Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.
As part of the FTC’s Hearings on Competition and Consumer Protection in the 21st Century, the Commission will hold a two-day hearing on April 9–10 at the Constitution Center (400 7th Street SW in Washington D.C.). The FTC has received 40 comments already and will continue receiving comments until May 31, 2019.
The Federal Trade Commission (FTC) issued two Notices of Proposed Rulemaking (NPRMs) seeking comment on proposed amendments to the Gramm–Leach–Bliley Act (GLBA) Safeguards Rule and Privacy Rule. The comments are due 60 days after the NPRM is published in the Federal Register. The NPRMs accomplish two things. First, they address comments received several years ago when the FTC sought review of these rules pursuant to its periodic review of FTC rules and guides. Second, it proposes to amend both rules and seeks comments on those amendments.
As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.
The Federal Trade Commission (FTC) announced a settlement with Musical.ly, a Cayman Islands corporation with its principal place of business in Shanghai, China, resolving allegations that the defendants violated the Children’s Online Privacy Protection Act (COPPA) Rule.
A spotlight has been placed on the need for a chief data officer (CDO) in public sector agencies through both recent legislation and recommendations made in other recent reports and initiatives.