![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
ICO warning over personal data breaches
From: audrey () riskbasedsecurity com (Audrey McNeil)
Date: Thu, 17 Mar 2016 18:57:36 -0600
http://www.lawgazette.co.uk/law/ico-warning-over-personal-data-breaches/5054234.fullarticle Forthcoming data protection reforms will impose new notification requirements on companies in the event of a personal data breach, the Information Commissionerâs Office has warned. A new EU General Data Protection Regulation will replace all data protection legislation in EU member states, including the UKâs Data Protection Act (DPA), without the need for further national legislation. It is expected to come into force in 2018. Publishing a 12-step checklist this week for companies to âtake nowâ to prepare for the forthcoming regulation, the ICO says companies must have the right procedures in place to detect, report and investigate a personal data breach. Some organisations are already required to notify the ICO when they experience a personal data breach. However, the regulation will introduce a âbreach-notification duty across the boardâ which, the ICO said, will be ânewâ to many organisations. Organisations operating internationally will also need to determine which data protection supervisory authority they come under. The ICO said the regulation contains âquite complexâ arrangements for working out the correct authority that will take the lead when investigating a complaint with an international aspect. âPut simply, the lead authority is determined according to where your organisation has its main administration or where decisions about data processing are made,â it says. âIn traditional headquarters this is easy to determine. It is more difficult for complex, multi-site companies where decisions about differing processing activities are taken in difference places.â The ICOâs head of policy, Steve Wood, said people were beginning to âdevelop a planâ and wanted to take âkey stepsâ ahead of the regulationâs implementation. In a blog post on the ICOâs website, Wood said: âMany of the principles in the new legislation are much the same as those in the current DPA. If you are complying properly with the current law, then you have a strong starting point to build from. âBut there are important new elements, and some things will need to be done differently.â The new law, he added, would âenhance the rights of data subjects and place more obligations on organisations to be accountable for their use of personal dataâ. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160317/96114523/attachment.html>
Current thread:
- ICO warning over personal data breaches Audrey McNeil (Mar 17)