Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Privacy regulators survey for data breach notifications Charles Mabbett
18 September 2019 at 16:10

GPENDataPrivacySweep

The annual Global Privacy Enforcement Network (GPEN) Privacy Sweep is about to get underway and the theme is data breach notifications.

The 2019 GPEN Privacy Sweep is the seventh undertaken by the network and will take place throughout this month and October. This year, up to 18 privacy enforcement authorities from around the world, including our office, are participating in the Sweep.

In fact, our office is leading the sweep - and the timing is good.

The topic of data breach notification is particularly relevant as the number of international jurisdictions with mandatory notification requirements is increasing. Several jurisdictions, including New Zealand, Hong Kong and Singapore, are considering adopting a mandatory regime or are in the process of adopting one.

The Sweep will involve a coordinated effort by participants to assess how well organisations are capturing information about data breaches, and how and whether they are reporting these to regulators.

It will also be an opportunity for jurisdictions with mandatory notification regimes to reflect on how the organisations within their jurisdictions are performing, and how this performance compares with other parts of the world.

As part of the initiative, participating privacy enforcement authorities will be making enquiries with sample organisations to understand:

  • their awareness of the relevant data breach framework
  • their internal procedures for handling data breaches
  • how they respond to data breaches, and
  • whether they have a process in place to prevent future breaches.

The goal of the Sweep is to identify trends to guide future education and outreach. The overall results of this year’s Sweep will be compiled and made public towards the end of the year.

Meanwhile, here are the results of GPEN Sweeps which our office has contributed to in the past – in 2018, 2017, 2015 and 2014.

GPEN is an informal network of privacy enforcement authorities established in 2008 to foster cross-border cooperation among privacy and data protection regulators.

Image credit: Privacy/Risk image via Risk UK.

,

Back