Tuesday, October 07, 2014

Thursday, September 25, 2014

Document Management Systems (#DMS) solutions - audit

Paper documents take up space, they are difficult to store and waste time when people have to handle them. Businesses are further faced with more and more electronic communications via #email, #fax2email and social media communications, and all of this needs to be managed effectively.

There is currently a big drive to use technology to manage documents, records and information better, however not all technology solutions comply with the Protection of Information Act (#POPI) and Consumer Protection Act (#CPA) and other Records Management legislation

Before selecting a #DMS solution for your business, contact us to assist you in the evaluation of the solution and to confirm whether it, or the proposed information process adhere to POPI, CPA and other relevant Records Management legislation.

Thursday, September 18, 2014

Adobe Breach Victims Have Standing To Sue Based On Risk Of Future Harm

The U.S. District Court for the Northern District of California has ruled in In Re Adobe Systems, Inc. Privacy Litigation that customers affected by Adobe’s 2013 data breach have standing to sue based on the increased risk of future harm caused by hackers who gained unauthorized access to their personal information.  The decision is in some tension with other court rulings that have interpreted the Supreme Court’s ruling in Clapper vs. Amnesty International USA as foreclosing standing where the plaintiffs’ claims were based on the risk of future harm.  But the opinion is well reasoned, and may help plaintiffs establish standing in other breach suits.

© Copyright 2014 Steptoe & Johnson LLP. Steptoe & Johnson LLP 

Monday, August 04, 2014

Guidelines: Application development

If you are an App developer and/or owner,take note that the use of the word "free" will be, in terms of android apps (as per comments from Google), be phased out where there are app games that contain in-app purchase. We still await what Apple will do.  The Google changes will be implemented during September 2014.

Friday, June 06, 2014

European Court of Justice rules that internet browsing is not copyright infringement

The ECJ confirmed that the simple browsing of copyright material on a website will not infringe copyright and is the prior authorisation from the copyright owner not required, although reproduction takes place on the end user computer screen and in the internet cache of the computer's hard drive.
The Court ruled that on-screen and cached copies, made by an end-user in the course of viewing a website, satisfied the conditions in Article 5(1) of the Copyright Directive (2001/29/ECthat those copies must be temporary, transient or incidental in nature, and must constitute an integral and essential part of a technological process, as well as various conditions laid down in Article 5(5) of the of the Copyright Directive (2001/29/EC), and that they could therefore be made without the authorisation of the copyright holders.
Take note: browsing of copyright protected material is not the same as actually copying same and placing it somewhere else, whether for subsequent use or not.
The Court case: Public Relations Consultants Association v Newspaper Licensing Agency and others, Case C-360/13, 5 June 2014.

Monday, June 02, 2014

Google in quandary over upholding EU ruling

Google and other Internet companies find themselves in a quandary over how to strike a balance between privacy and freedom of information as the top world search engine took a first step towards upholding an EU privacy ruling.
Google moved overnight to put up an online form that will allow European citizens to request that links to obsolete information be taken down – its first response to the ruling by Europe's top court on "the right to be forgotten".
The ruling on 13 May upheld a 1995 European law ondata protection and ordered Google to remove links to a 1998 newspaper article about the repossession of a Spanish man's home.

After putting up the online form in the early hours of Friday, Google received 12 000 requests across Europe, sometimes averaging 20 per minute, by late in the day, the company said.That puts Google and other Internet companies in the position of having to interpret the court's broad criteria for information that is "inadequate, irrelevant or no longer relevant" as well as developing criteria for distinguishing public figures from private individuals.
"The court's ruling requires Google to make difficult judgements about an individual's right to be forgotten and the public's right to know," a Google spokesman said.
Digital rights campaigners say the EU authorities need to agree on a common approach to guide the search engine companies.Next week representatives from the EU's 28 data protection authorities are due to discuss the implications of the ruling at a two-day meeting.
"Companies should not be tasked with balancing fundamental rights or making decisions on the appropriateness, lawfulness, or relevance of information they did not publish," said Raegan MacDonald, European policy manager at Access, a digital rights organisation.
Brussels, 2 Jun 2014

Definitely a discussion to follow in terms of privacy vs. freedom of information.  What are your thoughts on this?

Friday, May 23, 2014

US: Protection of Personal Information

HHS Announces Record HIPAA Settlement

New York-Presbyterian Hospital (NYP) and Columbia University have agreed to pay a combined $4.8 million – the largest HIPAA settlement ever involving a single incident – to settle charges that they violated the HIPAA Privacy and Security Rules by accidentally making the electronic protected health information of their patients accessible to Internet search engines.  The Department of Health and Human Services’ Office for Civil Rights (OCR) launched its investigations after the entities – which operate a shared data network and firewall – notified it of the breach.  As part of the settlement, NYP will pay $3.3 million, and Columbia will pay $1.5 million. The entities also agreed to undertake risk analyses, develop risk management plans, revise their existing policies and procedures, and provide training on privacy and security awareness. 

(c) Steptoe & Johnson LLP

Wednesday, May 21, 2014

EU: Search engine results to be removed where they affect privacy rights

ECJ confirms right to have search engine results removed where they affect privacy rights
The ECJ has ruled on three questions concerning the interpretation of the Data Protection Directive (1995/46/EC) with regard to the data processing activities of search engine providers, their status as data controllers and the existence and scope of a right to be forgotten, in a reference from a Spanish court. The proceedings had been brought by a Spanish citizen, who had asked that Google remove from the list of search results based on his name links to two announcements in a Spanish newspaper from 1998. The announcements concerned a real-estate auction connected with attachment proceedings prompted by the applicant's social security debts. The ECJ held that a search engine provider is the data controller in respect of the locating, indexing, storing and making available of information accessible on the internet, and that the applicant has a right to rectification, erasure or blocking of that information, and a right to object to the processing of the information in certain circumstances.
The ECJ made it clear that while the search engine's commercial interests in processing the information will not, as a rule, override the data subject's rights to privacy and data protection, a balancing of the data subject's fundamental rights and the interests of other internet users in accessing that information must be carried out. The interest in the continued accessibility of personal information may override the data subject's interest in cases where the data subject plays a prominent role in public life and the accessibility of the information is in the public interest. The ECJ further clarified that the data subject's right to request removal of the relevant links may also apply if the information is true and where its original publication was lawful. This is particularly the case where the information has since become inadequate, irrelevant or excessive.

The ECJ's decision has sent shock waves not only through the online industry but also through the loose collection of groups concerned with the protection of digital rights. While the strengthening of the EU's right to apply its data protection framework to non-EU data controllers in certain circumstances is broadly welcomed (within the EU, if not in the US, where many of the largest, most popular search engines are based), the importance that the court has afforded to the data subject's right to privacy, compared to the right of individuals to access to information, has led to accusations that the decision legitimises individual reputation management, the falsification of historical records and ultimately, censorship. (Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, Case C-131/12, 13 May 2014.)
© 2014 Thomson Reuters. All rights reserved

Friday, January 24, 2014

Protection of Personal Information

Do you think behavioural data collected by third party cookies should be considered personal data, even where it is not connected to information directly identifying an individual?