This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • BDO's PrivacyWatch - June 28th, 2023

BDO's PrivacyWatch

28 June 2023

Richard Carty, Director, RAS |

Caribbean Privacy

  • The Grenada Data Protection Act, No. 1 of 2023 (the GDPA) was published, on May 10, 2023 in the Official Gazette, following their assent by the Deputy to the Grenada Governor-General. In particular, the GDPA consists of eight parts and seeks to promote the protection of personal data processed by public and private bodies and to provide for the functions of the Information Commission and related matters. Notably, the provisions of the GDPA establish the Information Commission as the regulatory body responsible for overseeing compliance with the GDPA and details its role and powers in this regard, specifying that complaints may be made to the Information Commission for alleged breaches of the GDPA's provisions. Read More
  • Guyana: Ministry publishes draft data protection bill for public consultation: The Ministry of Legal Affairs of Guyana published, on 15 April 2023, the draft of the Guyana Data Protection Bill 2023, seeking comments on the same. Specifically, the bill aims to protect the privacy of individuals and regulate the collection, keeping, processing, use, and dissemination of personal data. In addition, the bill provides for various data protection principles, such as fairness and lawfulness of processing, purpose limitation, data minimisation, accuracy, integrity, and confidentiality. Read More

Global Privacy

  • EU advances rules that wrestle control of user data away from Big Tech: Twitter needs to do more work to fall in line with the European Union's tough new digital rulebook, a top E.U. official said after overseeing a "stress test" of the company's systems in Silicon Valley. European Commissioner Thierry Breton said late Thursday that he noted the "strong commitment of Twitter to comply" with the Digital Services Act, sweeping new standards that the world's biggest online platforms all must obey in just two months. Read More
  • USA: OCR announces $240,000 settlement with Yakima Valley Memorial Hospital relating to potential violations of HIPAA Privacy Rule: On June 15, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it reached a settlement with Yakima Valley Memorial Hospital resolving a HIPPA investigation. The settlement requires the hospital to pay the OCR $240,000 and to undertake a Corrective Action Plan (CAP). The OCR found that 23 security guards working in the hospital's emergency department used their login credentials to access patient medical records. The OCR determined that the hospital failed to implement reasonable and appropriate policies to comply with the standards and requirements of the HIPPA Rules. Aside from the monetary penalty, the hospital committed to various other remedies.
  • Maine: AG announces Albertsons Companies data breach: The Maine Attorney General (AG) announced on April 21, 2023, that Albertsons Companies, Inc. had suffered a data breach, between the 22nd and 24th of December 2022. The AG explained that the breach was brought to the attention of Albertsons on March 24, 2023, and that it involved the personal data of 32,878 individuals. Moreover, the AG specified that the breach occurred due to a hack of an external system, which contained driver's license numbers, identification card number, and other personal identifiers.
  • U.K.: ICO calls for businesses to address privacy risks of generative A.I.: The Information Commissioner's Office (ICO) issued a statement in which it called for businesses to address privacy risks associated with generative artificial intelligence (A.I.) prior to the adoption of such technologies, noting that it will be conducting tougher checks on whether organizations are compliant with data protection laws in this regard. The Executive Director of Regulatory Risk specified that "Businesses need to show us how they've addressed the risks that occur in their context - even if the underlying technology is the same."


Industry Updates

  • Internet Accessibility and Privacy Concerns: The internet has an important role in present society and so it is essential to give everyone, including those with disabilities, access to the internet on an equitable basis. However, cybersecurity and privacy threats result from the still small penetration of mature accessibility approaches into the web ecosystem. For instance, the privacy settings of a web service, some of which require reading the tiny print in which case, a user with poor vision may not be able to properly set their privacy preferences, which include data sharing permissions and the extent of third parties' access to sensitive information such as legal, financial, and health-related details. Businesses should consider leveraging contemporary technologies to remove barriers to accessibility for customers while guaranteeing compliance with ever-tighter standards.