The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

ICO gives Interserve £4.4 million for failure to secure employee data

I’ve talked about employee data before in this newsletter. With data privacy, the go to approach is often to focus on customer data.

But employee data is just as important, and it’s often overlooked. Whether this is due to it sitting in a system that regularly goes unaudited, or DPOs are unaware of it’s existence.

Well the ICO has hit Interserve with a £4.4m fine following an investigation into an attack on their systems.

The attack affected over 100k of the company’s employees, a not insignificant amount.

The truth is that it seems from the report that Interserve was using an outdated system with less up-to-date protocols. This was combined with ineffective endpoint security and a severe lack of training on phishing.

So for any DPOs out there with a large internal workforce, there’s your checklist of where to focus, if you haven’t already.

The full report can be found here.

Biden signs an executive order for EU-US data privacy framework

It seems that we’re moving closer to a new replacement for Privacy Shield.

On October 7, 2022, President Biden signed an Executive Order (Order) on Enhancing Safeguards for United States Signals Intelligence Activities

The framework is meant to protect transatlantic data transfers after the Screms II ruling which declared privacy shield unfit for purpose.

The executive order means that the US is committed to upholding the data protections that EU personal data receives within the EU.

Some commitments in the order:

• A new redress mechanism

• Internal procedural requirements for the handling of personal data.

• Safeguards around US intelligence activity

• An update to the privacy principles

Both the UK and the Eu will now choose whether to approve the framework.

Other data privacy news

TikTok tells European users its staff in China get access to their data

The 2022 Midterm Elections Are Putting Data Privacy at Risk

Bed, Bath & Beyond confirms data breach following employee phishing attack

A data privacy primer with Google – everything you need to know

Post of the week

DPO Daily @theDPOdaily

If I had to write the DPO ten commandments, the first thing I would do (of course) would be to change it to the DPO ten suggestions, but top of the list would be “You should always be able to explain why you’re saying what you’re saying.”

8:53 AM ∙ Nov 4, 2022

---

13Likes2Retweets