The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.
Compliance with the AI Act: What you need to know
The AI Act was given final approval by the European Council on 21 May 2024. Our Compliance with the AI Act blog series covers what you need to know about the legal obligations for the safe and responsible deployment of AI systems under the new law.
In part 1 of our 4-part series, we cover the timeline and deadlines of the phased implementation schedule. Find out when the AI Act will apply and when you need to ensure compliance.
NCSC publish update to their principles for machine learning
The National Cyber Security Centre (NCSC) has released an updated version of their Principles for the Security of Machine Learning (ML) to cover recent developments in ML and artificial intelligence (AI). The principles aim to help anyone developing, deploying, or operating a system with an ML component make informed decisions about its design and use.
The revised guidelines:
Address risks specific to Large Language Model (LLM) systems and the associated security considerations
Give greater focus to supply chain security and life cycle management
Reinforce the idea of ‘security by design’ as a core business priority
The principles should be considered alongside cyber security, risk management, and incident response best practices for conventional software development.
On 29 May 2024, the BBC disclosed a data breach that affected more than 25,000 current and former employees. The media giant said files containing the names, National Insurance numbers, home addresses, and dates of birth of some BBC Pension Scheme members had been copied from a cloud-based storage service.
The BBC confirmed specialist teams were continuing to monitor the situation, but that the affected files had not been misused and there was no evidence this was a ransomware attack.
Whilst affected individuals do not need to take specific action, the organisation encourages members to be vigilant of suspicious communications, such as unexpected emails or telephone calls.
EDPB issue Opinion on facial recognition at airports
Following a request from the French Data Protection Authority, the European Data Protection Board (EDPB) has adopted an Opinion on the use of facial recognition at airports to streamline passenger flow.
The EDPB emphasises that individuals should have maximum control over their biometric data due to its sensitivity and the potential risks like identity fraud. Only storage solutions where the data is in the individual’s hands or encrypted are deemed GDPR compliant. These storage solutions, when implemented with a list of recommended minimum safeguards, counterbalance the intrusiveness of the data processing and offer individuals the greatest control
Regarding the principle of storage limitation, controllers must justify how long they plan to keep the data and ensure they only store it for as long as necessary.
On 29 May 2024, The European Commission (EC) unveiled the AI Office. The Office is designed to support the implementation of the AI act and enforce general-purpose AI rules, strengthen the development and operation of trustworthy AI, and promote international cooperation.
Working in collaboration with EU Member States and experts in the scientific community, the AI Office will establish codes of practice, conduct testing and evaluation of general-purpose AI models, and apply sanctions when necessary.
OPC’s new online form allows simultaneous breach reporting
The Office of the Privacy Commissioner of Canada (OPC) has introduced an online breach reporting form for federal institutions subject to the Privacy Act. The new form can be simultaneously submitted to both the OPC and the Treasury Board of Canada Secretariat, streamlining the reporting process for institutions and ensuring timely communication during breach incidents.
The OPC also updated the online breach reporting form for businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), allowing them to add related documents to new and existing breach reports.
British Columbia’s FNHA target of cybersecurity attack
On 13 May 2024, British Columbia’s First Nations Health Authority (FNHA) announced it had been subject to a cybersecurity incident. The authority said it had found ‘unusual activity’ on its corporate network and took immediate action to investigate the route cause, including hiring third-party cybersecurity experts.
FNHA confirmed evidence that certain employee and limited personal information had been impacted. It does not yet know if the incident has affected its clinical information systems, but its investigation is ongoing.
The world’s first artificial intelligence (AI) hospital has opened in China. Developed by researchers from Tsinghua University, Agent Hospital simulates the entire process of treating illness. It employs 14 doctor agents and 4 nurses that are driven by large language models.
The team behind the project said the AI doctors can treat 10,000 patients in a number of days – something that would take human doctors two years to complete. It is hoped the agents will continue to evolve and improve their ability to treat disease.
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (United Kingdom)
Data Protection Officers (The Netherlands)
Data Subject Access Request (DSAR) Officer (United Kingdom)
If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services,apply today!