Global Data & Privacy Update - 26 March 2015

Author:Ms Margaret Tofalides
Profession:Clyde & Co

ECJ hears Facebook privacy case

The European Court of Justice (ECJ) began the hearing this Tuesday of a complaint that US technology companies such as Facebook and Google, are in breach of European Union (EU) law. The case began in Ireland last year with a complaint by law student Schrems that Facebook was in breach of EU law by providing US intelligence services with the data of its EU users. It was brought on the grounds that "mass and undifferentiated" access to EU users' personal data under the Safe Harbour rules are a violation of EU law and may result in the end of Safe Harbor approvals.

US Cybersecurity bill introduces preventative measures

This week, a bill was introduced in the US which will see technology companies encouraged to share information about hacking threats with government agencies, if it becomes law. The "Protecting Cyber Networks Act" will encourage businesses to disclose information about hacks to civilian organisations for the prevention of future attacks. It is part of a programme of reform necessitated by the hacks on Sony Corporation and other major US corporations.

Report finds UK companies unprepared for data breaches

The Experian whitepaper issued this week has revealed that a high proportion of UK businesses are ill-prepared to deal with data breaches. One in five had experienced a data breach in the last two years and four in ten British adults have been affected by a data breach. The whitepaper highlights that many UK companies are lacking data breach response plans, reporting procedures, security assessments and cyber insurance and gives recommendations for rectifying this.

UK ICO takes action against pension texts

The Information Commissioner's Office (ICO) has taken enforcement action against Help Direct UK, a financial services call centre, for sending spam SMS messages about pension reviews and debt management. 187,960 messages were sent by the company over a nine month period, resulting in 659 complaints to the ICO. The action comes ahead of the 6 April 2015 change in law to remove the requirement that unsolicited messages must cause "substantial damage or substantial distress", which is expected to result in more enforcement action by the ICO.


To continue reading