secretos_empresariales

Trade secrets and data protection – Part 2

by BlogData protection

Last November we published the first part on trade secrets and data protection. In this post, we introduced the subject by explaining trade secrets and the law that protects them. Today we are going to finish exploring the topic and shed some more light on it. Let’s go!

What is a violation of secrets?

A violation of trade secrets is considered to be when a person or entity accesses a company’s confidential information without authorisation and uses it to obtain economic benefits or competitive advantages.

This can range from disclosing confidential information to third parties, using trade secrets to directly compete with the company, or even misappropriating confidential information to sell it to another company.

Steps to protect your trade secrets

When guaranteeing the protection of trade secrets, a series of steps should be followed, such as those indicated below:

1.Establish confidentiality agreements

Establishing confidentiality agreements with employees and third parties (suppliers) is key to maintaining internal order and, if necessary, taking legal measures to penalise misuse of the company’s confidential information.

2. Control access

Many companies take into account the physical security of data, but nowadays most of that data is found in the digital framework.  For this reason, companies must incorporate relevant protection measures in an increasingly digital world.

3. Define confidential information

When establishing a confidentiality agreement, it is necessary to regulate what is considered confidential information in a company. To do so, a thorough analysis must be carried out that identifies the secrets and associated risks.

4. Provide training

Training is also essential to avoid data breaches to the outside. Therefore, employees must be trained on how to handle the company’s data.

5. Make special protective equipment

It is important to delegate certain responsibilities to a security and data protection officer. This person will therefore be responsible for ensuring said protection.

6. Continue making progress

Many companies focus on data protection when it is already too late. It is important to start working on this immediately and continue to add projects and all types of actions to ensure the full protection of data. In terms of data protection, this is known as proactive responsibility.

7. Make protection the priority 

Cyber threats are currently a significant problem at the business level. That is why taking action tomorrow is not good enough; data protection on the Internet must be handled straight away. Failing to do so, companies will jeopardise their finances and their reputation.

This is key; protecting trade secrets in a company is not only a preventive measure, but also a measure of future success. If you have questions or wish to know more about any of this information, do not hesitate to contact us. At Bacaria we can advise you.

proteccion_Datos_compras_navidad

8 tips to protect your data as you do your Christmas shopping

by BlogData protection

During times like the Christmas season, cybercriminals double down on their attacks to steal our personal data. Tailoring their messages and gimmicks to activities related to shopping. Many Christmas purchases are made online, whether due to lack of time or because of the listed price, and this can pose certain risks to privacy and data protection.

Personal data can be used to scam us, access our bank account and carry out other fraudulent activities. Cybercriminals are able to do so by adapting their messages to each time of the year or to the current season, such as Christmas and holiday shopping, to capture our attention and steal our data. In today’s post we help you identify these scams and give you some advice to prevent these and other risks to your privacy. Lear to protect your data today.

Tips to protect your data when making your online Christmas purchases

  1. Do not open emails with links that ask for personal information

How many times have you received one of these emails pretending to your bank? Surely tons of them. Although we are all aware of these types of scams, you may sometimes get “stung” by them when you are not paying attention or when stressed. We are all very busy with our jobs, commitments with family and friends, and thousands of other concerns.

No matter what happens, always follow this tip: never answer this kind of email. No bank asks for personal information, bank details or passwords in an email, and even less so by sending a link that you have to click.

Beware of all types of emails that try to scare you or that contain links to unbeatable exclusive offers that redirect you to websites asking for personal data. Contact the company through its official channels before clicking the link. And, when in doubt, do not click the link: visit the company’s website yourself by entering the address in the browser.

  1. Pay attention to the cookie banner of the online services you access, and only accept the data processing you consider appropriate

  1. Be careful with SMS messages and other messages on WhatsApp, Telegram and other instant messaging services

Another widespread practice among cybercriminals that you have surely been a victim to on more than one occasion is receiving an SMS from a courier company saying that your shipment is on its way. And you’re not expecting anything, right?

In any case, whether you are waiting for an order or not, at Christmas time it is uncommon for one to neither expect a gift nor get something for themselves. Nevertheless, we still offer the same advice. Never respond to these types of messages, whether you are expecting something or not.

This type of technique is called smishing and it is often used together with great offers or courier shipments during sales or the Christmas shopping season. In addition to SMS, it also uses other instant messaging services such as WhatsApp, Telegram, etc.

  1. Buy from official and trusted online stores

Review both the privacy policy and the legal notice to find out who is responsible for processing your personal data.

  1. Avoid connecting to public Wi-Fi networks

Have you already used up all your data and cannot wait to get home to buy that Christmas gift? It can wait, it can definitely wait. Do not be tempted to connect to a public Wi-Fi network to make online purchases, it may be hacked and a cybercriminal will make purchases for you.

  1. Review the privacy and security settings of your devices regularly

  2. Consider making your online purchases with a card that you only use for that purpose

  3. Use different passwords for each Internet service. You can use a password manager to help you.

 

 

 

secretos_empresariales_proteccion de datos

Trade secrets and data protection – Part 1

by BlogData protection

A company’s data is one of its most valuable assets. And information is power. Today we are going to discuss trade secrets and the Law on Trade Secrets, shedding some light on the topic and addressing the protection of data they generate.

Defining trade secrets

Trade secrets are confidential information with economic value for a company and they can be used to gain competitive advantage in the market.

The definition given by the Law on Trade Secrets (LSE) is very broad, whereby a trade secret is considered to be any information or knowledge, including technological, scientific, industrial, commercial, organisational or financial knowledge. It can include designs, formulas, processes, business strategies, customer lists and much more.

To be protected as a trade secret, the knowledge or information must be secret, meaning that it is only known by a limited number of people and it cannot be deduced by industry experts through observation or reverse engineering.

Law that protects secrets

The Law on Trade Secrets aims to protect and guarantee the confidentiality of business information that has economic value and is kept secret by the company. This law states that trade secret is considered to be all information that:

1. Has business and economic value.
2. Is not in the public domain.
3. Has been established only for employees or owners of the company, having sufficient protection measures.

The LSE will only apply when it can be proven that the company has adopted specific measures to reinforce the security of the information or knowledge to be protected. In particular, the protection of companies must be based on the following pillars:

– Identification of information or knowledge considered to be sensitive.
– Adoption of security measures that guarantee security.
– Preventive legal measures such as the signing of confidentiality agreements.
– Reactive measures such as the implementation of action protocols when a violation of security measures is detected.

The Law on Trade Secrets states that the unauthorised disclosure, collection and use of information related to trade secrets will be considered a crime.

In the event of trade secret violation, the company affected may sue the offender and seek an injunction, as well as compensation for damages incurred. Ultimately, the purpose of this law is to protect companies against the violation of their confidential information and ensure the right to maintain trade secret confidentiality.

This is the end of the first part; in future posts we will discuss trade secret violations from a practical perspective.

nueva_ley_general_telecomunicaciones

New General Telecommunications Law

by BlogData protection

How many times a week do you receive calls from operators offering you a TV in exchange for contracting a service? Too many, right? Daily and annoying situations like these will soon be regulated thanks to the New General Telecommunications Law. That, in addition to encouraging investment by operators, mainly focuses on improving user protection.

Today we will tell you about the main amendments proposed by this new Bill which will affect both operators and users. Let’s go!

Main amendments

Operators

A more suitable framework is created to make investments to deploy new generation networks. Thus making it possible to offer innovative services that are more technologically suited to the needs of the people.

It establishes that when the Telecommunications Market Commission imposes obligations and conditions for access to the networks. It must take into account the investment risk of the operators.

A more effective and efficient use of the radio spectrum is promoted through generalisation of the principles of technological neutrality (use of any technology) and service neutrality (provision of any service).

With regards to designating an operator to provide the universal service, a bidding mechanism is established where, until now, this mechanism was only used if several parties showed an interest after a consultation process.

Furthermore, operators that make their network available to other entities in order to produce radio broadcasts must verify, prior to the start of said broadcasts, that these entities have the corresponding licence for the radio public domain. This represents an important measure to prevent illegal radio and television broadcasts.

Users

The amendments introduced reinforce the rights of users and their protection. Thus, it is established that end users shall have the right to receive more information about the characteristics and conditions of service provision and about the quality with which said services are provided (prices, offer limitations, etc.).

Personal data is also protected more effectively. For example, data protection regulations apply to data obtained from commercial product labels by means of identification devices that use the radio spectrum (RFID). Moreover, it sets forth that additional information must be given to the user about the computer files or programs (“cookies”) that are stored on computers and other devices used to access the Internet with the purpose of facilitating web browsing.

The new regulation states that changing an operator while maintaining the number (portability) must be carried out within one business day. Likewise, it improves access to services for people with disabilities or with special social needs, stipulating that it must be in conditions equivalent to the conditions that apply to all other users.

In summary

What changes with the new General Telecommunications Law?

Companies may not call users for commercial purposes without prior consent.

What happens if a telephone operator calls me outside the established time frame?

Basically n the framework of the Consumer and User Protection Act, failure to comply with this regulation shall lead to the opening of disciplinary proceedings. It also opens up the possibility of filing a claim with the Spanish Data Protection Agency which, depending on the seriousness, recidivism, affected users, etc., could impose a penalty”.

This main rule regulates the sector of electronic communications networks and services in a uniform and comprehensive manner. Audiovisual communication services and Information Society services are excluded from this regulation.

 

salud_mental_internet

Protocol to support measures that promote mental health on the Internet

by BlogData protection

Last February, the Spanish Data Protection Agency (AEPD) designed a General Action Protocol to support measures that promote mental health on the Internet.

This protocol aims to contribute to increasing the effectiveness of measures offering assistance to affected people in the event that their data has been obtained illegally through the Internet. It especially focuses on cases of digital violence against women, minors and other vulnerable groups.

What is the protocol of measures to promote mental health on the Internet

The protocol states that the AEPD and the General Psychology Council of Spain (COP) will cooperate in carrying out outreach activities focused on promoting AEPD’s materials, tools and resources to achieve the purpose of this protocol.

Moreover, at the request of the AEPD, the COP will collaborate in activities related to the aims of this protocol. In which its participation can offer a special added value. This is the case of the Priority Channel or the tools on gender equality and the fight against gender violence.

The ‘Priority Channel’ makes it possible to request the immediate removal of sexual or violent content published on the Internet without the consent of those who appear. It is a tool that offers a quick response in exceptionally sensitive situations. This includes situations involving the dissemination of sexual or violent content.

Additionally, a route is established in which the complaints received are analysed as a matter of priority. Allowing the Agency, as an independent authority, to adopt any urgent measures that may be necessary to prevent this content from continuing to be published. The AEPD will support training and awareness in matters of privacy and the protection of personal data of members of the Official Psychological Associations through its Council.  Furthermore, it will institutionally support the COP.

Both institutions will jointly work together to organise forums, workshops, conferences, seminars and informative breakfasts. As well as any other dissemination and awareness action such as press releases. Blogs or publications on social media regarding matters covered by this Protocol. In addition to carrying out related studies and publications of interest.

It is a protocol that we at Bacaria Legal believe is essential to be able to respond to this type of situation that is generated in the digital environment.

CHAT_GPT_OPENAI

ChatGPT and its impact on data protection

by BlogData protection

ChatGPT is an OPEN AI product that is considered to be the most important Artificial Intelligence development in recent years. It is a trained language model (Generative Pre-trained Transformer) that provides coherent and natural responses to questions and text commands. It is mainly characterised by its ability to offer coherent answers to complex questions and its rapid learning and improvement in performance.

Its primary tasks include the following: translating languages, writing songs, writing blog posts, creating cooking recipes, answering research questions, generating code, and it has even passed university exams.

How does it work?

When given text input, it uses its GPT model to analyse the meaning and context of the input and generate a coherent response. Moreover, ChatGPT uses its prior knowledge and ability to continuously learn to improve its performance and provide more accurate and relevant answers to user questions.

How do I use it?

First, you must visit the Open AI website https://openai.com/ and register. Once the registration process is complete, you can get started with your free trial. But please keep in mind that you will need a paid subscription to access all of the product’s features.

At Bacaria, we recommend that you review its policies at https://openai.com/policies/usage-policies before using it.

 

How does ChatGPT affect Data Protection?

Is important to note that ChatGPT itself does not collect personal data. However, if the user enters it in the chat, the product processes it and generates responses based on the user’s information. It can also access the IP address, as well as the browser type and settings, mainly for security purposes.

Also it is advisable not to enter personal, confidential or sensitive data, since the team responsible for developing and maintaining ChatGPT may review conversations to improve the systems and for quality purposes.

Furthermore, OPEN AI ensures that computer security measures are used, such as data encryption, limited access to servers and the regular deletion of user data to avoid any risk of exposure and vulnerabilities.

What should I bear in mind in terms of data protection if I want to implement a ChatGPT chatbot at my company?

Said company, as the data controller of the data processed through the ChatGPT chatbot, must take into account the following implications:

  1. Identify the processing of personal data that will be carried out with ChatGPT in its Record of processing activities.
  2. Use one of the lawful bases set forth in Article 6 of the GDPR.
  3. Fulfil the duty to clearly and simply inform the interested party/user of the chatbot about the processing of their data.
  4. In the event that the ChatGPT chatbot is provided by a service provider, a data processing agreement must be signed. Alternatively, if it is implemented directly by the company, a processing agreement must be signed with OPEN AI, and to do so, you must contact them via the email provided on their website, stating that you need to sign said data processing agreement.
  5. Perform a Data Protection Impact Assessment to analyse the features of the ChatGPT chatbot, how personal data is collected and used, the impact on rights and freedoms, and which measures will be taken to protect personal data and mitigate privacy risks.

In summary, it is evident that the use of this type of technology can entail a risk to privacy, which is why the provisions of the Data Protection Regulation and other complementary regulations must be taken into account. At Bacaria, we have a team specialised in Artificial Intelligence and privacy and we will be happy to assist you.