Often SaaS suppliers or SaaS customers anonymise personal data for use in statistical or marketing information but are unaware that by using such anonymised data they could be breaching the Data Protection Act 1998 (DPA). The Information Commissioner’s Office (ICO) has recently confirmed that anonymised personal data may be disclosed without the consent of the data subject, provided that the anonymised data when linked with other information will not lead to the identification of an individual.
Continue readingCategory: Data Protection
SaaS Agreements – Data Protection – The UK Patriot Act
Recently SaaS suppliers have seen a marked increase in EU customers raising concerns about disclosure of their data to US law enforcement authorities under the Patriot Act – an American anti-terrorism law – particularly where the SaaS supplier has a parent company in the USA or data is being hosted or processed in the USA. Now to add to your problems, the UK Government plans to introduce its own “Patriot Act” type law in the near future.
Continue readingSaaS Agreements – Patriot Act – Renewed Customer Concerns
Recently SaaS suppliers have seen a marked increase in EU customers raising concerns about disclosure of their data to US law enforcement authorities under the Patriot Act – an American anti-terrorism law – particularly where the SaaS supplier has a parent company in the USA or data is being hosted or processed in the USA.
Continue readingSaaS Agreements – Data Protection – New Proposed EU Rules – Part 2
On the 25th of January 2012 the European Commission published a proposal for a new Data Protection Regulation to replace the existing EU Data Protection Directive. The proposal sets out a general data protection framework aimed at unifying the current differing data protection rules in the EU. Following on from my first article – part 1, I have summarised the remainder of the major changes this will make to EU data protection law below.
Continue readingSaaS Agreements – Data Protection – New Proposed EU Rules – Part 1
On the 25th of January 2012 the European Commission published a proposal for a new Data Protection Regulation to replace the existing EU Data Protection Directive. The proposal sets out a general data protection framework aimed at unifying the current differing data protection rules in the EU. I have summarised the major changes this will make to EU data protection law in two articles, part 1 of which is set out below.
Continue readingSaaS Agreements – Data Protection – Data Stored in the USA
SaaS suppliers who use data centres physically located in the USA to store or process data should be aware of a recent US Court of Appeals ruling that the Electronic Communications Privacy Act (ECPA) – an American law – protects the data of non-USA citizens when their data is stored on servers in the USA.
Continue readingSaaS Agreements – Data Protection – Google Analytics in Germany
If your website uses Google analytics and you provide SaaS services to customers based in Germany you are now required to provide specific information to users in order to comply with recent changes to German data protection law. Google Analytics and German Data Protection Google analytics collects statistics about website users by „tracking” an individual’s use of a website. This information is then made available to website operators free of charge. Following an agreement between Google and the German data protection authorities it is now the responsibility of the operators
Continue readingSaaS Agreements – E-Discovery
As a SaaS supplier you may be ordered by a court as part of a litigation process to identify and disclose physical documents and electronically stored information (e-discovery). This creates problems for SaaS suppliers on a number of levels.
Continue readingSaaS Agreements – Data Protection – Binding Corporate Rules
What are Binding Corporate Rules?
BCR’s are a set of rules adopted within a particular company or corporate group that provide legally binding protections for data processing within the company or group to cover global data transfers.
Continue readingSaaS Agreements – Data Protection – Further Fines by Data Commissioner
On the 8th of February 2011 Ealing and Hounslow Councils were fined £80,000 and £70,000 respectively by the Data Commissioner for serious breaches of the Data Protection Act (DPA) following the theft of two laptops from the house of an employee of Ealing Council.
Continue reading