Posted in Privacy

Webinar: Being pragmatic about GDPR – Three Case Studies

Anotehr consulting firm having a webinar on the EU GDPR – on 5/10/2017.


Posted in Privacy

UK Government Publishes Draft of the Data Protection Bill

Replacing the 1998 UK DPA to implement the upcoming EU GDPR, some exceptions have, nevertheless, been kept.

Some Key takeaways:

  • Liability upon directors (section 177).
  • Child’s consent (if younger than 13) in relation to information society services (section 8).
  • Sensitive personal data (Schedule 1, Part 2, sections 14 and 15) is lawfully processed if  (a) this is necessary for the purpose, (b) it is of data concerning health which relates to a data subject who is the parent, grandparent, great-grandparent or sibling of an insured person, among the other.
  • Transfers of personal data to third countries, etc. (section 17) is managed by the secretary of state.
  • Access rights, with some exceptions : (a) information is covered by legal professional privilege; (b) information used for management planning by the employer; (c) information about the employer’s intentions during negotiations with the employee; and (d) confidential references given (but not those received) by the employer. The Bill also creates a number of new offences, e.g., the offence of altering, destroying or concealing information to be provided to an individual through a subject access request.
  • Data portability.


Posted in Arbitration Law, Consumer Law, Litigation, Privacy

Equifax Is Bashed for Forcing Arbitration on Consumers After Data Breach

Add insult to data breach.

123m clients of Equifax have lost their perosnal data, but luckily the company allows them to check whether their data has gone stolen.

Just check the box to agree on T&Cs that you would only sue them in arbitration and lose your rights to a class action.
The immediate correction allowed ocnsumer to opt out within 30 days from the agreement to the T&Cs.

All of this happened right before the 18th Sep, date by which the CFPB will enforce a law banning class action right waiver for consumers.


Posted in Privacy

Don’t Let Data Walk Out the Front Door: 7 Security Measures for Preventing Data Loss When Employees Leave

Empoyees walking away are actually on of the first reasons for data leakage.

In the first place, access to such data should be carefully limited.

Then data-retention policies could also do.

Also, what about beefing up confidentiality agreements with employees?


  • stressing importance of not leaking such data, during exit interviews,
  • audit/track employees’ changes, to forecome potential issues.