Link to announcement:
https://www.baden-wuerttemberg.datenschutz.de/fragenkatalog-kommunen/
Direct link to the questionnaire:
https://www.baden-wuerttemberg.datenschutz.de/wp-content/uploads/2019/06/LfDI-BW-Umfrage-Gemeinden-Fragebogen.pdf
German: Ist der Verlust eines privaten Handys oder Laptops meldepflichtig oder greift das Haushaltsprivileg nach Art. 2 Abs. 2 lit. c DSGVO?
Can the loss of a private mobile or laptop require a data breach notification, or does the household exemption prevail? – No household exemption, if any processing for non-household use. (No surprise really.)
Blog article https://www.datenschutz-notizen.de/ist-der-verlust-eines-privaten-handys-oder-laptops-meldepflichtig-oder-greift-das-haushaltsprivileg-nach-art-2-abs-2-lit-c-dsgvo-3622783/
Dutch DPA reports data breach – to itself.
ICO: Data security incident trends
Please note that the earlier reports, provide the most interesting backgrounds, e.g. in 2017 (via the “previous reports” link) https://ico.org.uk/media/action-weve-taken/reports/2014675/data-security-trends-pdf.pdf
Latest:
https://ico.org.uk/action-weve-taken/data-security-incident-trends/
Big Data Analytics for central banks
The use of big data analytics and artificial intelligence in central banking.
Proceedings of the IFC – Bank Indonesia International Workshop and Seminar on Big Data in Bali, 23-26 July 2018.
https://www.bis.org/ifc/publ/ifcb50.htm
(Germany, GDPR opinions): Übersicht behördlicher Stellungnahmen zur DSGVO
Summary paper by Taylor Wessing (51 pages), which keeps getting updated.
https://deutschland.taylorwessing.com/documents/get/1859/ubersicht-behordlicher-stellungnahmen-zur-dsgvo.pdf
CNIL fines SERGIC 400,000 EUR (web site vulnerability)
Very interesting case, that needs some closer analysis.
The fine is about 0.9% of SERGIC’s annual turnover in 2017.
During the on-line audit of September 7, 2018, CNIL agents retrieved files accessible from URLs composed as follows:
https: //www.crm.sergic .com / documents / upload / eresa / X.pdf
– where by changing X you could access another persons’s file.
SERGIC tries to argue that they shouldn’t have done that, etc.. – to no avail. CNIL observes that exploiting vulnerability does not require any particular technical expertise in computer science. CNIL also consider that the use of a script does not require any advanced skills to exploit this vulnerability.
(Should be good week-end reading.)
https://www.legifrance.gouv.fr/affichCnil.do?id=CNILTEXT000038552658
LabCorp data breach exposes information of 7.7 million consumers
via breach at a 3rd party (AMCA), which also affected Quest.
Blog article on processing personal data from cars – and product monitoring needs
https://www.linkedin.com/pulse/data-protection-automotive-sector-product-monitoring-according-piltz/
Interesting article based on a passage in the annual report of the LfDI BW on processing of personal data from cars by automotive manufacturers – incl. statements on product monitoring obligations..