The Hong Kong Personal Data Protection Authority (PCPD) has published a guide for organisations on how to handle data breaches and how to report data breaches.

The guide covers the most common types of data breaches in Hong Kong, how the data breach process should be handled step by step, and to whom, when and how data breach notifications should be made.

CNIL, the French data protection authority, has fined SAF LOGISTICS, an air freight forwarder headquartered in China, €200,000. The reasons for the fine were excessive data collection by the company, non-compliance with the prohibition on processing sensitive personal data, convictions and personal data relating to criminal offences, and insufficient cooperation with the CNIL services.

In this context, 

• The principle of data minimisation in Article 5,
• Article 9 on the processing of sensitive personal data,
• Article 10 on the processing of data relating to convictions and criminal offences,
• Article 31 on cooperation with supervisory authorities

of the GDPR has been infringed.

The Irish Data Protection Authority (DPC) has published a summary of 126 decisions, covering the first five years of the GDPR. The summarised decisions cover topics such as complaints about data subject access requests, the accuracy principle, data breach notifications, the right to be forgotten (right to erasure), transparency and purpose limitation while processing personal data.

The US Federal Trade Commission (FTC) has fined 1Health.io, a provider of ancillary solutions to genetic testing companies, $75,000 for storing users' sensitive information on public data servers, failing to keep promises about the security and destruction of DNA results, changing its privacy policy, and failing to obtain users' consent.
 
It also ordered the company to instruct laboratories to destroy DNA samples held in third-party laboratories within 180 days.

The ICO has fined 5 different companies a total of £590,000 for making 1.9 million marketing calls to elderly and vulnerable people.

This decision is aimed at preventing marketing calls, which are usually made to elderly and vulnerable people in order to reach them and insure their various household goods. Andy Curry, the ICO's Investigations Manager, said: "We are working to protect these people who are seen as easy prey.