National Institute of Standards and Technology, ISO Release Privacy Guidance Companies seeking guidance about how to understand privacy risks and to implement measures to address them should be aware of two new resources – The National Institute of Standards and Technology’s (“NIST”) draft Privacy Framework and the International Organization for Standardization’s (“ISO”) International Standard for privacy information management. These tools are designed to work alongside existing guidelines for cybersecurity and the requirements of emerging law such as the General Data Protection Regulation and the California Consumer Privacy Act. The NIST Privacy Framework In September, NIST, an agency of the U.S. Department of Commerce, released a preliminary draft of…
.@EU_Commission announced successful conclusion of adequacy talks with South Korea, confirming alignment of EU & SK #dataprotection laws. Finding covers commercial & public sector, enables data flows between the EU & SK. Adoption expected in coming months. https://ec.europa.eu/commission/presscorner/detail/en/statement_21_1506
Dutch DPA announced a €475,000 fine for Dutch headquartered @bookingcom for failure to report #databreach within 72 hours of becoming aware of the 2019 incident. Breach resulted in unauthorized access to login credentials, criminal access to data of 4000 customers.
Bavaria #DPA declared company’s (controller’s) use of US email marketing service #Mailchimp in #Bavaria impermissible due to failure comply with #SchremsII mitigation requirements with respect to transfer of e-mail addresses to Mailchimp in the US.