- UK’s National Cyber Security Centre has announced a change to its Cyber Incident Response Scheme by adding an additional level. This means that more organisations will be able to receive incident response services, including organisations from the private sector.
- The Cyber Incident Response Scheme supports organisation when they have become victims of cyber-attacks by ensuring that those organisations engage providers that they can trust (those providers are called Assured Service Providers). Those providers help to recover organisations from cyber incidents and deliver a full investigation of the incident and provide recommendations as to how to prevent it from happening again in the future.
- A woman from Texas was awarded USD1.2 billion in damages in a ‘revenge porn’ lawsuit against an ex-boyfriend who shared images with explicit content of her with family, friends and co-workers without her consent with the intent of damaging her reputation.
- Furthermore, the shared content included other identifiable personal data such as her name and address.
- The Federal Trade Commission is looking to charge Experian, a credit company, USD650,000 for spamming individuals who have set up an account with them with marketing emails without offering them a way to opt-out.
- Offering a way to opt-out of unsolicited marketing emails is a requirement under the CAN-SPAM Act.
- The complaint was filed by US Department of Justice.
- Czech Republic’s DPA is currently assessing the use of facial recognition technology by local police and has requested information from them including information of the specific tech which was used on a trial basis for nearly a year.
- IAPP has published an article about the new Swiss Federal Act on Data Protection (FADP) which comes into force on the 1st of September 2023.
- The Act was passed in parliament in 2020 and aims at revising the original federal law on data protection which came into force in 1992.
- With this revision, the ‘Swiss data protection regime will be brought into greater alignment with the GDPR’, but there are still notable differences. A helpful overview is provided in the IAPP’s article.
- The FADP might be of note because with this revision, an expanded territorial scope is introduced. The FADP will apply to circumstances that have an effect in Switzerland, even if the actual activity was initiated outside of Switzerland. ‘In practice, like the GDPR, organisations targeting goods and services to Swiss individuals or monitoring their behavior will now have to comply with’ the revised Act.
- Singapore’s Personal Data Protection Commission has issued a formal waring to a registered salesperson for not obtaining ‘clear and unambiguous consent’ from individuals and not checking the ‘Do Not Call Registry’ before making their sales calls.
- A ‘Do Not Call Register’ allows people in certain countries to indicate that they do not wish to be contacted by telemarketers (https://en.wikipedia.org/wiki/Do_not_call_list). Singapore has such a registry. So does the UK, it is called ‘Telephone Preference Service (TPS)’, which allows UK residents to opt out of unsolicited marketing calls (https://www.tpsonline.org.uk/).
- Australia’s eSafety Commissioner published their ‘Tech Trends Position Statement – Generative AI’ guidance document. The paper gives an overview on the existing landscape, discusses the risks, harms and opportunities surrounding generative AI, highlights emerging good practice and safety by design measures and concludes with advice for users.
- India’s Digital Personal Data Protection Act was published in the official gazette after being approved by the President last Friday.
- The Act has received some positive feedback of a couple of data protection authorities around the world, such as the DPA of Norway and South Africa, going so far as to say that the legislation offers ‘invaluable lessons on how safeguards can be applied’. See https://economictimes.indiatimes.com/tech/technology/governments-abroad-look-to-model-on-indias-landmark-data-law/articleshow/102752176.cms.