Tag Archives: personal data protection

Financial Supervisory Authority issues circular for Hungarian financial institutions on the use of cloud computing technologies

Márton Domokos writes for “The Privacy Advisor” that On 18 July, the Hungarian Financial Supervisory Authority-PSZÁF (HFSA) issued a circular for Hungarian financial institutions on the use of cloud computing technologies. It is the first time in Hungary that a regulatory authority issued such an opinion. The document outlines detailed proposals for financial institutions on data classification, pre-contracting tasks and the contents of the service agreement with the cloud provider.

Regulatory considerations

The HFSA expressly reminds the management, IT internal audit, compliance and legal departments of financial institutions that if the company is willing to use cloud computing services, they shall pay particular attention to the following.

Obtaining cloud services is considered as “outsourcing” under the Hungarian sector-specific regulations which results in the application of certain additional rules; e.g., notification to the HFSA, specific data processing obligations.
It is important to continuously monitor the changes in the regulations of the EU affecting cloud computing services, practices and best practice recommendations.
It is also essential to keep an eye on the Hungarian and EU data privacy provisions and practices—in particular to practices and resolutions concerning cross-border data transfers or data transfers to third countries.
The relationship between the master services agreement to be concluded and the related SLAs shall be harmonised.
Data classification

According to the HFSA, it is important to classify the data processed by the financial institution before determining which data can be transferred to the cloud at all. The circular states that it is not recommended to process bank secrets, personal data or other sensitive data in the public cloud and reminds that the physical storage or place of procession of data in the public cloud in particular, e.g., outside of the European Economic Area or the Safe Harbor, substantially influence the possibility of compliance with the EU data protection regulations.

Read the whole text HERE.

DNA is private information and is protected by privacy laws – according to a recent American Appeal Court decision

Source: http://make-family-tree.com

DNA is considered private data and its retention is protected by some of the privacy and data protection laws

I found a very interesting piece of information on Proskauer privacylaw blog regarding a recent decision of the Massachusettes Appeal Court, which found that police cannot keep DNA samples beyond the limitations promised to an individual.

The decision was given in Amato v. District Attorney on 25 August.

The case arose out of the voluntary collection of plaintiff’s DNA in connection with a 2002 murder investigation. The plaintiff challenged the crime lab’s retention of private individuals’ DNA samples despite representations that any samples and related records “would be destroyed and would not become part of any State or Federal database” if they did not match DNA evidence taken at the crime scene. According to the plaintiff, notwithstanding the successful prosecution of the man responsible for the murder, the state’s crime lab refused to destroy his and other DNA samples in its possession despite his repeated requests.

The trial court dismissed the charges. But the Appeal Court found that police was in breach of privacy law, in particular the state’s Fair Information Practices Act.

“[g]iven the circumstances under which the defendants induced [the plaintiff] and the others to allow access to this intensely private information [i.e., their DNA], including the promises of limited use and retention and the concomitantly restricted scope of consent granted, we are not convinced that the defendants have acted reasonably as matter of law.”

The Court also found that: retention of highly sensitive DNA records without consent and making them available for nonconsensual use in other criminal investigations are sufficient to constitute an unreasonable, substantial, and serious interference with an individual’s privacy.

  • You can find the whole decision HERE

Why blog about personal data protection?

Pdp is privacy in a new era, although many argue that the right to privacy and the right to the protection of personal data are two separate rights. That is an endless debate and therefore one of the good reasons to start a blog about pdp.

I would rather not separate pdp from privacy issues and this is why my blog will also tackle privacy related subjects while concentrating on personal data protection legal developments around the world.

In order to answer the question in the title of this post, I will tell you why you should read pdp news and comments: because you need to know how to handle all your personal information shared knowingly or unknowingly with public authorities, governments, marketing companies, insurance agencies, social networks, telecommunication companies, schools and universities, banks, online stores and all the other public or private entities that store and manage any kind of information about you – starting with name and address, to health condition, ethnicity, photos, appearance, religion, phone calls you made, where you work and even what you like to eat.

Most of the information published here will have a legal approach because of who I am – a PhD student writing a thesis about personal data protection. But you will find much more than legal commentary. Enjoy!