Data & Privacy Update - 4 December 2014

Author:Ms Margaret Tofalides
Profession:Clyde & Co

Practice tips for new Californian Law

Companies that handle personal information about Californian residents should take measures now to ensure compliance with the amended sections of the California Civil Code relating to personal information privacy. The amendments, signed into law on 30 September, will be coming into effect on 1 January 2015. Although there is no comprehensive guidance yet on what constitutes "reasonable" security procedures and practices, businesses should analyse their current procedures to ensure they are appropriate to the nature of the information handled.

Sony Pictures attack is first of its kind in the US

Experts investigating the cyber-attack that crippled email and other systems at Sony Pictures Entertainment for much of last week, believe that the hackers used malicious software to launch a destructive cyber-attack, thought to be the first waged against a company in the US. According to an FBI report, the malware is said to override all data on the hard drives of computers, including the master boot record, preventing them from booting up and making it extremely difficult and costly to recover data. Sony Pictures have confirmed that the hackers accessed a "large amount" of confidential information, including personnel files and movies.

New criminal offence under the Data Protection Act 1998

Section 56 of the Data Protection Act 1998 (DPA) is expected to be implemented shortly, having been dormant since the DPA came into force. The implementation of this section will make it a criminal offence for employers to require staff to use their subject access rights under the DPA to obtain and then provide certain records, as a condition of employment, a practice commonly referred to as 'enforced subject access requests'.

EU regulators call for 'right to be forgotten' ruling to apply worldwide

The Article 29 Working Party (WP29), the European data protection advisory body, agreed a set of guidelines last week for the implementation of the so-called 'right to be forgotten' ruling. Google, the dominant search engine in Europe, has so far only been removing results from the European versions of its websites, such as, but not Isabelle Falque-Pierrotin, the head of the WP29, told a news conference: "From the legal and technical analysis...

To continue reading