Practical Law Global’s Post

🇻🇳🇻🇳🇻🇳[Employee Data Breach Claim Rejected by Court in Vietnam] ‼️ 📍Recently, there is an employee’s data breach claim against her employer rejected by the court in Bac Ninh province (see details in the attached). This claim arose from a labor dispute where the employer terminated her employment due to inaccuracies in her CV. To verify these inaccuracies, the employer disclosed her personal data to her former employers without authorization. The employee claimed this was a serious breach of privacy under data protection laws and asked for compensation in the amount of VND 20 million (about less than USD 1,000), which is small though. 📍Since the incident occurred between 2021 and 2022, her claim was based on Article 38 of the Civil Code and, Article 84 of Decree No. 15/2020/ND-CP, which is an administrative sanctioning decree handling violations in telecommunications, IT and e-transactions and not directly related to employment. The court rejected the claim, stating that the cross-reference check served the company’s business purposes and did not violate cyber information security or impair her personal information’s integrity, security, and availability. 📍The court’s rationale is unconvincing as it did not address whether Article 38 of the Civil Code, which requires prior consent for the use and disclosure of private life and personal secret of a person, was applicable. Additionally, it did not consider whether the disclosure of her personal information to third parties without consent had any lawful basis. 📍Unfortunately, the plaintiff lacked strong legal grounds due to the timing of the incident. If this incident occurs after July 1, 2023 (i.e., the effective date of the PDPD (Decree No. 13/2023/ND-CP), the story might be different as she would have more direct grounds to claim. 📌Nonetheless, this case highlights the growing awareness of people’s privacy rights and suggests that more privacy claims may arise with the enactment of the PDPD and future legislation (i.e., the coming personal data protection law (PDPL)). ➡️Compliance with the PDPD in Vietnam is, therefore, increasingly important for all businesses to avoid any future privacy dispute. It is further advisable to take prompt actions and closely monitor new development in this area. If you have any thought, please share it in the comments down below. Happy to discuss. 📣Btw, please see my latest write-up on the recently released draft PDPL at: (https://lnkd.in/gM6YDS-X). Nice weekend!

Migori County Assembly Fined KES 900,000 for Breaching Privacy Laws: A Data Protection Wake-up Call. In a landmark decision, the Office of the Data Protection Commissioner (ODPC) found the Migori County Assembly liable for unlawfully disclosing personal data (CV), resulting in a hefty fine of KES 900,000. Here are the key insights from this case: 1️⃣ Right to Privacy: The determination underscores the constitutional right to privacy, reminding public entities of their duty to protect personal information. Article 31 of the Constitution of Kenya provides individuals with the right to privacy, and this case reaffirms its importance. 2️⃣ Data Processing Principles: The ODPC determined that the Assembly violated the principles of data processing set forth in the Data Protection Act, 2019. Specifically, personal data must be collected for explicit and legitimate purposes and processed in a manner that respects individuals' privacy rights. 3️⃣ Lawful Basis for Processing: The Assembly's defense relied on internal standing orders to justify the public disclosure of the complainant's CV. However, the ODPC ruled that there was no lawful basis for this action, highlighting the need for entities to seek explicit consent when processing sensitive personal data. 4️⃣ Sensitive Personal Data: The case also emphasizes the handling of sensitive personal data, such as religious beliefs and marital status. Public institutions must be especially cautious, as such data is afforded additional protection under the law. 5️⃣ Consequences of Non-Compliance: The Assembly was directed to remove the CVs from its website and compensate the complainant, demonstrating the serious repercussions organizations face for data protection violations. This decision serves as a critical reminder for all organizations to review their data handling practices and ensure compliance with data protection regulations. As we continue to navigate the evolving landscape of data privacy, let’s prioritize the protection of personal information and respect the rights of individuals. 🔗 For more insights on data protection laws and their implications, visit our blog at Mbuchi Legal Insights.//https://lnkd.in/dzgd373x #DataProtection #Privacy #MigoriCounty #LegalInsights #ODPC #Kenya

Learn it. Austria: The limits of privacy in the world of work: Are employers allowed to read their employees' emails? https://buff.ly/4aoAtZq #tech #digital #data #privacy

THE EVOLVING LANDSCAPE OF DATA PRIVACY The Pakistani legal landscape is undergoing a significant shift with the draft Personal Data Protection Bill, 2023. This proposed legislation has the potential to fundamentally alter how businesses collect, store, and utilize personal data. UNDERSTANDING THE IMPLICATIONS This Bill, if enacted, will usher in a new era of data privacy rights for individuals in Pakistan. They will be granted enhanced control over their personal information, including the right to access, rectify, and even erase data held by businesses. INCREASED RESPONSIBILITY FOR BUSINESSES Organizations operating within Pakistan's borders will be subject to stricter regulations regarding data security. Implementing robust safeguards to protect user data will become paramount. Failure to comply with these regulations could result in significant penalties. CROSS-BORDER CONSIDERATIONS The Bill also establishes guidelines for transferring data outside Pakistan. This is especially important for businesses with international operations or those utilizing cloud-based services. A clear understanding of these regulations will be crucial for ensuring compliance. PROACTIVE PREPARATION IS KEY To navigate this evolving data privacy landscape, businesses should take proactive steps. Here are some key recommendations: 1) Conduct a data inventory: Gain a comprehensive understanding of what personal data your organization collects and for what purposes. 2) Develop a data security strategy: Implement robust measures to protect user information from unauthorized access, breaches, and loss. This includes data encryption, access controls, and employee training. 3) Review data retention policies: Ensure your data retention practices comply with the new regulations. STAYING INFORMED The Personal Data Protection Bill represents a significant development in Pakistani law with far-reaching implications for businesses. By staying informed and taking proactive steps to comply, organizations can ensure they are well-positioned for the future of data privacy in Pakistan. I invite you to share your thoughts and questions regarding the Personal Data Protection Bill in the comments below. #Pakistan #DataPrivacy #BusinessLaw #EmergingLaw

Learn it. Austria: The limits of privacy in the world of work: Are employers allowed to read their employees' emails? https://buff.ly/4aoAtZq #tech #digital #data #privacy

🎯Israeli Privacy Protection Law Amendment: Key Changes and DPO Requirements🎯 Introduction Amendment 13 to the Israeli Protection of Privacy Law comes into effect on August 14, 2025. Background The original law, dating back to 1981, was in dire need of modernization. The amendment process was accelerated by two main factors: 🎯The increase in cyberattacks during the Iron Swords War 🎯The EU's recommendation to enshrine privacy protections in primary legislation Key Changes 🎯New Definitions: The law now includes GDPR-like definitions for Controller, Processor, Personal Data, Especially Sensitive Data, and Processing. 🎯Database Registration: The requirement has been largely eliminated, except for public entities and large-scale data brokers. 🎯Stakeholder Changes: The role of Database manager has been removed, and we now have mandatory DPO appointments in certain cases. 🎯New Principles: The law introduces purpose limitation and prohibitions on unauthorized processing. 🎯Enhanced Enforcement: The Privacy Protection Authority (PPA) now has extensive investigative and enforcement powers. 🎯Administrative Fines: Significant fines can now be imposed for breaches, potentially reaching millions of NIS. 🎯Civil Claims: Statutory damages of 10,000 NIS can be claimed without proving actual damages for certain breaches. 🎯Extended Limitation Period: The period for claims has been extended from 2 to 7 years. Focus on Data Protection Officer (DPO) Requirements Who Must Appoint a DPO? 🎯Public entities and their processors 🎯Large-scale data brokers 🎯Entities engaged in large-scale systematic monitoring 🎯Entities processing especially sensitive data on a large scale DPO Responsibilities The DPO's main tasks include: 🎯Ensuring compliance with the law 🎯Providing advice and training 🎯Monitoring compliance and reporting to management 🎯Overseeing information security procedures 🎯Handling data subject requests 🎯Acting as a liaison with the PPA DPO Qualifications The law requires DPOs to have: 🎯In-depth knowledge of data protection laws 🎯Appropriate understanding of technology and information security 🎯Familiarity with the appointing entity's activities and purposes Organizational Position The DPO must: 🎯Report directly to top management 🎯Be provided with necessary resources 🎯Avoid conflicts of interest Enforcement and Sanctions The PPA has the power to: 🎯Issue instructions to rectify DPO-related breaches 🎯Impose significant financial sanctions for non-compliance Conclusion Amendment 13 aligns Israeli law more closely with international standards and robust enforcement mechanisms. Organizations in Israel should prepare to ensure compliance by the 2025 deadline. #DataProtection #DataPrivacy #GDPR #EU #UKICO #DPDPA #PrivacyLawyers #AITECH Ramanuj Mukherjee Abhyuday Agarwal Komal Shah Yash Vijayvargiya SAURABH RAJ LawSikho LawSikho Freelance Department Skill Arbitrage Student Success Team | Lawsikho & Skill Arbitrage Rakshit Rajput

Just finished reading an insightful article about the growing impact of data privacy laws on both consumers and employees. With new regulations constantly emerging, it's not just about compliance anymore—it’s about building trust. Consumers are more aware than ever of their rights, and employees are becoming increasingly conscious of how their personal data is handled. From my experience, it's essential for organisations to move beyond mere checkbox compliance and foster a culture of privacy. This involves transparent communication, continuous education, and putting systems in place that genuinely protect personal data. One thing I’d stress is the importance of making data privacy a core part of your company’s values, not just a legal obligation. It’s about respecting the individuals behind the data and ensuring they feel safe and secure. Would love to hear your thoughts on how your organisations are navigating these challenges! #DataPrivacy #Compliance #Trust #CorporateCulture https://lnkd.in/eYP2D5d7

Privacy/data protection non-compliance is one of the first things disgruntled people use against directors/solopreneurs ... This gives people legitimate grounds to make life difficult for you. It can be stressful/costly to resolve if you need advice to get you out a situation. WHAT YOU NEED Examples (unless exempt): * – Register with the ICO (£40/yr for 'micro businesses') – Privacy policy/notice (even if you have no website) – Cookie policy (can be included in privacy policy) – Cookie banner/settings Price: Privacy policy: £100 Cookie policy: £50 Guidance: included No VAT + YOU MAY NEED THIS (depending on your business) T&Cs/agreement(s) – Specific data protection T&Cs or data sharing/processing agreements  (for certain activities). International – International Data Transfer Agreement  (for transfers of personal data outside UK/EEA, e.g. to team/partners/collaborators) – International clients? You'll need policies that comply with certain territories' data protection laws (happy to share examples of options with you) WHAT NEXT? As annoying as it is, you need to get your data protection compliance sorted. If you want to find out what you need and when, and your options, DM me any time. Have a good one! Ian New Powering founder ingenuity with plain English legal advice, contracts + policies ***************************************** *NB: Relevant to UK businesses only. This is not advice nor an exhaustive list (although this topic is exhausting). There could be more to it, depending on your business/circumstances. We're about to launch weekly/fortnightly group legal clinics. More info to follow here and on N3WWW [.] COM Bring your start-up/scale-up legal questions. Available to Ingenuity members. #legal #data #privacy #consultant #UK "We urgently needed data privacy expertise and Ian was not only knowledgeable, but he responded quickly and broke down complex topics better than any other providers we considered." More testimonials via my profile: Ian Greig MBA

🚨 𝗥𝗚𝗣𝗗 𝗥𝗲𝗮𝗹 𝗨𝘀𝗲 𝗖𝗮𝘀𝗲: 𝗘𝘅𝗰𝗲𝘀𝘀𝗶𝘃𝗲 𝗗𝗮𝘁𝗮 𝗖𝗼𝗹𝗹𝗲𝗰𝘁𝗶𝗼𝗻 & 𝗦𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗗𝗮𝘁𝗮 𝗠𝗶𝘀𝗵𝗮𝗻𝗱𝗹𝗶𝗻𝗴 🚨 The 𝗖𝗡𝗜𝗟 has imposed a financial penalty of 200 000 € on a chinese logistics company for serious breaches of 𝗥𝗚𝗣𝗗, including excessive data collection, mishandling of sensitive data, and lack of cooperation. 🔍 𝗖𝗮𝘀𝗲 𝗗𝗲𝘁𝗮𝗶𝗹𝘀 Following multiple complaints, the CNIL investigated the company and uncovered several violations, including: • 𝗗𝗮𝘁𝗮 𝗠𝗶𝗻𝗶𝗺𝗶𝘀𝗮𝘁𝗶𝗼𝗻 𝗩𝗶𝗼𝗹𝗮𝘁𝗶𝗼𝗻 (𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝟱-𝟭 𝗖 𝗥𝗚𝗣𝗗): The company collected excessive personal information from employees, including family details (identity, contact info, profession, employer, marital status), far beyond what was necessary. • 𝗜𝗹𝗹𝗲𝗴𝗮𝗹 𝗖𝗼𝗹𝗹𝗲𝗰𝘁𝗶𝗼𝗻 𝗼𝗳 𝗦𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗗𝗮𝘁𝗮 (𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝟵 𝗥𝗚𝗣𝗗): The company requested highly sensitive information, including employees' blood type, ethnicity, and political affiliation – all prohibited under GDPR. • 𝗩𝗶𝗼𝗹𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝟭𝟬 𝗥𝗚𝗣𝗗: The company improperly retained employees’ criminal records, despite the fact that these employees had already obtained security clearance. For those without clearance, the company could view their criminal record but had no legal right to keep it. • 𝗟𝗮𝗰𝗸 𝗼𝗳 𝗖𝗼𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝗡𝗜𝗟 (𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝟯𝟭 𝗥𝗚𝗣𝗗): The company failed to sufficiently cooperate with the CNIL during the investigation. 🛑 𝗖𝗼𝗻𝘀𝗲𝗾𝘂𝗲𝗻𝗰𝗲𝘀 • Reputational damage for the company.  • Immediate need for compliance with GDPR. • 200 000 € penalties fees. ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ 💡 𝗥𝗲𝗺𝗶𝗻𝗱𝗲𝗿: 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗖𝗡𝗜𝗟? 𝗖𝗡𝗜𝗟 (𝗖𝗼𝗺𝗺𝗶𝘀𝘀𝗶𝗼𝗻 𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗲 𝗱𝗲 𝗹'𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗾𝘂𝗲 𝗲𝘁 𝗱𝗲𝘀 𝗟𝗶𝗯𝗲𝗿𝘁𝗲𝘀) is the French data protection authority responsible for ensuring compliance with data privacy laws, particularly GDPR, in France. They have the power to investigate and issue sanctions when companies fail to comply with data protection regulations. ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ ̶ This real world case serves is just one example of the broader challenges organizations face in maintaining GDPR compliance. #GDPR #DataGovernance #DataProtection #GDPRCompliance #SensitiveData #DataMinimization #CNIL #CorporateReputation #GDPRViolations

In an era where data is a valuable commodity and privacy concerns loom large, NOMOSOTS stands at the forefront, aligning its practices with stringent data privacy regulations. The company's commitment to data privacy not only underscores ethical stewardship but also ensures that clients can trust NOMOSOTS with their sensitive information.   Understanding the Landscape:   Data privacy regulations, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and various other regional and industry-specific standards, have reshaped the way organizations handle personal and sensitive information. NOMOSOTS' Approach to Data Privacy:   NOMOSOTS employs a multifaceted approach to data privacy that intertwines legal expertise, technological safeguards, and organizational policies. Legal professionals at NOMOSOTS undergo rigorous training to ensure a deep understanding of data protection laws relevant to the jurisdictions they operate in. Technologically, NOMOSOTS invests in cutting-edge security measures to fortify its information infrastructure. Encryption, secure data transmission protocols, and robust access controls are integral components of NOMOSOTS' data protection strategy.   Organizational policies within NOMOSOTS are designed to instill a culture of data privacy consciousness. From the boardroom to individual workstations, every team member is cognizant of their role in upholding data privacy standards.   Client Trust as the Cornerstone:   NOMOSOTS recognizes that trust is paramount in the legal process outsourcing landscape, especially when dealing with sensitive legal information. By prioritizing data privacy,   Adaptability to Changing Regulations:   Data privacy regulations are dynamic, subject to updates and amendments. NOMOSOTS has positioned itself as an agile entity capable of adapting swiftly to changes in the regulatory environment.   Conclusion: A Secure Partnership with NOMOSOTS:   In conclusion, NOMOSOTS' commitment to data privacy is not just a legal obligation but a cornerstone of its client-centric approach. The company's robust strategies, technological fortifications, and a culture of privacy consciousness collectively create an environment where clients can be assured that their data is handled with the utmost care and compliance. You are required to fill a form there on the website.Www.nomosots.in   #PersonalInjury #Injury #MedicalMalpractie #MassTort #Medical #Nofault #nofaultautomobileaccident #Accident #Accidentlawyer #revenuegeneration #growthstrategy #costsavings #innovationstrategy #costcutting #legalinnovation #legalservices #LPO #LegalOutsourcingServices #EmpoweringAttorneys #empoweringwomen #nomosots   Blog: https://lnkd.in/fAZPccb Form: https://lnkd.in/dEByq56N Contact: https://lnkd.in/dr9sAkEH