Below are snapshots of recent global updates courtesy of Nymity Research.
Anonymisation: NIST Recommends Sophisticated Testing to Catch Differential Privacy Bugs
Privacy bugs can happen when either too little or too much noise is added to a dataset (resulting in too little achieved privacy or too much degradation of the result’s accuracy); sophisticated test cases should have an example input to test the program and an example output that is expected to function to compute on that input. Read more here.
Adequacy: EU Commission Adopts SCCs for Transfers to Third Countries
The SCCs have been brought more into line with the GDPR, and clarify considerations when assessing the impact of third country laws and practices on compliance (e.g., categories and format of the transferred personal data) and the territorial scope of supervision by a competent authority where the exporter is not established in the EU (i.e., the Member State of the representative, or of the data subject where there is no representative); a transition period of 18 months is provided for controllers and processors currently using previous sets of SCCs. Read more here.
Legislation: California Proposes Expanded Breach Notification Requirements
If passed, the definition of personal information that, if breached, would require notification by public agencies and private entities would include genetic data (i.e. data from analysis of individuals’ biological samples or other equivalent source, that concerns genetic material). Read more here.
Legislation: Ecuador Enacts Omnibus Data Protection Law
Effective May 26, 2021, controllers must appoint a DPO (for regular systematic monitoring, or large-scale processing of sensitive data), complete PIAs for high risk processing, demonstrate accountability and data protection by design, comply with processing principles (legitimacy, purpose specificity, accuracy, transparency, security), fulfill data owner requests (access, portability, rectification, erasure, objection), and notify the DPA and affected individuals of breaches; companies will have two years to adapt processing operations for compliance. Read more here.
Stay informed with daily comprehensive regulatory updates using Nymity Research. Minimize the need for time consuming searches for accurate analysis with easy to understand alerts on the latest privacy laws. Start a free trial today.