Data breach: How to prepare

While personal information and likely sensitive data have become a common asset of nearly any business, data security is not that hot topic on the IT roadmap. Even global players in e-commerce have failed in the past to secure their data against 3rd party access.

Several jurisdictions have specific regulations dealing with prevention of and proceedings following a loss of such data, commonly referred to as data breach. In addition, contractual obligations concerning non disclosure and data security measures are more and more boiler plates in tech contacts.

Said this, a data breach is not only a communication challenge with your customers and contractors, but also a legal risk jeopardizing your firm’s compliance and triggering potential fines. As a consequence companies should take appropriate measures to be prepared for a data breach minimizing the negative impact on their business. In a following up post I will describe what to do if a data breach has happened. Continue reading

Posted in Privacy | Tagged , , , | Leave a comment

Guidelines of the German DPAs: Use of internet and email at the workplace

One of the most disputed matters in German employee privacy law is related to the use of internet and email services by employees. In particular was unclear if surveillance of employees in this respect would potentially lead to a personal criminal liability of the person who conducted the surveillance activities.

Now, the German Data Protection Authorities have provided a guideline on the use of internet and emails at workplaces (German only). Continue reading

Posted in News, Privacy | Tagged , , , | Leave a comment