ICO publishes the 2016/17 annual report

U.K. Information Commissioner Elizabeth Denham has published her first annual report.  The document explains the plans that the Commissioner is intended to follow in order to get prepared for the incoming General Data Protection Regulation (EU GDPR).  The Office direction is to improve the trust between public and those agencies and companies that process their personal data.

The ICO 206/17 annual report is available here

White House publishes voters’ emails including their sensitive information

The White House released more than a hundred pages of emails containing voters’ comments on the Election Integrity Commission.  The publication does not protect voters personal information where the emails display voters’ names, email addresses and, in some cases, more specific information such as home addresses, phone numbers and places of employment.  The White House website has yet to adopt guidelines on how to display personal information of citizens on its website, and to implement warnings on how their data may be used.

The emails are still available at the White House website, but PrivacyRules has decided not to publish the related link.

Singapore publishes a new draft bill to empower its cybersecurity

After two years of work, the Singapore Cyber Security Agency has opened a draft cybersecurity bill to public consultation.  The purpose of the draft is to strengthen data protection through implementing stringent rules on reporting security breaches and adopting a specific license for the companies that handle sensitive information. The legislative amendments are needed as the current Singapore legislation is focused on specific cybercrimes while the new proposal aims at creating an omnibus bill that regulates cybersecurity also for essential services.

The Singapore cybersecurity bill is available online here

EU-US Privacy Shield is now adopted by the EEA

The European Economic Area (EEA) Joint Committee has adopted the decision to incorporate the EU-U.S. Privacy Shield adequacy decision into the EEA Agreement.  The decision recognises the reliability of the mechanism permitting to transfer data from EEA Member States to the U.S. including Iceland, Liechtenstein and Norway.  The decision takes effect from the 8th of July.

The provisional text of the decision its available online in pdf format

OCR launches a video-training module for health care providers on patients’ right to access their personal data

The Office for Civil Rights (OCR) of the Department of Health and Human Services has launched a video-training program to educate health care providers on patients’ right to access under the HIPAA Privacy Rule.  The video module describes the components of the HIPAA right to access and the ways in which individuals can be more informed about their own care.  It also offers recommendations on how to integrate aspects of the right to access into medical practices.

The programme is available here (registration is need, but the programme is free of charge)