Blog
French Data Protection Authority Announces Audit Priorities
Blog
May 3, 2012
The French data protection authority (CNIL) recently announced that this year it will conduct 450 investigations, focusing on current privacy developments including mobile privacy, data breaches, and health data. These investigations are part of an annual audit program conducted by CNIL. For mobile privacy, CNIL will focus its audit efforts on understanding how smartphones collect customer data (at point of sale, during phone usage, and through downloads and use of smartphone apps). For health data, CNIL will focus on how entities use the cloud to store such data. With respect to data breaches, CNIL noted that including investigations over data security in 2012 makes sense given the 1978 privacy law has been amended to require notification of data breaches for electronic communications providers (including ISPs).
TIP: Part of CNIL’s standard programs is to conduct industry audits. For companies operating in the mobile industry, or that have individuals’ data that merits protection (like financial account or health data) that are subject to French law, this announcement suggests they may be audited by CNIL. As always, it is important to keep compliance in mind, all the more so when potential audits are on the horizon.
This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.