Posts

ICO issues additional guidance on Privacy and Electronic Communications Regulations (PECR)

By Privacy Counsel What is PECR?  In February of this year, the Information Commissioner’s Office (ICO), or UK’s Data Protection Regulator, published additional guidance on the Privacy and Electronic Communications Regulations (PECR) , initially passed in 2003, on applying PECR to the DPA. How does PECR apply? There is frequently a lot of discussion around the e-Privacy Directive ( Directive 2009/136/EC ) and very little surrounding the UK. Although the UK is no longer part of the EU, it has adopted a GDPR national privacy law, The Data Protection Act (DPA). PECR applies in the context of UK residents specifically. The e-Privacy Directive applies to GDPR and EU residents. The chart below provides the similarities and distinctions between the two.    Differences from the E-Privacy Regulation PECR E-Privacy Directive Scope PECR applies to the transmission of unsolicited electronic messages to individuals in the UK. ePD applies to the processing of personal data and securit...

Meta (Facebook) is facing major data transfer hurdles

  By Victorianne Musonza, Privacy Counsel Meta was recently fined 400 Million Euros by the Irish Data Protection Commission for privacy violations, mainly because they failed to adhere to GDPR processing restrictions on personal data. According to Politico , Helen Dixon of the Irish DPC also seeks to prevent Meta from using standard contractual clauses (SCC) to facilitate personal data transfers from the EU to the US. Read more about this here .

CALIFORNIA’S CONSUMER PRIVACY ACT BEING HAILED THE AMERICAN VERSION OF THE GDPR, BUT IS THAT ACCURATE?

Written by Victorianne C. Musonza, Esq, CISA, CAMS, CIPP, CIPM, FIP I.         INTRODUCTION By the close of 2018, all fifty U.S. states had data breach notification laws [1] on the books. California was the first to pass a data breach notification law in 2003; [2] New York was not that far behind passing a data breach notification law [3] that was signed into law in August 10, 2005. New York has always had a more proactive approach to privacy with several privacy statutes that include information security, [4] employee privacy, [5] wiretapping, [6] ease dropping, [7] and confidentiality related to HIV related records. [8] Additionally, last year the New York legislature passed a cyber security law that imposes additional requirements on businesses that are regulated the Department of financial services. In additional to federal statutes, New York businesses who do business in certain parts of Europe [9] or in Calif...