Tag Archives: data security breach notification

OECD Guidelines, “refreshed” after 33 years

OECD published this week the revised version of the 1980 privacy Guidelines.

According to the OECD website, “two themes run through the updated Guidelines. First is a focus on the practical implementation of privacy protection through an approach grounded in risk management. Second is the need for greater efforts to address the global dimension of privacy through improved interoperability. A number of new concepts are introduced, including:

  • National privacy strategies. While effective laws are essential, the strategic importance of privacy today also requires a multifaceted national strategy co-ordinated at the highest levels of government.
  • Privacy management programmes. These serve as the core operational mechanism through which organisations implement privacy protection.
  • Data security breach notification. This provision covers both notice to an authority and notice to an individual affected by a security breach affecting personal data.

Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement. As a step in a continuing process, this revision leaves intact the original “Basic Principles” of the Guidelines. On-going work by the OECD on privacy protection in a data-driven economy will provide further opportunities to ensure that its privacy framework is well adapted to current challenges.”

Should we say hello to the provisioned new global data protection law? I think so.