On February 21, 2024, President Biden signed an Executive Order and issued several federal rules aimed at improving the cybersecurity of U.S. ports and maritime supply chains. The measures introduce new cybersecurity requirements and standards for stakeholders of the U.S. Marine Transportation System (MTS) and increase the authority of the U.S. Coast Guard in its … Continue reading
In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading
On October 5, the Minister of Innovation, Science and Industry (ISED) wrote a letter to the Standing Committee on Industry and Technology proposing amendments to Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022. Further information on AIDA can be found in our previous update. The letter … Continue reading
On September 27, the Minister of Innovation, Science and Industry released a voluntary code of conduct specific to generative AI. This GenAI code follows the proposed Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. Beyond risk mitigation, … Continue reading
On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security … Continue reading
On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here), but include some changes. NYDFS included comments on the proposed … Continue reading
Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Requirements Approved on October 27, 2023 by a 3-0 vote by the Commission after a public comment period, the amendment requires non-banking financial … Continue reading
Norton Rose Fulbright Canada invites you to our annual technology, privacy and cybersecurity virtual summit. Navigating the evolving world of technology is not easy for companies today. From AI to effective company records management, privacy considerations, and cybersecurity breaches, there’s a lot to consider as businesses work to maximize operational effectiveness and minimize risk. Join … Continue reading
Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading
As data breaches and cyber attacks continue to surge and attackers become more sophisticated, organisations are well aware that the need for robust data security measures is becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a Guidance Note on Data Security Measures for Information … Continue reading
The Attorney General’s Department released its Privacy Act Review report on 16 February 2023, that includes the broad suite of reforms you would expect to bring Australia’s privacy laws in to line with both international standards and the reality of our data-based economy. These include enhanced data subject rights and increased accountability requirements for organisations collecting and … Continue reading
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading
A ”bring your own device” (BYOD) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities.[1] While the BYOD approach … Continue reading
Late December and early January tend to be a busy time for everyone, so you may have missed a privacy update or two during that time. We have set out some updates in the form of questions, with some links where you can find more information. Answers are below. 1. Colorado issued a revised draft … Continue reading
In three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading
Norton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading
The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks. AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading
On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here. NYDFS retained many of those earlier proposed changes, and made … Continue reading
Managing vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no control over a vendor’s security practices, it bears the ultimate responsibility for safeguarding its own … Continue reading
On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure … Continue reading
On October 21, 2022, the US Department of Health and Human Services, along with the FBI and the Cybersecurity Infrastructure and Security Agency (CISA), issued a bulletin warning that a cyber threat actor group known as “Daixin Team,” is actively targeting US businesses, predominantly in the healthcare and public health sectors, with ransomware and data … Continue reading
Major privacy law reform in Australia gathered pace this week, with newly tabled legislation proposing to significantly increase penalties for privacy breaches, among other reforms. Now is the time to start asking questions In preparation for these reforms, companies that collect and process personal information should be asking the following questions: Do we know what … Continue reading