#Data Protection Act | Explore Tumblr posts and blogs

dpdp-act · 1 year ago

Text

India's DPDPA What you need to know

Introduction Provide a compelling introduction of the topic in this section. Explain that India's Data Protection Bill (DPDPA), a key piece of legislation, addresses privacy and security issues. In the digital age, personal data is shared and processed constantly.

Background to DPDPA: Dig deeper into the history of DPDPA. Discussion of the history of India's data protection laws, including any gaps or previous attempts that led to a comprehensive law. Explain why the proliferation of technologies and the rise in data-driven business necessitated the legislation.

DPDPA Key Provisions: The section should include a detailed breakdown of all the DPDPA's essential components. Each provision should be discussed in detail.

Data processing principles: Explain principles that guide lawful processing of data, such as transparency, purpose limitation and data minimization.

Discussion of the rights of data subjects: Discuss such rights as the right for individuals to access and correct inaccurate data or the right to be wiped out.

Data breach notification obligations: Explain the obligations for organizations to promptly and transparently report data breaches.

Explain the DPDPA's rules on international data transfers.

Data protection officers (DPOs). Discuss their role in ensuring that the DPDPA is adhered to and the required qualifications for this position.

Impact of the DPDPA on Business: Give a detailed analysis of the DPDPA's impact on businesses in India. Distinguish the burden of compliance, possible financial consequences, and changes in operations required. Discuss how organizations can adjust their data handling practices in order to comply with the DPDPA, and avoid penalties.

Comparison to GDPR: The purpose of this section is to provide a detailed comparison between the DPDPA (Data Protection Act) and the General Data Protection Regulations (GDPR) in the European Union. Compare the similarities and differences between the DPDPA and GDPR, including the rights and principles of the data subject, as well as the jurisdiction and enforcement. Talk about how companies operating in India and Europe need to navigate the dual regulatory frameworks.

Challenges & Concerns: Examine the challenges and concerns relating to the DPDPA. Discussions can include issues like compliance complexity, localization of data requirements, and possible conflicts with other laws or regulations. Use real-world case studies or examples to illustrate the challenges.

The Data Protection Authority's Role: Describe the Data Protection Authority of India and its functions. Describe the role of this authority in enforcing DPDPA. This includes investigating data breaches, performing audits and issuing sanctions. Distinguish the possible impact of the DPAI in India on data protection.

The Road ahead: A look at the future of Indian data protection. Discuss the expected developments such as updates to DPDPA and evolving technologies in data privacy. Analyze how the DPDPA could impact India's digital industry, innovation and international data trade agreements.

Conclusion Reiterate the main points of the article, and emphasize the importance for individuals, organizations, and businesses in India to understand and comply with the DPDPA. Encourage the readers to keep up to date with data protection issues and to adapt proactively to an ever-changing landscape.

#dpdpa #digital data protection #data protection act #personal data protection act #digital personal data protection act

0 notes

aiolegalservices · 1 year ago

Text

Streamlining Business Compliance: AIO Legal Services for AML, GDPR, and Intellectual Property Rights

In today’s fast-paced and ever-changing business landscape, regulatory compliance has become an indispensable aspect for companies operating in the UK. Failure to adhere to Anti-Money Laundering (AML) regulations, General Data Protection Regulation (GDPR) requirements, and Intellectual Property Rights (IPR) laws can lead to severe consequences, including financial penalties, reputational…

View On WordPress

0 notes

guardiantech12 · 1 year ago

Text

How to Ensure Data Protection Compliance in Ghana

Data Protection

Data protection refers to the rules and practices put in place to guard against abuse, unauthorized access, and disclosure of sensitive personal information. Securing the data is crucial in today's increasingly digital and interconnected world, where enormous amounts of data are collected and shared, to safeguard individual privacy and win over customers, clients, and other stakeholders.

The basic goal of data protection is to make sure that data is handled, gathered, and stored securely and legally. To prevent cyberattacks, data breaches, and the unauthorized use of information, numerous organizational, technological, and legal procedures must be put in place.

Ghana's Data Protection Act: To regulate the processing of personal data, the Data Protection Act was passed in 2012. Additionally, it created the National Data Protection Commission (NDPC) to oversee the observance of data protection rules.

The scope and applicability of the Act: The Act applies to all processors and data controllers operating in Ghana, regardless of their size or industry.

Penalties for non-compliance: Serious infractions of The Data Protection Act may result in jail time, fines, or other sanctions.

The Fundamental Ideas in Data Protection:

A person's express agreement was obtained before any personal information was gathered, and the data was only used for the purposes for which it was collected.

Data minimization and precision: Keeping only the information that is necessary while making sure it is up to date and accurate.

Information Security and Storage Limitations: Limiting the amount of time that data is retained and putting robust security measures in place to prevent unauthorized access, disclosure, or loss of information.

Personal Rights and Access: Upholding individuals' privacy rights to request access to, correction of, and erasure of their data.

Assuring Data Protection Compliance: Appointing an Officer for Data Protection: Appointing a Data Protection Officer (DPO) who will be responsible for overseeing data protection practices and ensuring compliance throughout the organization.

Implementing Data Protection Impact Assessments: Conduct assessments regularly to identify and resolve any potential threats to and vulnerabilities in data security.

The implementation of security measures: Encryption, access control, and firewalls are all security measures that are put in place to safeguard data from hacker assaults and other security lapses.

Training for employees on data protection: Educating staff members on the fundamentals of data protection policies, practices, and standards to promote a conformist culture.

Reacting to and informing about a data breach:

Planning the Response to a Data Breach: Create a thorough plan to respond to data breaches quickly and successfully.

Notifying the appropriate parties and those affected: To reduce the risk in the event of a breach, contact the NDPC and those who were impacted.

Future Data Breach Mitigation: It is possible to enhance data security and prevent future security breaches by using the lessons learned from past instances.

Data Transfer and Cross-Border Compliance:

When transferring data outside of Ghana, be sure the recipient has given their approval and that the data is being transferred securely.

Putting in place mechanisms like Standard Contractual Clauses (SCCs) to protect data when it is transferred across borders will provide secure adequate safeguards.

Building customer trust is key to data protection, business prosperity, and profitability: Loyalty and Trust: Demonstrating a dedication to data security to win clients' trust and loyalty.

To avoid legal consequences: Respecting the rules on data protection will help you avoid costly legal penalties and reputational damage.

Reputation management: Keeping your business's reputation intact by safeguarding consumer data and responding to data breaches.

Conclusion:

To establish a more secure digital environment and safeguard the fundamental right to privacy for all Ghanaians, data protection in Ghana is a continuing journey that necessitates cooperation between the government, corporations, and people. Ghana may establish itself as a responsible and reliable member of the global digital economy by remaining watchful and aggressive in addressing data privacy issues.

#data protection in Ghana #data protection ghana #data privacy laws #personal data security #data protection act

0 notes

uniquexblogs · 2 years ago

Text

#Data Protection Act #Privacy Online #Online Privacy #Personal Data Protection #Data Breaches #Privacy Rights #Online Security #Protecting Personal Information #Secure Browsing #Encryption #VPN #HTTPS #Strong Passwords #Two-Factor Authentication #Privacy Settings #Safe Online Communication

1 note · View note

mostlysignssomeportents · 2 months ago

Text

Shifting $677m from the banks to the people, every year, forever

I'll be in TUCSON, AZ from November 8-10: I'm the GUEST OF HONOR at the TUSCON SCIENCE FICTION CONVENTION.

"Switching costs" are one of the great underappreciated evils in our world: the more it costs you to change from one product or service to another, the worse the vendor, provider, or service you're using today can treat you without risking your business.

Businesses set out to keep switching costs as high as possible. Literally. Mark Zuckerberg's capos send him memos chortling about how Facebook's new photos feature will punish anyone who leaves for a rival service with the loss of all their family photos – meaning Zuck can torment those users for profit and they'll still stick around so long as the abuse is less bad than the loss of all their cherished memories:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

It's often hard to quantify switching costs. We can tell when they're high, say, if your landlord ties your internet service to your lease (splitting the profits with a shitty ISP that overcharges and underdelivers), the switching cost of getting a new internet provider is the cost of moving house. We can tell when they're low, too: you can switch from one podcatcher program to another just by exporting your list of subscriptions from the old one and importing it into the new one:

https://pluralistic.net/2024/10/16/keep-it-really-simple-stupid/#read-receipts-are-you-kidding-me-seriously-fuck-that-noise

But sometimes, economists can get a rough idea of the dollar value of high switching costs. For example, a group of economists working for the Consumer Finance Protection Bureau calculated that the hassle of changing banks is costing Americans at least $677m per year (see page 526):

https://files.consumerfinance.gov/f/documents/cfpb_personal-financial-data-rights-final-rule_2024-10.pdf

The CFPB economists used a very conservative methodology, so the number is likely higher, but let's stick with that figure for now. The switching costs of changing banks – determining which bank has the best deal for you, then transfering over your account histories, cards, payees, and automated bill payments – are costing everyday Americans more than half a billion dollars, every year.

Now, the CFPB wasn't gathering this data just to make you mad. They wanted to do something about all this money – to find a way to lower switching costs, and, in so doing, transfer all that money from bank shareholders and executives to the American public.

And that's just what they did. A newly finalized Personal Financial Data Rights rule will allow you to authorize third parties – other banks, comparison shopping sites, brokers, anyone who offers you a better deal, or help you find one – to request your account data from your bank. Your bank will be required to provide that data.

I loved this rule when they first proposed it:

https://pluralistic.net/2024/06/10/getting-things-done/#deliverism

And I like the final rule even better. They've really nailed this one, even down to the fine-grained details where interop wonks like me get very deep into the weeds. For example, a thorny problem with interop rules like this one is "who gets to decide how the interoperability works?" Where will the data-formats come from? How will we know they're fit for purpose?

This is a super-hard problem. If we put the monopolies whose power we're trying to undermine in charge of this, they can easily cheat by delivering data in uselessly obfuscated formats. For example, when I used California's privacy law to force Mailchimp to provide list of all the mailing lists I've been signed up for without my permission, they sent me thousands of folders containing more than 5,900 spreadsheets listing their internal serial numbers for the lists I'm on, with no way to find out what these lists are called or how to get off of them:

https://pluralistic.net/2024/07/22/degoogled/#kafka-as-a-service

So if we're not going to let the companies decide on data formats, who should be in charge of this? One possibility is to require the use of a standard, but again, which standard? We can ask a standards body to make a new standard, which they're often very good at, but not when the stakes are high like this. Standards bodies are very weak institutions that large companies are very good at capturing:

https://pluralistic.net/2023/04/30/weak-institutions/

Here's how the CFPB solved this: they listed out the characteristics of a good standards body, listed out the data types that the standard would have to encompass, and then told banks that so long as they used a standard from a good standards body that covered all the data-types, they'd be in the clear.

Once the rule is in effect, you'll be able to go to a comparison shopping site and authorize it to go to your bank for your transaction history, and then tell you which bank – out of all the banks in America – will pay you the most for your deposits and charge you the least for your debts. Then, after you open a new account, you can authorize the new bank to go back to your old bank and get all your data: payees, scheduled payments, payment history, all of it. Switching banks will be as easy as switching mobile phone carriers – just a few clicks and a few minutes' work to get your old number working on a phone with a new provider.

This will save Americans at least $677 million, every year. Which is to say, it will cost the banks at least $670 million every year.

Naturally, America's largest banks are suing to block the rule:

https://www.americanbanker.com/news/cfpbs-open-banking-rule-faces-suit-from-bank-policy-institute

Of course, the banks claim that they're only suing to protect you, and the $677m annual transfer from their investors to the public has nothing to do with it. The banks claim to be worried about bank-fraud, which is a real thing that we should be worried about. They say that an interoperability rule could make it easier for scammers to get at your data and even transfer your account to a sleazy fly-by-night operation without your consent. This is also true!

It is obviously true that a bad interop rule would be bad. But it doesn't follow that every interop rule is bad, or that it's impossible to make a good one. The CFPB has made a very good one.

For starters, you can't just authorize anyone to get your data. Eligible third parties have to meet stringent criteria and vetting. These third parties are only allowed to ask for the narrowest slice of your data needed to perform the task you've set for them. They aren't allowed to use that data for anything else, and as soon as they've finished, they must delete your data. You can also revoke their access to your data at any time, for any reason, with one click – none of this "call a customer service rep and wait on hold" nonsense.

What's more, if your bank has any doubts about a request for your data, they are empowered to (temporarily) refuse to provide it, until they confirm with you that everything is on the up-and-up.

I wrote about the lawsuit this week for @[email protected]'s Deeplinks blog:

https://www.eff.org/deeplinks/2024/10/no-matter-what-bank-says-its-your-money-your-data-and-your-choice

In that article, I point out the tedious, obvious ruses of securitywashing and privacywashing, where a company insists that its most abusive, exploitative, invasive conduct can't be challenged because that would expose their customers to security and privacy risks. This is such bullshit.

It's bullshit when printer companies say they can't let you use third party ink – for your own good:

https://arstechnica.com/gadgets/2024/01/hp-ceo-blocking-third-party-ink-from-printers-fights-viruses/

It's bullshit when car companies say they can't let you use third party mechanics – for your own good:

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

It's bullshit when Apple says they can't let you use third party app stores – for your own good:

https://www.eff.org/document/letter-bruce-schneier-senate-judiciary-regarding-app-store-security

It's bullshit when Facebook says you can't independently monitor the paid disinformation in your feed – for your own good:

https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck

And it's bullshit when the banks say you can't change to a bank that charges you less, and pays you more – for your own good.

CFPB boss Rohit Chopra is part of a cohort of Biden enforcers who've hit upon a devastatingly effective tactic for fighting corporate power: they read the law and found out what they're allowed to do, and then did it:

https://pluralistic.net/2023/10/23/getting-stuff-done/#praxis

The CFPB was created in 2010 with the passage of the Consumer Financial Protection Act, which specifically empowers the CFPB to make this kind of data-sharing rule. Back when the CFPA was in Congress, the banks howled about this rule, whining that they were being forced to share their data with their competitors.

But your account data isn't your bank's data. It's your data. And the CFPB is gonna let you have it, and they're gonna save you and your fellow Americans at least $677m/year – forever.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/11/01/bankshot/#personal-financial-data-rights

466 notes · View notes

commiepinkofag · 11 months ago

Text

profits over people — the corporate hellscape of internet censorship, safety, privacy, data mining…

#capitalism #internet censorship #internet #data mining #profit over people #apple #microsoft #kosa #chrome #google #privacy #privacy protection #internet privacy #monopoly #european union #eu #corporate hellscape #kids online safety act #2024

11 notes · View notes

protect-namine · 12 days ago

Text

I actually have a fic idea but lc is a show that's like. you will never ever have all the information and context until the end. and I am a writer who writes best and more confidently when I have all the info and context at my fingertips. so now I'm just like 🧍‍♂️

anyway. ramble in the tags

#mine musings #it's an AU so it shouldn't even matter actually. but. whatever. i'll still try to write it. it'll take a while #it's more like character exploration anyway. a role reversal (my favorite kind of au)#i.e. what would the emma case look like if cxs is the one who keeps timelooping to save lg?#it's not a power swap or personality swap so i think it'll be an interesting exploration of the limits of their personalities #for example: in this au i think lg is still protective of cxs and acts as the guide. but he's closer to og!timeline lg #so i'm thinking that he's still very principled but perhaps less strict about doing small deviations from the timeline #cxs is still empathetic and reckless and i think that would actually get worse in a timelooping cxs #since he's the possessor he rationalizes to himself that he gets to shield lg from the messy parts of an operation #and how this self-matyrdom pulls at the fragile trust they have. because their partnership is never equal when someone is timelooping #i'm thinking in like the emma case this all comes to a head when emma gets the text from her parents #in S1 lg tells him “it's better not to look”#i think in this au. cxs would have already honed his acting skills and be like “lg. does she check the phone?”#and lg who is protective but a little naive and not as strict with rules is like #cxs looks so sad :( he's been missing his parents lately :( emma doesn't see the text until tomorrow but...#this probably won't change the timeline too much... right? i think cxs needs to feel loved right now :) “yes she checks her phone”#and cxs is like “... are you sure?”#lg: “yes i'm sure”#and then post-dive cxs finds out emma dies but he doesn't tell lg :) he just keeps it to himself :)#bc it's his job to handle all the messy parts :) like the emotions of their clients. their regrets and obsessions. their fates #in his mind. the more lg knows the more he tries to sacrifice himself to save cxs. so it's important that lg is kept in the dark #something something actor/scriptwriter metaphors idk still working on the idea #just. role reversal shiguang... cxs who keeps timelooping bc he has abandonment issues so he can't handle lg dying...#lg basically is like 9S from nier automata who always dooms himself by learning the truth #this could've been a read more instead of a tag essay i'm sorry. i keep forgetting that feature. i am a yapper in the tags #cxs after dragging lg out for dinner so he doesn't catch the news: “hey lg. we followed the script to a tee right?”#“i didn't forget any lines or anything?”#lg (confused) (lying): “yes. aside from getting the financial data part. we did everything right.”#cxs: “okay 😊 i trust you 😊 past or future let them be”#lg (internally): he's giving me his actor voice. he only does that when he's diving. why is he giving me his actor voice. did i mess up--

4 notes · View notes

thepastisalreadywritten · 10 months ago

Text

Hospital staff embroiled in a privacy probe involving the Princess of Wales will likely be facing disciplinary action, an expert has warned.

The Mirror revealed an investigation is underway at the world-renowned The London Clinic into claims Catherine's confidentiality was breached while she was a patient in January.

At least one member of staff was said to have been caught trying to access the 42-year-old's medical notes.

The future Queen had abdominal surgery at the London hospital in January and stayed for a fortnight, as she recovered before returning home to Windsor.

The allegations are the latest blow to hit Catherine, whose absence from public life over the past two months has led to wild conspiracy theories on social media about her whereabouts and health.

Now, an employment expert has outlined the likely next steps for accused staff, while a data protection expert has suggested Catherine could well claim compensation.

Employment partner Tracey Guest at law firm Slater Heelis told the Mirror:

"Any hospital employee who has accessed Catherine's private medical records, without any proper work reason to do so, is at risk of being dismissed due to gross misconduct.

Previous cases for dismissal relating to confidential information have held that it is important for employers to have policies in place, which make it abundantly clear to employees that unauthorised interference with computers/accessing confidential information unnecessarily will carry severe penalties.

No doubt all hospital employees will have been given contracts of employment where confidential information is a key term.

And it is likely that the hospital will have policies in place to make it clear that unlawfully accessing patient confidential information is likely to amount to gross misconduct."

The next steps to follow will depend on the alleged employee's years of service at the clinic. Tracey continued:

"If an employee has two or more years' service, the hospital will need to follow a fair procedure prior to dismissing an employee, otherwise they will be at risk of a claim for unfair dismissal.

This means that the hospital should require the employee to attend an investigation meeting, where the allegations are put to the employee and the employee is given a chance to respond and put forward any explanation/deny the allegations.

If the Investigating Officer decides that there is a case to answer, the employee must then be required to attend a disciplinary meeting.

The employee should be advised in advance in writing of the disciplinary allegations against them and warned that a possible outcome may be dismissal.

The employee should also be given the right to be accompanied to the disciplinary meeting by a fellow employee or trade union representative of their choice.

If an employee is dismissed, they should be given the right to appeal the decision."

It is likely that accessing medical records without any proper work reason is also a breach of data protection, and these allegations would also be discussed with the employee concerned, Tracey explained.

Meanwhile, the employees' alleged actions causing reputational damage to the hospital will also be assessed.

"Given the publicity surrounding this matter, this allegation would be genuine and could provide a further reason to warrant dismissal for gross misconduct (subject to the findings of any appropriate investigation and disciplinary)," Tracey added, before suggesting:

"Any employee involved in accessing medical records without a proper reason to do so may be best advised to resign, in order to avoid having a dismissal on their records."

The clinic's boss said that all appropriate investigatory, regulatory and disciplinary steps will be taken when looking at alleged data breaches.

Al Russell, said in a statement:

"Everyone at the London Clinic is acutely aware of our individual, professional, ethical and legal duties with regards to patient confidentiality.

We take enormous pride in the outstanding care and discretion we aim to deliver for all our patients that put their trust in us every day.

We have systems in place to monitor management of patient information and, in the case of any breach, all appropriate investigatory, regulatory and disciplinary steps will be taken.

There is no place at our hospital for those who intentionally breach the trust of any of our patients or colleagues."

It is a criminal offence for any staff in an NHS or private healthcare setting to access the medical records of a patient without the consent of the organisation's data controller.

Looking at somebody's private medical records without permission can result in prosecution from the Information Commissioner's Office in the UK.

A spokesperson for the data watchdog said:

"We can confirm that we have received a breach report and are assessing the information provided."

Jon Baines, Senior Data Protection Specialist at Mishcon de Reya, outlined what this would mean and suggested that Catherine could claim for compensation.

"Any investigation by the ICO is likely to consider whether a criminal offence might have been committed by an individual or individuals," he began.

"Section 170 of the Data Protection Act 2018 says that a person commits an offence if they obtain or disclose personal data 'without the consent of the controller.'

Here, the controller will be the clinic itself.

"Although there are defences available to someone charged with the offence — such as that they reasonably believed they had the right to 'obtain' the personal data, or on grounds of public interest — such defences are unlikely to apply where someone knowingly accesses patient notes for no valid or justifiable reason.

Mr Baines explained that an offence is only punishable by a fine.

In England and Wales, although the maximum fine is unlimited, there is no possibility of any custodial sentence.

"A further area of potential investigation for the ICO will be whether the clinic itself complied with its obligations under the UK GDPR to have 'appropriate technical or organisational measures' in place to keep personal data secure.," the data expert continued.

"Serious failures to comply with that obligation could lead to civil monetary penalties from the ICO, to a maximum of £17.5m although, in reality, given that such civil fines must be proportionate, it is rare that such large sums are even considered by the ICO.

Individuals, such as - in this case - The Princess of Wales, can also bring claims for compensation under the UK GDPR, and for 'misuse of private information', where their data protection and privacy rights have been infringed."

Mr Baines added:

"Whatever the outcome from the ICO, anyone working in an environment where they might have access to personal data, particularly of a sensitive nature, should be aware that there are potential criminal law implications arising from unauthorised access.

Any organisation holding such information should ensure it has appropriate measures in place to prevent, or at least reduce the risk, of such access."

Earlier today, a health minister said police have "been asked to look at" whether staff at The London Clinic attempted to access the Princess of Wales' private medical records.

MP Maria Caulfield, who is a nurse serving as Parliamentary Under-Secretary of State for Mental Health and Women's Health Strategy, said there could be “hefty implications” if it turns out anyone accessed the notes without permission, including prosecution or fines.

When questioned whether it should be dealt with as a police matter, Ms Caulfield told LBC:

“Whether they take action is a matter for them. But the Information Commissioner can also take prosecutions, can also issue fines, the NMC (Nursing and Midwifery Council), other health regulators can strike you off the register if the breach is serious enough.

So there are particularly hefty implications if you are looking at notes for medical records that you should not be looking at."

Reassuring listeners, she also told Times Radio:

"For any patient, you want to reassure your listeners that there are strict rules in place around information governance about being able to look at notes even within the trust or a community setting.

You can't just randomly look at any patient's notes. It's taken extremely seriously, both by the information commissioner but also your regulator.

So the NMC (Nursing and Midwifery Council), if as a nurse, you are accessing notes that you haven't got permission to access, they would take enforcement action against that. So it's extremely serious.

And I want to reassure patients that their notes have those strict rules apply to them as they do for the Princess of Wales."

Kensington Palace refused to confirm what Catherine was being treated for at the time of the announcement she had surgery but later confirmed the condition was non-cancerous.

An official statement read:

"Her Royal Highness The Princess of Wales was admitted to The London Clinic yesterday for planned abdominal surgery.

The surgery was successful and it is expected that she will remain in hospital for ten to fourteen days, before returning home to continue her recovery."

The Palace also raised that they wanted to keep her health concerns private, adding:

"Based on the current medical advice, she is unlikely to return to public duties until after Easter. The Princess of Wales appreciates the interest this statement will generate.

She hopes that the public will understand her desire to maintain as much normality for her children as possible; and her wish that her personal medical information remains private.

Kensington Palace will, therefore, only provide updates on Her Royal Highness' progress when there is significant new information to share.

The Princess of Wales wishes to apologise to all those concerned for the fact that she has to postpone her upcoming engagements.

She looks forward to reinstating as many as possible, as soon as possible."

As speculation has swirled regarding the Princess' whereabouts, Catherine was most recently seen stepping out in public with Prince William for the first time at the weekend.

The couple, dressed in sportswear, were spotted walking with shopping bags at a farm shop close to their home on the Windsor estate.

#Princess of Wales #Catherine Princess of Wales #Catherine Middleton #Kate Middleton #British Royal Family #The London Clinic #NHS #Information Commissioner's Office #Data Protection Act 2018 #MP Maria Caulfield #Kensington Palace #medical records access #medical data breach #abdominal surgery #Nursing and Midwifery Council

3 notes · View notes

ivygorgon · 15 days ago

Text

An open letter to the President & U.S. Congress

The DATA Act and the RESTRICT Act are un-American

518 so far! Help us get to 1,000 signers!

I'm alarmed by the Ban TikTok discussion & the RESTRICT Act. We're a democratic country with a First Amendment that guarantees free expression. How does banning a social media platform abide by that principle? Especially since the US government condemns authoritarian governments in other parts of the world for blocking US-based social networks. Examples:

When Nigeria banned Twitter for seven months in June 2021, the U.S. condemned it, reiterating its support for "the fundamental human right of free expression & access to information as a pillar of democracy."

Individuals responsible for the blocking of social media applications in Iran were condemned as "engaging in censorship activities that prohibit, limit, or penalize the exercise of freedom of expression or assembly by citizens of Iran."

When American digital platforms have been banned or severely restricted by governments--including the Chinese Communist Party, Pakistan, & Uganda--seeking to silence & obstruct the open flow of communication & information, the US calls these entities out for it. So why are we doing the same?

TikTok is a red herring. The DATA Act & the RESTRICT Act are very broad & could lead to other apps or communications services with connections to foreign countries being banned in the US. The stated intention is to target apps/services that pose a threat to national security; the way it's currently written raises serious human & civil rights concerns that should be far more important to you.

Caitlin Vogus says: "Any bill that would allow the US government to ban an online service that facilitates Americans' speech raises serious First Amendment concerns…" And those concerns will impact marginalized & oppressed people & groups more.

The "reasoning" behind Ban TikTok is not sound. The racist fearmongering around China is bad enough. Worse is the core of the argument -- data being collected & shared & used against people -- is a problem with ALL social media. Why isn't Congress focusing on that? The apps on your phone (Facebook, Messenger, Instagram, Twitter) are constantly monitoring you & sending information about you to data brokers. Info that can be easily tied to you as an individual despite claims that all the data is "anonymized".

Congress should be addressing the larger problem & not one social network. Restricting what data they can collect about users & forbidding them from selling that data will address the issue with TikTok, too.

I urge you to kill the DATA Act & the RESTRICT Act. They need to be tossed out & more measured legislation proposed in their place that addresses the foundational problems of social media apps & services & the data they collect & who they share it with & how they & other entities use that data.

I know that's not as easy or sexy as Ban TikTok! It does address our Constitutional right to assemble & free expression. That's far more important than knee-jerk reactions & bandwagon jumping.

▶ Created on March 31, 2023 by K T

Text SIGN PNSIMC to 50409

90K notes · View notes

nationallawreview · 1 month ago

Text

CFPB Takes Aim at Data Brokers in Proposed Rule Amending FCRA

On December 3, the CFPB announced a proposed rule to enhance oversight of data brokers that handle consumers’ sensitive personal and financial information. The proposed rule would amend Regulation V, which implements the Fair Credit Reporting Act (FCRA), to require data brokers to comply with credit bureau-style regulations under FCRA if they sell income data or certain other financial…

#AI #Artificial Intelligence #CFPB #consent #Consumer Financial Protection Bureau #CRA #credit history #credit score #data brokers #debt payments #Disclosure #Fair Credit Reporting Act #FCRA #financial information #personal information #privacy protection #Regulation V

1 note · View note

bitcoinversus · 2 months ago

Text

Beef with the Chief: Federal Chair Jerome Powell Says Donald Trump Can’t Fire Him

"The Federal Reserve Act stipulates that Board members, including [Fed Chair Jerome Powell], can only be removed "for cause," a term generally interpreted to mean misconduct or incapacity, not policy disagreements."

Federal Reserve Chair Jerome Powell has firmly stated that he cannot be dismissed or demoted by the President without cause, emphasizing the legal protections afforded to his position. During a recent press conference, Powell responded to inquiries about potential presidential interference by asserting, “Not permitted under the law.” This declaration underscores the Federal Reserve’s…

#Beef with the Chief: Federal Chair Jerome Powell Says Donald Trump Can’t Fire Him #central bank independence #Donald Trump #economic data #economic stability #fed chair jerome powell #Federal Chair Jerome Powell #federal reserve #Federal Reserve Act #federal reserve jerome powell #jerome powell #legal protections #monetary policy #political interference #presidential authority

1 note · View note

jcmarchi · 3 months ago

Text

EU AI Act: Early prep could give businesses competitive edge

New Post has been published on https://thedigitalinsider.com/eu-ai-act-early-prep-could-give-businesses-competitive-edge/

EU AI Act: Early prep could give businesses competitive edge

.pp-multiple-authors-boxes-wrapper display:none; img width:100%;

The EU AI Act is set to fully take effect in August 2026, but some provisions are coming into force even earlier.

The legislation establishes a first-of-its-kind regulatory framework for AI systems, employing a risk-based approach that categorises AI applications based on their potential impact on safety, human rights, and societal wellbeing.

“Some systems are banned entirely, while systems deemed ‘high-risk’ are subject to stricter requirements and assessments before deployment,” explains the DPO Centre, a data protection consultancy.

Similar to GDPR, the Act’s extra-territorial reach means it applies to any organisation marketing, deploying, or using AI systems within the EU, regardless of where the system is developed. Businesses will be classified primarily as either ‘Providers’ or ‘Deployers,’ with additional categories for ‘Distributors,’ ‘Importers,’ ‘Product Manufacturers,’ and ‘Authorised Representatives.’

For organisations developing or deploying AI systems, particularly those classified as high-risk, compliance preparation promises to be complex. However, experts suggest viewing this as an opportunity rather than a burden.

“By embracing compliance as a catalyst for more transparent AI usage, businesses can turn regulatory demands into a competitive advantage,” notes the DPO Centre.

Key preparation strategies include comprehensive staff training, establishing robust corporate governance, and implementing strong cybersecurity measures. The legislation’s requirements often overlap with existing GDPR frameworks, particularly regarding transparency and accountability.

Organisations must also adhere to ethical AI principles and maintain clear documentation of their systems’ functionality, limitations, and intended use. The EU is currently developing specific codes of practice and templates to assist with compliance obligations.

For businesses uncertain about their obligations, experts recommend seeking professional guidance early. Tools like the EU AI Act Compliance Checker can help organisations verify their systems’ alignment with regulatory requirements.

Rather than viewing compliance as merely a regulatory burden, forward-thinking organisations should view the EU’s AI Act as an opportunity to demonstrate commitment to responsible AI development and build greater trust with their customers.

See also: AI governance gap: 95% of firms haven’t implemented frameworks

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Intelligent Automation Conference, BlockX, Digital Transformation Week, and Cyber Security & Cloud Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: ai, ai act, artificial intelligence, eu, europe, european union, law, legal, Legislation, regulation

0 notes