Topic: Regulatory response

Subscribe to Regulatory response RSS feed

UK data protection after Brexit – UK government Statement of Intent contains few surprises

On the 7th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill). The Statement anticipates the UK’s departure from the EU and makes … Continue reading

US Senators introduce IoT cybersecurity bill

Data Protection Report - Norton Rose FulbrightOn August 1, 2017, US Senators unveiled a bipartisan bill to mandate baseline cybersecurity requirements for internet connected devices purchased by the federal government. Recent attacks demonstrate that connected devices, which make up the Internet of Things (“IoT”), can paralyze websites, networks, and even components of critical infrastructure. The draft bill, introduced by a bipartisan … Continue reading

US Coast Guard Releases Draft Cybersecurity Guidelines

Data Protection Report - Norton Rose FulbrightOn July 11, 2017, the US Coast Guard (USCG) and the Department of Homeland Security (DHS) proposed new cybersecurity draft guidelines for Maritime Transportation Security Act (MTSA) regulated facilities. The guidelines follow the White House’s May 2017 Executive Order to strengthen the cybersecurity of critical infrastructure. The draft guidelines are open for public comment until … Continue reading

China Seeks Comment on Draft Regulation on Critical Information Infrastructure

On 10 July 2017 the Cyberspace Administration of China (CAC) issued a draft Regulation on the Protection of Critical Information Infrastructure (CII Regulation) for public comment. The comment period ends on 10 August 2017. This long-anticipated regulation, formulated pursuant to Article 31 of the Cyber Security Law of China (Cyber Security Law), is a key … Continue reading

The Privacy Implications of Autonomous Vehicles

This is the first of a two-part series discussing the privacy and security issues associated with the widespread use of automated vehicle technology.  This first post focuses on potential privacy issues, while the second post – coming soon – will address security issues. Background As the development and testing of self-driving car technology has progressed, the … Continue reading

Singapore – Comprehensive Cyber Bill Published For Consultation

Data Protection Report - Norton Rose FulbrightOverview: On 10 July 2017, the Singapore Government unveiled its draft Cybersecurity Bill (the Bill) and announced a public consultation to seek views and comments from the industry and members of public. The public consultation runs from 10 July to 3 August 2017.This Bill comes on the back of various moves by the Singapore Government … Continue reading

Colorado Division of Securities Adopts Final Cybersecurity Rule

Broker-dealers and investment advisers in Colorado will soon be required to comply with new rules designed to protect the electronic information they collect and maintain.  On May 19, 2017, the Colorado Division of Securities adopted final cybersecurity rules under the Colorado Securities Act.  In addition to requiring written procedures that are “reasonably designed to ensure … Continue reading

Target Resolves State Attorney Generals’ Investigation

Data Protection Report - Norton Rose FulbrightOn May 23, 2017, it was announced that Target Corporation had settled the investigation initiated by the Attorneys General[1] of 47 states and the District of Columbia resulting from its 2013 data security incident.  Besides the $18.5 million being paid (the largest State AG data breach settlement amount to date), it is the promised remedial … Continue reading

China Amends Draft Regulation on Cross-Border Data Transfer

Data Protection Report - Norton Rose FulbrightWe have just received a revised draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (Measures).  Here we outline the changes made to the draft Measures first issued on 11 April 2017 for public comment (see our previous briefing and blog post here). The revised draft is … Continue reading

Hong Kong: SFC consults on proposed measures to improve cyber security for internet trading of securities in Hong Kong

A two-month consultation on proposed measures to reduce and mitigate cyber security risks associated with internet trading of securities in Hong Kong (the Consultation) was launched on 8 May 2017 by the Securities and Futures Commission (the SFC). The Consultation follows a recent review by the SFC of resilience of brokers in Hong Kong to … Continue reading

White House Issues Cybersecurity Order

Data Protection Report - Norton Rose FulbrightOn May 11th, 2017, the White House released an executive order on strengthening the cybersecurity of federal networks and critical infrastructure (the “Order”).  The Order marks the administration’s first successful effort to address cybersecurity, after an earlier draft executive order on cybersecurity was postponed in January. The Order is divided into three substantive sections covering … Continue reading

Cross-border data transfers: China issues new measures to strengthen data localisation

The Cyberspace Administration of China (CAC) issued draft measures for implementing the data localisation provisions under the Cybersecurity Law of China (Cybersecurity Law) and the National Security Law of China on 11 April 2017. The draft regulations are open for public comment until 11 May 2017.… Continue reading

UK Information Commissioner Updates Paper on Big Data, Artificial Intelligence, Machine Learning, and Data Protection

Data Protection Report - Norton Rose FulbrightOn 1 March 2017, the UK Information Commissioner’s Office (ICO) published a paper on big data, artificial intelligence, machine learning and data protection (replacing its early paper published in 2014). Although the paper is described as a “discussion paper”, it makes a number of recommendations that those involved in big data projects would be well … Continue reading

UK Information Commissioner Publishes Draft GDPR Consent Guidance

Data Protection Report - Norton Rose FulbrightOn March 2, 2017, the UK Information Commissioner’s Office (ICO) published its draft General Data Protection Regulation (GDPR) consent guidance, and called for comments on the guidance. The consultation is open until March 31, 2017. The ICO will issue final guidance in May 2017. The guidance is detailed, and references the various GDPR Articles and … Continue reading

New York’s financial sector cybersecurity rules take effect

Data Protection Report - Norton Rose FulbrightOn March 1, 2017, a comprehensive set of new cybersecurity rules adopted by the New York Department of Financial Services (DFS) took effect.  The rules require banks, insurers and other entities regulated by DFS to implement a number of specific cybersecurity controls to protect not only personal information but any business information that would cause … Continue reading

US Government Contractors Now Required to Train Employees on Privacy

Data Protection Report - Norton Rose FulbrightEffective January 19, 2017,  an update to the Federal Acquisition Regulation (FAR) will require certain contractors that provide services to the federal government to train their employees on privacy.  New contracts into which the federal government enters with contractors will include privacy training requirements. In addition, the rule requires contractors to flow down privacy training … Continue reading

European Commission Publishes Proposal for the New e-Privacy Regulation

Data Protection Report - Norton Rose FulbrightOn 10 January 2017, the European Commission published the official proposal of the revised e-Privacy Regulation, which amends the current e-Privacy Directive. Many of the alarming changes that were included in the leaked December draft of the Regulation, which we covered, have been changed, resulting in a practical set of rules that align with the … Continue reading

EU Data Package Highlights Connections between Data Protection and the Digital Single Market

Data Protection Report - Norton Rose FulbrightOn January 10, 2017, the EU Commission published a package of documents on the EU’s data economy strategy, including e-privacy, data protection and the “European Data Economy.” The Commission documents,  published in the context of the Commission’s digital single market (“DSM”) initiative announced in May 2015, illustrate again the strong links between the EU’s digital … Continue reading

FDA issues final guidance on postmarket medical device cybersecurity

Data Protection Report - Norton Rose FulbrightOn December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices.  The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA.… Continue reading

Article 29 Working Party Releases GDPR Implementation Guidance

Data Protection Report - Norton Rose FulbrightOn 15 December 2016, the Article 29 Working Party (WP29) issued guidelines and FAQs on the provisions in the General Data Protection Regulation (the GDPR) relating to data portability (Guidelines / FAQs), data protection officers (Guidelines / FAQs), and the lead supervisory authority (Guidelines / FAQs). WP29 will accept comments on these guidelines until the … Continue reading

Leaked Draft of ePrivacy Regulation Published

Data Protection Report - Norton Rose FulbrightEarlier this week, the first draft of the EU’s ePrivacy Regulation was leaked. ePrivacy laws in Europe aim to protect the right to privacy and confidentiality with respect to the processing of personal data in the electronic communications sector (e.g., relating to cookie usage and online direct marketing). The leaked draft is intended to bring the … Continue reading

US Commission on Enhancing National Cybersecurity: Action Plan for the President-Elect

Data Protection Report - Norton Rose FulbrightThe US Commission on Enhancing National Cybersecurity, a nonpartisan group established by President Obama in early 2016, released its final report on December 1, 2016. The report provides an in-depth view of cybersecurity challenges facing the digital economy, and provides a roadmap for addressing those challenges. For some issues, the Commission recommends that the next … Continue reading
LexBlog