Have your company named its Data Protection Officer (DPO)? I realize that many companies are in a quandary on who to pick as the DPO. The Data Protection Act, as well as the National Privacy Commission’s (NPC) Advisory No. 2017-01 on the designation of Data Protection Officers, describes the responsibilities of the DPO but only specifies general qualifications for the job (i.e., “expertise in the relevant privacy or data protection policies and practices”). “Should the DPO be

This is the question that is at the crux of a pending case before the European Court of Justice. The case was a referral to the ECJ from the Supreme Court of Ireland, which asked for guidance to resolve the question. The case stemmed from a request of a student to view his exam answers after failing the exam. The school refused. The student filed a case but his claim was not supported by the Data Protection Commission of Ireland, saying that the answers were not personal data

Last week, I attended a primer on compliance with the Data Privacy Act. The organizers joined representatives from the National Privacy Commission in giving presentations and answering questions from the attendees. Here’s a quick run-down of my notes: The introduction to the DPA included a discussion on the actors under the DPA. I thought this was a useful approach since the law was presented in a manner that is simple and a bit easier to understand. One lawyer presented the