Category: News

Posted on

CNIL guidance on data deletion and retention

In July 2020, the CNIL (DPA for France) published guidelines on data retention (Guide pratique – Les durées de conservation). https://www.cnil.fr/sites/default/files/atoms/files/guide_durees_de_conservation.pdf

These reflect early CNIL recommendations from 11-Oct-2005 on the archiving of personal data.
They aim to provide practical help to define the data retention rules and periods.
Similar to DIN-66398 (German industry standard on data retention/deletion) they don’t include guidance on specific data categories. https://din-66398.de/

However, CNIL does define data retention periods in separate dcouments (“Référentiel”). Up to now, two such Référentiels have been published for the health sector:

Posted on

New Health Apps Section on HHS.gov/HIPAA

OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.

The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including:

Posted on

CNIL Open Data initiative

https://www.cnil.fr/fr/opendata

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

  • Contact information for Data Protection Authorities around the world
  • Number of formal notices notified each year since 2014
  • Number and type of sanctions notified each year since 2014
  • Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
  • List of notifications of personal data breaches received by the CNIL
  • List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
  • Number of complaints received annually by the CNIL since 1981
  • etc.