Standard Post with Image

First Italian DPA Guidelines on the EU GDPR implementation

The Italian DPA (Garante per la protezione dei dati personali) has issued the first Guidelines on the EU GDPR implementation.  The Guideliens have two declared objectives: support public institutions and businesses to transit onto the new regulatory framework introduced by the GDPR, and to inform the public at large on their reinforced rights as recognized by the Regulation.

The Guidelines are accessible, in Italian language, here
Standard Post with Image

Ministerial Declaration of the Nordic-Baltic Ministerial Conference on Digitalization, Oslo 24-24 April

The Nordic Council of Ministers comprises Denmark, Finland, Iceland, Norway and Sweden since 1971. In addition, Greenland, the Faroe Islands and Åland have also had increased representation and more prominent roles in the Nordic Council of Ministers, with the same representation as the other member countries.  During the 24-25 April meeting on Digital North which included representatives of Estonia, Latvia and Lithuania the Council has adopted a Ministerial Declaration that, as it can be read in the Declaration, “is taking its departure point from the priorities of Norwegian Presidency of the Nordic Council of Ministers in 2017 and the Digital Single Market Strategy (DSM) of the EU”.  The Declaration sees three priorities: (1) Strengthening the ability for digital transformation of our governments and societies, especially by creating a common area for cross-border digital services in the public sector; (2) Strengthening the competitiveness of our enterprises through digitalization; and, (3) Enhancing the digital single market in the Nordic-Baltic region.

The Ministerial Declaration can be downloaded here

The website of the Nordic Council of Ministers is accessible here
Standard Post with Image

The Wall Street Journal holds that the EU GDPR will offer solid customer data protection to US consumers

In the recent Wall Street Journal article, authored by Jeff Stone, there are two interesting elements: the discussion on the advantages of similar GDPR regulations since “here is momentum in the U.S. for a national data-breach notification law. Forty-eight states have laws requiring companies to report data breaches through various channels, but the patchwork nature of those rules and the rising threat of cybercrime have brought the possibility of a national law similar to the breach-notification requirement in GDPR to the fore”; and, that the GDPR could offer stronger data protections for banks, credit card, and insurance companies.

Read the full article here (subscription might be required)
Standard Post with Image

The OCR/HHS announces a $ 2.5 Mil settlement on impermissible disclosure of unsecured HIPAA/ePHI

The press release of the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) reports of “a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI).  CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying .5 million and implementing a corrective action plan.  This settlement is the first involving a wireless health services provider, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias”.

Find here the full press release
Standard Post with Image

FTC seeks comment on proposed changes to TRUSTe’s COPPA safe harbour program

Less than two weeks after TRUSTe, Inc. agreed to settle privacy compliance violations with the NY Attorney General, the Federal Trade Commission (FTC) has launched a campaign for comment on the proposed changes to TRUSTe’s safe harbor program adopted under the agency’s Children’s Online Privacy Protection Rule (COPPA).  The safe harbor provision included in the FTC’s COPPA Rule aims at encouraging an increased self-regulation on COPPA matters of those under the authority of the Commission.  Earlier this month, TRUSTe pledged for a new requirement on the collection of personal information from children on its websites and online services.  The FTC is now “is seeking comment […] whether the mechanisms used to assess compliance with the proposed modified program requirements are effective”.

The FTC request for comments is accessible at this website