Data Protection Regulation

6 June 2012 at 11:20am

ICO Comments on EU Data Protection proposal

Andrew Cormack
Access Management
Breach Notification
Data Protection Regulation
Privacy
The Information Commissioner has published his initial analysis of the EU Data Protection proposals.
Read more
4 July 2012 at 5:02pm

MoJ Evidence on EC Data Protection proposal

Andrew Cormack
Access Management
Breach Notification
Cloud computing
Data Protection Regulation
Privacy
incident response
I've just sent in a Janet submission to the Ministry of Justice's Call for Evidence on the EU Data Protection proposals. Our response mentions the good and bad things about the proposal, as discussed here previously, for
Read more
6 June 2012 at 11:16am

Government CERTs and Information Sharing

Andrew Cormack
CSIRT
Data Protection Regulation
Privacy
incident response
I've had three discussions in two days about whether Government CERTs are different from others, which makes it a FAQ! It seems to me that legislation may be heading that way, and that that could create a potential problem for sharing information.
Read more
6 June 2012 at 11:14am

Data Protection Proposal: Federated Access Management

Andrew Cormack
Access Management
Data Protection Regulation
Privacy
The European Commission’s proposed Data Protection Regulation supports recent thinking in moving away from using consent as a basis for federated access management systems.
Read more
6 June 2012 at 11:14am

Data Protection Proposal: Privacy Breaches

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
In dealing with breaches of privacy the Commission’s enthusiasm to protect and reassure Internet users seems to run the risk of having the opposite effect. Article 4(9) of the proposed Regulation defines 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Read more
6 June 2012 at 11:14am

Data Protection Proposal: Cloud Computing

Andrew Cormack
Cloud computing
Data Protection Regulation
Privacy
Cloud computing, whose whole point is to be independent of geography, does not fit comfortably into current data protection law. The Commission’s new proposal at least shows signs that clouds were a use case that was considered during drafting, so it is more obvious which provisions apply to them. These seem to offer a mixture of carrots and sticks to try to bring clouds within the European data protection regime.
Read more
6 June 2012 at 11:13am

Data Protection Proposal: Incident Response

Andrew Cormack
Data Protection Regulation
Privacy
incident response
The Commission's proposed Data Protection Regulation seems very positive for Incident Response. Indeed Recital 39 explicitly supports the work of Incident Response Teams:
Read more
25 June 2015 at 4:25pm

Europe's Data Protection Proposal

Andrew Cormack
Access Management
Breach Notification
Cloud computing
Data Protection Regulation
Privacy
incident response
Last week the European Commission published their proposed new Data Protection legislation. This will now be discussed and probably amended by the European Parliament and Council of Ministers before it becomes law, a process that most commentators expect to take at least two years. There's a lot in the proposal so this post will just cover the general themes.
Read more
6 June 2012 at 11:09am

Leak hints at direction of Data Protection revision

Andrew Cormack
Data Protection Regulation
Privacy
Statewatch have published what appears to be a leaked draft of Commission ideas for revised data protection legislation.
Read more
6 June 2012 at 10:40am

Google picks up EC regulatory issues

Andrew Cormack
Cloud computing
Data Protection Regulation
Privacy
Interesting to see an awareness of developments in European privacy law in a presentation from Google at the UCISA Management Conference.
Read more
Subscribe to Data Protection Regulation