday 15, March 2017 the US Department of Justice has announced that 4 individuals, among which two Russian Federal Security Service agents, have been indicted with cybercrime charges in relation to the massive hack of Yahoo information.  In a very tense moment for the US-Russia relations, the statement of the US Department of Justice reports that the stolen information was used to “obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies […]”.

The full statement of the US Department of Justice is accessible here
Standard Post with Image

The French Commission Nationale de l’Informatique et des Libertés publishes a 6 points guideline to prepare for the EU GDPR

The French Commission Nationale de l’Informatique et des Libertés has publishes a 6 points guideline to help organizations and businesses be ready for the EU GDPR and avoid complaints for compliance violations.  The 6 points are: appoint a DPO; make a data mapping; establish a prioritization of compliance actions; create a risk management system; organize internal processes; keep documentation and compliance measures.

The guideline can be found at the CNIL website
Standard Post with Image

Mandatory data breach notification regime to commence in 2018


The Federal Parliament recently passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), which makes amendments to the Privacy Act 1988 (Cth) (Privacy Act), and makes it mandatory to report privacy breaches.

Macpherson Kelly has assisted many organisations with their compliance with the Australian privacy regime. If you would like further information, please contact Kelly Dickson on (03) 9794 2541.

Read more
Standard Post with Image

The Italian Privacy Authority (Garante per la protezione dei dati personali) issues the 5th highest fine in its history

The Italian Privacy Authority (Garante per la protezione dei dati personali) has issued fines for more than 11 mln Euros to 5 Chinese money-transfer companies that treated the personal data of about 1.000 customers in violation of the Italian data protection law.  The investigation in the case was conducted by the Italian financial police (Guardia di Finanza) and coordinated by the Public Prosecutor’s Office of Rome.  The violations revealed by the Italian financial police were against money laundering laws and data protection laws.  The criminal enterprise was illegally transferring considerable amounts of money to China, dividing the amounts in chunks lower than the money laundering threshold between about 1.000 customers unaware that the transfers were operated in their names.  This determined the violation of personal data that led to the fines of the Garante per la protezione dei dati personali.

The decision of the Italian Privacy Authority can be downloaded here
Standard Post with Image

The British Information Commissioner’s Office issues a £ 270.000 fine for nuisance calls

The British Information Commissioner’s Office (ICO) has fined a company that made 22 million nuisance calls, in the form of automated marketing calls, to individuals who did not specifically agree to receive such calls.  The fine is one of the highest ever made by the ICO.  Read the press release from the U.K.

ICO website