Life with GDPR - ICO Gets Serious About Subject Access Requests
SARS and Liability Issues under GDPR
The UK ICO has provided guidance for employers on responding to employee subject access requests. Although much of the content reflects existing guidance, it deals specifically with issues such as requests made in the context...more
Welcome to your weekly update from the Allen & Overy Pensions team, covering all the latest legal and regulatory developments in the world of workplace pensions....more
Join Mary Mack ,CEO and Chief Legal Technologist, EDRM, Tom Gricks, Lead Strategy Consultant, OpenText, and Tracy Drynan, Principal Consultant, OpenText, for an interactive discussion. Bring us your most challenging use...more
How do GDPR, data privacy, and data protection impact your business? In this podcast, Data Privacy/Data Security expert Jonathan Armstrong, co-founder of Cordery Compliance, and I use the framework of GDPR to discuss a wide...more
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P - On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
The Advocate General argues that organisations should provide individuals with information on the specific recipients of their personal data. Advocate General Giovanni Pitruzzella (AG) of the Court of Justice of the...more
In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the increase in subject access requests (SARs) and other liability issues under...more
Tell me more – ICO publishes detailed subject access guidance - The ICO has published detailed guidance for handling subject access requests. This is relevant to employers responding to subject access requests from...more
The Information Commissioner’s Office (ICO), the UK’s data protection authority, has recently published updated guidance on an individual’s right to access their personal data. This OnPoint considers the key issues arising...more
The EU’s General Data Protection Regulation (“GDPR”) contains the much-publicised right of subject access, which gives an individual the right to access a copy of all the personal data a controller holds in relation to him or...more
No. Much like the GDPR, the CCPA gives consumers certain rights over their data. In particular, California residents have the right to request access to their personal information, the right to request the deletion of...more
Although technically part of the People’s Republic of China (“PRC”) since July 1, 1997, Hong Kong has had special status recognition from the US government. This has meant it is treated more favorably for certain immigration...more
On July 14, 2020, the Trump Administration issued an executive order ending differential treatment for Hong Kong under U.S. law. The order, effective immediately, directs government agencies to amend regulations within 15...more
Yes. Pharmaceutical companies within the Fortune 500 are universally notifying Californians of their right to request access to, or the deletion of, their personal information....more
Modern businesses are caught in a perfect storm. Data privacy laws are proliferating at the state, federal, and international levels, requiring companies to know where they are storing personally identifiable information...more
No. When a business receives a request from a consumer to access the personal information that the business has “collected,” it must decide whether to grant the request or to deny it based upon one of the exceptions to...more
The Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, has recently issued guidance outlining its approach to the enforcement of data protection obligations during the COVID-19 pandemic....more
No. While some businesses decide to create a written policy or procedure for handling access requests, other businesses decide that such a policy is unneeded....more
The CCPA requires that a business “deliver” the information that is required to be produced under the Act within “45 days of receiving a verifiable consumer request.” The 45 day time period can be extended by an additional 45...more
The CCPA requires a business to respond to an access request by disclosing all information that it has “collected” about a consumer in the previous 12 months. Unlike the CCPA’s treatment of a business’s obligation to delete...more
Our first update of 2020 outlines key UK employment law developments over the last month. It includes cases on the definition of ‘employee’ under TUPE, the impact of a job evaluation survey in relation to equal pay, direct...more
The California Attorney General recently published a report assessing CCPA compliance costs. The report attempts to quantify the monetary value of consumers’ personal data, and estimates the total value of personal data...more
As the issues surrounding data protection become increasingly complex, in recent years the advisory guidelines (Guidelines) issued by the Personal Data Protection Commission of Singapore (PDPC) have been invaluable in guiding...more
In the run-up to January 1, 2020, the California legislature and Attorney General are rushing to provide clarity to the California Consumer Privacy Act of 2018 (CCPA) - and businesses are rushing to interpret and implement...more
No. The CCPA contains four references to the obligation of a business to, in response to an access request, provide the “specific pieces of personal information” that it has collected about a California resident. Each of...more