Transactions & Diligence Issues

By Simon Berry and Daisy Shen

Questions often arise about the scope of a data user’s obligations to respond to data subject access requests.  Hong Kong’s Privacy Commissioner for Personal Data offers some guidance in a recently issued Guidance Note (Guidance on Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users).

The Guidance Note addresses, among other matters/questions:

  • What constitutes a data access request (a “DAR”);
  • Steps for complying with a

In the run up to today’s deadline for EEA Member States to implement the EU’s revised Privacy and Electronic Communications Directive, including its new rules requiring consent to the use of cookies, the UK Department of Culture, Media and Sport (the DCMS) and the UK’s privacy regulator, the ICO, have released further guidance for businesses, both on the requirements of the new rules and how they are expected to be enforced.

In terms of the UK’s revised Privacy

Last week we posted about the fast approaching May 26 deadline for member state implementation of the EU’s revised Privacy and Electronic Communications Directive concerning cookies on web sites. We noted the relative absence of final (if any) guidance from EU jurisdictions on the approach to be taken in their respective implementations.  On Monday, the UK’s privacy regulator, the Information Commissioner’s Office (commonly called the ICO), provided some official guidance. As expected, the official advice confirms the strict position set

Thumbnail image for iStock_Lock.jpgThe American Institute of Certified Public Accountants (“AICPA”) Statement of Auditing Standard No. 70, or SAS 70 as it is more commonly known, has been with us since April 1992. On 15 June 2011, it will effectively be replaced by two new standards: (i) a reporting standard for service organisations, the “Statement on Standards for Attestation Engagements No. 16” (or SSAE 16 as it will no doubt be referred to); and (ii) an audit standard for customers of