Data & It Law Week, vol. 34: non-profit organisations and data breaches, non-lawyers and law firms, UK Big Data report
Data breaches and non-profit organisations
Non-profit organisations may be a target of a data breach too. An interesting article at JDSupra focuses on legal issues and risks that non-profit organisations must take into consideration.
4 most important risks are:
– financial costs of a breach
– reputational damage
– government “fine”-tuning
– more privacy/data security lawsuits
The rest of the article deals with the stakeholders and ideas, how to tackle these risks.
Should non-lawyers own law firms?
The author addresses a recent recommendation of Canadian Bar Association, in which CBA supported the idea that non-lawyers might be able to own law firms. This perspective is in contrast with the policy in US, for example as presented by Texas State Bar. It said that “a Texas law firm may not use “officer or principal” in job titles for non-lawyer employees or pay profit-based performance bonuses.”
The author argues, that: “If do you choose a lawyer to lead your law firm then make sure that the lawyer gets solid training in leadership and management. Practicing law is not a qualification to lead. Running a law firm as a sustainable business requires different training, experience, and mindset.”
First EU Big Data Report
Recently, Information Commissioner’s Office had released a comprehensive report on Big Data and Data Protection. It represents the first big data guidance prepared by European Data Protection Authority.
Some interesting findings from the report:
– A key requirement of data protection is fairness in processing
– Big data processing must satisfy one of the conditions / grounds for processing, such as “legitimate interest” or consent.
– Individuals need to be made aware if their personal data is being repurposed to perform big data analytics.
– Organizations must consider and provide information security measures to protect big data based on a proper assessment of the risks, though big data also may be a tool used to improve security.
– Done correctly, anonymization may be an appropriate privacy protection tool in the context of big data.