Latest Posts
Search for:
Author

Theo Ling

Browsing
In Data Privacy

Canada’s Privacy Commissioner clamps down on spam and the automated harvesting of electronic addresses

by 3 Mins Read

Another anti-spam enforcement action recently took place in Canada, this time led by Canada’s federal privacy regulator, the Office of the Privacy Commissioner (OPC). This enforcement action is the first time the OPC has publicly found an organization to have violated the general restriction under Canada’s federal privacy law against the non-consensual collection of electronic addresses via computer programs or the use of such addresses—a restriction that was introduced into law when Canada’s anti-spam law…

In EU GDPR

EU Model Clauses in Jeopardy

by 4 Mins Read

On 25 May 2016, the Irish Data Protection Commissioner (“IDPC”) announced that it would be seeking a judgment from the Court of Justice of the European Union (“CJEU”) on the legal status of the EU Standard Contractual Model Clauses (“EU Model Clauses”) for cross-border data transfers. This development further increases the uncertainty around permissible means of transferring personal data from the EU to the US. Last year, the CJEU declared the EU-US Safe Harbour Framework “inadequate”…

In Data Privacy

Key Rules For Handling Biometric Data Post-Collection In A Privacy-Compliant Way

by 3 Mins Read

Having considered in detail the rules for collecting biometric data in our last post, in this post we will cover the key rules for handling biometric data post-collection.1. Establish Strong Access And Use ControlsGiven the sensitivity of biometric data, strong access controls should be put in place and access to biometric data should be allowed only on a need-to-know basis. Further, the use of biometric data should be strictly controlled and limited to what is…

In Data Privacy

National Regulator Accountability Guidance (Part 2) – The Australian And French Accountability Guides

by 4 Mins Read

The Australian and French privacy regulators have also respectively issued guidance on getting accountability right but take a slightly different approach compared to the Canadian, Hong Kong and Colombian regulators in that they do not expressly refer to, or promote the implementation of, privacy management programs.The French ApproachThe French data protection authority was the first European privacy regulator to release a standard outlining what accountability means in practice. The French Standard, released in January 2015,…

In Data Privacy

Canadian Regulator Flexes Muscles With First Warrant Under Canada’s Anti-Spam Law

by 2 Mins Read

The Canadian Radio-television and Telecommunications Commission (CRTC), one of the regulators responsible for enforcing Canada’s anti-spam law (CASL), served its first warrant under CASL on December 3, 2015. The warrant was served to take down a botnet command-and-control server located in Toronto, Ontario. Along with other recent enforcement actions that resulted in large payments being made under CASL, this warrant further affirms how the CRTC is taking the enforcement of the legislation seriously.Taking Down DorkbotThe…

In Information Governance

Big Government Meets Big Data – A Trend?

by 3 Mins Read

As concerns about privacy and data breaches increase – the allure of big data remains untarnished. For those of you who may be unfamiliar with that term, big data refers to the practice of amassing as much data about a subject as possible and then mining that data for usable information. Many of our favourite online services regularly collect as much data as they can about us, and then scour this data for clues to…

In EU GDPR

Ready Or Not, Here It Comes – A GDPR Game Plan

by 6 Mins Read

While the GDPR may appear extremely prescriptive in comparison to the current Data Protection Directive (95/46/EC), the objective does not deviate far from the current Directive – assuring individuals’ fundamental right of personal data protection.Multinational companies should focus on devising a systematic approach that fosters a culture of accountability, privacy by design and by default (PbD), to meet the rapidly changing technological challenges, such as Big Data and Internet of Things, while remaining compliant with…

In Data Privacy

Four key rules for collecting biometric data in a privacy-compliant way

by 6 Mins Read

In this post, we provide you with four key rules for collecting biometric data to ensure the collection is privacy-compliant. While extracted from the recent Guidance on Collection and Use of Biometric Data issued by the Hong Kong Privacy Commissioner and from a 2011 Guidance issued by the Canadian Privacy Commissioner, these rules are of global relevance.This is the third article of our 3-part contribution on biometric data. Please click here to access part 1,…

In Information Governance

iG360: The Future Way Forward for Information Governance

by 2 Mins Read

We live in a world where the amount of data is growing exponentially, and the technology around data is evolving at lighting speed. Legislators around the world recognize the critical nature of protecting information, whether it be personal or business, and increasingly, they turn to regulating as the immediate solution. The Future of ComplianceThe Financial Times (FT) recently recognized Baker & McKenzie’s iG360 platform as a “standout” innovative solution in the compliance and technology category in…

In Data Privacy

Privacy Accountability: National Regulators’ Accountability Guidance (Part 1)

by 6 Mins Read

Privacy regulators around the world are increasingly embracing the notion of accountability as a vehicle to drive privacy compliance within organisations. So far, the privacy regulators in Canada, Hong Kong, France, Australia and Colombia have issued “Accountability Guides” or “Privacy Governance Frameworks” intended to assist private sector (and in some instances, also public sector) organisations setting up appropriate processes and procedures to ensure privacy compliance. Those documents have a lot in common and provide helpful…

Load More